I have bits and pieces of information on this and I think its not very clear about what works and what does not.
My application has an unprotected UID and I have tried both self generated self signed builds as well as Developer signed builds on various S60 devices successfully.
Now, I am going for getting the app symbian signed and hence got myself a verisign publisher ID. Followed the popular method of exporting it to a pfx file then extracting cer and key files using the vs_pkcs tool and finally using carbide to sign the package using the extracted cer and key files. From exporting of pfx to signing I used no passwords.
The installation failed saying "certificate error: contact application provider".
What could be going wrong?