Tag Archives: certificate

Notes on Signing Keys for PhoneGap Build

As always, this site contains notes to myself which others may (or may not) find useful. They may contain errors. Corrections and clarification is gratefully accepted. I apologize that these notes are somewhat abbreviated.


The instructions on the Adobe PhoneGap Build web site don’t properly display on all platforms. The core information is as follows.

Google uses the Java keytool program, which creates a database of cryptographic keys & certificates. If you have Java installed, keytool should be available. The example command is as follows:

[code lang=”bash”]
$ keytool -genkey -v -keystore [keystorename].keystore -alias [aliasname] -keyalg RSA -keysize 2048 -validity 10000


iOS is more complicated. This requires access to an Apple machine running OS X.

The first step  is to ensure that your Keychain Access program has the latest root certificate. As of this writing (16 June 2016) it is AddTrust External CA Root with an expiration date of 30 May 2020 at 4:48:38 a.m. (I solved this with a web search.)

Create a Distribution Certificate

Next, log into your developer.apple.com account. From the top menu, go to your Account. On the left-hand vertical bar, select Certificates, IDs & Profiles. Create an iOS certificate with the type iOS Distribution.

Create a .p12 File

Download the certificate and load it into Keychain Access. (The certificate should have a submenu showing your private key. If it is not there, you can’t export it as a .p12 file.) Right click on the certificate and export it as a .p12 file.

Load Devices for “Ad Hoc” Testing

To bypass the Apple gatekeepers for testing, you need to specify the unique device IDs (UDID) for every iOS device that the app is allowed to run on. Those are listed under Devices on the left-hand side.

Create a Provisioning File

If you want to bypass the Apple gatekeepers for testing, you need to create a new iOS provisioning file with the type Ad Hoc under the Distribution heading. This will allow to choose the certificate, application ID, and the UDIDs to enable for testing.

If you’re to the point where you want to submit your app through the Apple store, create a provisioning file with the type App Store under the Distribution heading. You will not be given the choice of selecting specific UDIDs this turn.

Loading Keys in the PhoneGap Build Site

Lastly, log into the Adobe PhoneGap Build site and go to Edit Account. The second tab is Signing Keys. Under the appropriate OS, hit the add a key … button and upload your keystore (in the case of Android) or .p12 and provisioning files (in the case of iOS).

These keys should be ready to use for building your app.


Adding a GoDaddy SSL Certificate to Zimbra 7

I’ve struggled with getting a GoDaddy-issued SSL certificate installed into a new Zimbra instance for a client. Fortunately I used a virtual machine and was able to make snapshots of the VM along the way. Most of the struggle revolved around the fact that (1) GoDaddy makes the required files available in many versions and formats, and (2) the Zimbra documentation really sucks in this area.

Fortunately I found David McKay’s article How to Renew a GoDaddy Certificate on Zimbra. This gave me insight into which combination of files to use.

Zimbra Installation

  1. The Zimbra instance must install cleanly. My Zimbra installation notes are here.
  2. You must be able to view the Zimbra Certificates page without error. The page is found on the lower portion of the side bar.

The Certificate page in the Zimbra administrative panel.

Get the Certificate Files

  1. Use the Install Certificate button to create the CSR.
  2. Download the CSR.
  3. Paste the CSR into GoDaddy’s SSL certificate page.
  4. When downloading the certificate, there is a list of formats to choose from. Choose Apache.
  5. Also download GoDaddy’s root certificate file gd-class2-root.crt from their Repository page. As of this writing, this is the first file listed.

Installing the SSL Certificate

Back on the Zimbra Certificate page, click on Install Certificate button. You’ll be asked for several files.

  1. Certificate File: This is the new SSL certificate from the zip file. The default name is domain.crt.
  2. Root CA File: This is the file gd-class2-root.crt that you downloaded separately.
  3. Intermediate CA file: This is the file gd_bundle.crt found in the zip file.

This was the combination of files I was looking for but didn’t quite ever get right.

Store these files with backups.