How to Fix “Unable to Build a Valid Certificate Chain for the Signer” Error?

Fix Unable to build a valid certificate chain for the signer Error

Are you using a third-party CA code signing certificate to sign your Adobe Air application and getting the “Unable to Build a Valid Certificate Chain for the Signer” error?

Adobe Air signing certificates typically display this issue if an Intermediate CA Certificate is missing from the certificate chain.

In this article, we will examine how to fix the “Unable to Build a Valid Certificate Chain for the Signer” error. But first, let us understand what an intermediate CA certificate is.

What Is an Intermediate CA Certificate?

Certificate Authorities (CAs) generate an intermediate certificate, from which certificates are signed and issued, to increase the root certificate’s security. Users like you and me utilize code signing certificates provided by trustworthy third-party certificate authorities, and an Intermediate CA certificate is the subordinate certificate that these authorities issue.

The certificate will be trusted by all major browsers and systems with the aid of these intermediate certificates. Now that we have an understanding of the intermediate CA certificate let’s dive into the steps that will help us solve this error.

Steps to Solve Code Signing Error: “Unable to Build a Valid Certificate Chain for the Signer”

Here are the steps you need to do to create a valid certificate chain for the signer certificate. We have given these steps for the Mozilla Firefox browser.

Step 1: Certificate Chain Generation for the Signer Certificate

  • First, get the Cross Root Intermediate CA Certificate and the Code Signing Intermediate CA Certificate.
  • Once you’ve downloaded both files, save them as separate Notepad documents and append the “.cer” extension to each.
  • Now, access the certificate store using the Tools menu in the same browser you used to install the certificate and select “Options.”
  • Pick Privacy & Security from the menu on the left, then locate the Certificates section and select “View Certificates.
Privacy and Security Option Firefox
  • Click on the Authorities button in the Certificate Manager’s main window.
  • Locate the Import button and click it. Open the intermediate CA certificate that crosses root domains.
  • Import an Intermediate CA Certificate in the same way.
Certificate Manager Window Firefox

Step 2: Ensuring that the Certificate Chain for the Signer Is Built

  • Launch the Certificate Manager using the same version of Mozilla Firefox you used in the previous step. This time, though, instead of the Authorities tab, go to the Your Certificates tab.
Your Certificates Options Firefox
  • The Certificate you imported should appear in the list if everything went smoothly. It’s time to check the Certificate menu.
  • Click the View button when you’ve located the necessary certificate. There will be a window that says “Certificate Viewer” open up. To check if the Certificate Hierarchy is displaying the correct information, click the Details tab.
Certification Path Option From Exe File

Step 3: Exporting Certificate for the Signing Process

  • When you’ve finished the preceding procedures, you may return to the Mozilla Firefox browser’s Certificate Manager (certificate store) and click on the Your Certificates tab.
  • If you want to save the certificate to your computer, after selecting it, you may click the Backup option, give the file a name, and then store it wherever you choose.
  • Sign your Adobe Air program once you’ve finished backing up your data.

Now Let’s See How to do the same process Using Internet Options:

  • To verify the CA’s legitimacy, you should get a copy of its root certificate.
  • Locate the “.cer” file that was supplied by that CA after downloading the root certificate.
  • Click the Certificate option in the Content tab of Internet Options in the Control Panel. Pick an Intermediate Certification Authority tab there.
  • Import the “.cer” file you just downloaded by clicking the Import button.
  • Import your p12 certificate file by clicking Next on the Certificate Import Wizard. (Please use your password here.)
  • Select the following now: Select the Export check box to make this key exportable for backup purposes.
Private Key Protection
  • When the import is finished, navigate to Internet Options > Content > Certificates.
  • When you’re ready, click the Export button next to the relevant certificate and then the Next button.
  • Just click the appropriate radio button and select the option: Export the private key.
  • Click the radio button named Cryptographic Message Syntax Standard – PKCS #7 Certificates (.P7B). Don’t forget to checkmark the include all certificates in the chain of authentication if possible tickbox. Now select the Next option and input the certificate’s password.
  • Select a destination, give the file a name, then click “Export” to finish the process.
  • After this is done, you may go on to the next step, signing your Adobe Air application.

Wrapping Up

In conclusion, software writers frequently have the mistaken belief that the cause of this problem is a tainted or improperly generated digital certificate. However, this is not the case, and the majority of the time, it occurs because an intermediate certificate issued by the CAs is missing from the certificate chain. Take note: If you do not carry out the procedures outlined above when logged in as an administrator, there is a chance that they will not be successful.

Best Code Signing Certificates

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.