Well the problem with self-signed is other people cannot easily validate the signature. You are your own certificate authority(CA) in a simplistic sense. Were as purchasing one from a company that that hosts public CA's can more easily be verified by their root certificates.
Here for the Flex signatures, they sign them locally and host out the key to verify it on the apache servers. -Mark -----Original Message----- From: Subs [mailto:[email protected]] Sent: Tuesday, March 24, 2015 12:30 PM To: Apache Flex User Mailing List; Apache Flex Dev Mailing List Subject: security certificates Hi All, Wondering what kind of security certificates people are using for desktop and android? Are people creating self-signed certificates (eg: in FB) or purchasing 'official' ones? Google app store allows self-signed apps to be published; can i assume from that, that self-signed is 'secure' enough? Thanks, -- Lee Burrows ActionScripter
