After spending some agonizing hours in a world of x509 & al. (i.e. including but not limited to trying to generate e.g. correct root CA and codesigning certificates with the help of a openssl etc.) the solution turned out to be quite simple and obvious.
So...in order to get midlet a) signed and b) work correctly in 6600 (4.09.1) (as a trusted third party software) one might want to do this:
1) Create a RSA key with keytool like:
keytool -genkey -keyalg RSA .....
2) Self certificate the key:
keytool -selfcert .....
3) Export self certified key:
keytool -export -file some.cer .....
4) Send this some.cer to 6600 via e.g. bluetooth, save it and adjust trust settings
5) Use Sun's WTK...File --> Utilities --> Sign Midlet --> Import Key Pair...(from a keystore where you had just put your newly created certificate)
6) Sign your midlet with this certificate and download it via OTA to 6600 or send it via bluetooth (remember to send both jad and jar).
Summasummarum...after these operations user can give a permission for a midlet to use e.g. PushRegistry alarms so that firmware doesn't always request confirmation from an end user.
I spend hours on this dodgy problem without the final success.
I can make a CA authority, requests, key pairs etc. and I can install the certificate. But when I try to install the signed MIDlet on the 6600 there is alway a security error: Cannot find the root certificate (translated from german)
Seems like only random_john_doe and schnejan got this thing working with their own certificate's (or at all). Could you guys describe your process in more detail?
I also tried creating certificate and signing with 6600 (4.09.1), but got only "Authorisation failed" message while installing.
I was unable to get any "Authorisation failed" error message (no matter how hard I tried). Instead I was able to get "Installation security error. Unable to install" (or similar...dialog wasn't visible long enough to learn it by heart) _if_ sertificate that I had used to sign a midlet was not marked as "Application install sertificate". Tools -> Settings -> Security -> Certif. Management -> [my selfsigned sertificate] -> options -> Trust settings -> App. installation -> [change to yes].
I don't know how I could describe "process" in more detail without takin actual screenshots or command prompt log.
I followed the exact steps as you have described before, I could send my self made certificate to Nokia 6600, and sign my app using the same cert, when i do the OTA to my phone it says "Instalation failed, security error" as you have described. I have enable my certificate trust settings to application install along with internet. But still no success. I have got the 4.09.1 FW as well. It will be really a great great for people who are trying to sign a midlet and successfully install it. My company need to sign it as at the time of instalation the user sees "Do you want to install bla bla, It is untrusted", the user normally quit and never install it. It will be a great helf if you can post your self made certificate, the demo app you have signed and installed successfully(both jar and jad) on the internet. If you want webspace i would like to give you, If you have got spare time to help some unsuccessfull developer then please take some snapshot as well.
Last edited by manasmchex; 2006-01-06 at 16:33.
Reason: removed private email
IIRC I had some problems with my build environment which generated JAD and JAR files (along with whole software). If I had too long MIDlet-n line, that particular line was wrapped in manifest file...(similar effect occured for MIDlet-Permissions(-opt) lines too). Symptoms were that device (6600) didn't accept my application. I don't remember exact error message that phone threw to my face.
I would like to suggest that you start with _very_ simple midlet which has short name (class name) and e.g. only one permission listed in MIDlet-Permissions property and work your way up from there and try to figure out what causes your problems.
I don't have time (or to be honest: motivation :-) to write an example application with an example certificate. I think it should be a Forum Nokia staff members job...which brings to my mind a note from a recent whatever-its-name-was-document in forum nokia document space which said that list of root certificates in Nokia's devices are locked...Does anybody know if this current situation with 6600's 4.09.1 firmware is a temporary "malfunction" which shall be "fixed" in the forthcoming releases. Has anybody tested certificate installation with 7610?