×

Discussion Board

Results 1 to 7 of 7
  1. #1
    Regular Contributor
    Join Date
    Dec 2007
    Posts
    74

    j2me Code Signing: Self Signed Certificate VS Unknown Certificate VS No Certificate?

    Hello all,

    I have Developed a j2me Application which i want to digitally sign with a Certificate
    that i am going to buy from Verisign.The application is simply doing http/https connections.
    My questions are:
    (1) Which tool should i use? WTK 2.5.2 signing tools or something else like openssl?
    (2) In which Security domain should i include My certificate? identified_third_party or something else?

    Additionally lets say that the Phone in which i am going to install my application for some reason does NOT
    CONTAIN the appropriate ROOT Certificate from Verisign (in which belongs the certificate that i will buy)
    The (Crucial) Questions are:
    (A)What will happen if i will try to install my signed Midlet in a handset not containt Verisign Root Certificate?
    will be installed or no installation at all will take place?
    (B)What will happen if i sign my Midlet with one a "Self Signed" Certificate and install it to my Handset?

    Finally what must be my decision for Handsets that do not include the Appropriate Verisign ROOT Certificate?
    (a)Sign My Application with the Certificate that i will buy From Verisign?
    (b)Sign My Application a "Self Signed" Certificate?
    (c)Do not Sign the application at all?
    (d)Buy A second Certificate from another CA authrity ie thawte


    Please HELP!

    Thanks

    NiKolaos

  2. #2
    Nokia Developer Champion
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,192

    Re: j2me Code Signing: Self Signed Certificate VS Unknown Certificate VS No Certifica

    WTK should work fine, also Netbeans works. Make sure you get the correct certificate for MIDlet signing from VeriSign!

    A) If the corresponding authority certificate does not exist on the phone, the MIDlet will not be installed. This answers also B)

    The answer to the last questions is the signing really needed for your MIDlet. a) and b) are not options for you as there is no corresponding root certificate on the phone, so the MIDlet will not be installed.

    Hartti

  3. #3
    Regular Contributor
    Join Date
    Dec 2007
    Posts
    74

    Re: j2me Code Signing: Self Signed Certificate VS Unknown Certificate VS No Certifica

    hartti

    Thanks for your answer , was very helpful!

    but what about my question
    "(2) In which Security domain should i include My certificate? identified_third_party or something else?"

    Can you help?

    Thanks

    Nikolaos

  4. #4
    Regular Contributor
    Join Date
    Feb 2006
    Posts
    65

    Re: j2me Code Signing: Self Signed Certificate VS Unknown Certificate VS No Certifica

    The type of Certificate that you need to get depends on the Type of operations your application does.

    1. Does it use HTTP/HTTPS:
    2. Do you do any File Connection/ PIM.
    3. Network connections like SMS,MMS,etc

    For (1) a basic identified 3rd part is more than enough.
    I am not sure of the other 2 as it varies from operator to operator.
    AT&T has a set of levels so does T-Mobile. Please check your operator - developer website for more details
    Thanks and Regrads
    Pradeepcg

  5. #5
    Nokia Developer Champion
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,192

    Re: j2me Code Signing: Self Signed Certificate VS Unknown Certificate VS No Certifica

    Nikolaos, You cannot install a certificate for MIDlet signing on a device.

    Hartti

  6. #6
    Regular Contributor
    Join Date
    Sep 2008
    Location
    Ahmedabad
    Posts
    254

    Re: j2me Code Signing: Self Signed Certificate VS Unknown Certificate VS No Certifica

    Hi,

    If you want to sign midlet for http connections then it has to be trusted 3rd party domain. However for sending SMS its a bit difficult since it wont remove all the confirmation.

    Anyways for removing confirmation while accessing GPRS you can also set midlet to ask just once without even signing it. For doing this go to application manager then select your midlet and go to settings and change access network to ask first time.

    Hope this helps you out.
    Sunil
    Mobile Application Developer

  7. #7
    Regular Contributor
    Join Date
    Dec 2007
    Posts
    74

    Re: j2me Code Signing: Self Signed Certificate VS Unknown Certificate VS No Certifica

    Dear all,

    My application functionality is doing http/https connections.
    so i will be fine, BUT
    "I am not sure of the other 2 as it varies from operator to operator.
    AT&T has a set of levels so does T-Mobile. Please check your operator - developer website for more details"

    what is the connection of Midlet signing with the Operators?

    can you help?

    Thanks!
    Nikolaos

Similar Threads

  1. Which api's need the developer signing certificate
    By manojkumar.m in forum Symbian C++
    Replies: 2
    Last Post: 2008-10-31, 07:13
  2. Regarding Certificate and signing
    By sumanthm in forum Mobile Java General
    Replies: 1
    Last Post: 2008-06-04, 02:31
  3. Problem signing the full duplex example with private key and self signed certificate
    By totoroasis in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 6
    Last Post: 2007-07-04, 10:50
  4. Signing problems: certificate expires although it is still valid !!
    By cvraiden in forum Mobile Java Networking & Messaging & Security
    Replies: 1
    Last Post: 2007-02-26, 18:25
  5. Self-signed CA certificate
    By blackbuddha in forum Mobile Java Networking & Messaging & Security
    Replies: 6
    Last Post: 2006-07-25, 11:03

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •