×

Discussion Board

Results 1 to 8 of 8

Thread: Midlet sign

  1. #1
    Registered User
    Join Date
    Feb 2005
    Posts
    5

    Midlet sign

    I've followed some web guides to sign a midlet for a Nokia N95 but it does not work I dont know where is the error or if it is simply not possible in the way I'm trying to do it, the description of what I've done is:

    My phone does not accept the signed midlet with the CA installed the process is:

    Aplications:
    Sun Wireless Toolkit 2.5 (SWT 2.5) (tested with nokia tools and I find the same problems)
    OpenSSL

    Step 1) Set permissions in midlet to be signed (in jad file)
    Step 2) Create a CA certificate with openssl
    Step 3) Upload to the phone install and choose permisions for the CA certificate, i set permission on all possibilities, Internet, Aplications and VPN, so I trust for everything in this certificate.
    Now the problem (whatever I'm doing wrong starts)
    Step 4) Generate certificate signing request.
    With SWT 2.5 Sign Midlet Suite application I choose create a new pair, write an alias and I fill the form with OU, Country, etc.
    I'm requested about his security domain and choose identified_third_party
    Then generate a CSR.
    Copy to the linux machine with the generated CA and openssl.
    Step 5) Sign the certificate, I have do it with:
    openssl x509 -req -days 365 -in CSR_file -CA CA_certificate -CAkey CA_KeyFile -out SignedCertificate -CAserial ./serial
    I've tried to do in a different way too:
    openssl ca -config ./openssl.cnf -policy policy_anything -out SignedCertificate -infiles CSR_file
    And openssl.cnf has some properties like where is CA certificate and keys...
    Step 6) Import certificates CA and SignedCertificate in IE.
    Step 7) Export SignedCertificate certificate in p7b format choosing the option to export with all certificates in chain inside.
    Step 8) Choose in "SWT 2.5 sign midlet suite" import certificate, there are two options import trusted certificate indicating a new alias or replace certificate chain and choose one of the certificates.
    The first one can not sign the certificate because no private key is found, choosing the option to replace certificate chain for the alias the CSR was made can sign the Midlet, so I think this is the good one to import the p7b.
    Step 9) Sign the Midlet
    Step 10) Put in a webserver access from N95 mobile phone and then begin installationd and stops in a Error in certificate.

    Where is the problem?

    Best regards.

  2. #2
    Nokia Developer Champion
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,192

    Re: Midlet sign

    You cannot install your own certificate for MIDlet signing. You have to use one of the Java ME signing certificates pre-installed on the phone.

    Hartti

  3. #3
    Registered User
    Join Date
    Feb 2005
    Posts
    5

    Re: Midlet sign

    Are you sure?
    I have uploaded my CA certificate and now this certificate is on the list of CA of the phone, I can choose his security options etc. it's exactly equal than the original certificates of the phone.
    This is only for testing because a user of the application will not download and install a CA and make all the process for getting a midlet, he will get an application signed by a factory-know CA, but a developer can not install his own CA?

    And if not, how it's possible that I've uploaded my CA to the phone and it's now in the phone list of know CA?

    I'm not sure what you say because of this, please if you can confirm me it's not possible and tell me why is my CA installed in the phone like a factory default one.

    Best regards.

  4. #4
    Nokia Developer Champion
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,192

    Re: Midlet sign

    Yep, I am sure. This was possible on S60 2nd Edition phones due sw bug. Not possible on S60 3rd Edition (or 3rd Edition FP1) phones.

    Hartti

  5. #5
    Registered User
    Join Date
    Feb 2005
    Posts
    5

    Re: Midlet sign

    What a pity...
    Thanks for all.

  6. #6
    Registered User
    Join Date
    Apr 2007
    Posts
    15

    Re: Midlet sign

    for z80z80

    It's not a pity. It's illogical. Even commercially speaking.
    Personally I don't understand why they don't accept other CA if you install the CA certificate on the phone and the CA certificate is valid.
    But this is my personal opinion

    For hartti:

    At this point my doubt is:
    What if Verisign or Thawte chooses to revoke the CA certificate (security breach, political choice, commercial choice, someone wokeup some day and decided for it) and to issue a new CA certificate? Or what if both bankrupt? (ok, seeing their price for a bunch of bits, it is quite improbable, but not impossible)

    How is it possible do update the CA certificate?
    Not upgrading the entire firmware.

  7. #7
    Nokia Developer Champion
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,192

    Re: Midlet sign

    disklessbrain,

    I do not have an answer to this hypothetical question as I do not see that happening.

    Hartti

  8. #8
    Nokia Developer Champion
    Join Date
    Mar 2003
    Posts
    4,105
    disklessbrain, this rule is stated within the MIDP 2 recommendations, JTWI 175, MSA 248 and it looks like it is going into MIDP 3. We discussed this issue several times, here at Forum Nokia already, nevertheless, the correct way would be to comment (and convince) the JSR working group…

Similar Threads

  1. Sign MIDlet...The right steps
    By matteopiccioni in forum Mobile Java Networking & Messaging & Security
    Replies: 6
    Last Post: 2009-12-02, 15:31
  2. Sign a Midlet with Verisign
    By PeppeM2 in forum Mobile Java General
    Replies: 9
    Last Post: 2009-02-05, 11:01
  3. 技术文档:MIDP 2.0安全机制 与 MIDlet 数字签名
    By wotrust in forum [Archived] Other Programming Discussion 关于其他编程技术的讨论
    Replies: 0
    Last Post: 2006-12-30, 07:42
  4. Unable to Sign MIDlet with J2mePolish1.3-Beta3
    By kksidhu2002 in forum Mobile Java General
    Replies: 2
    Last Post: 2006-09-17, 01:58
  5. how to sign a midlet for testing purpose
    By PriyankaChaurishia123 in forum Mobile Java Tools & SDKs
    Replies: 4
    Last Post: 2006-02-21, 15:45

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •