Hello, I really need help.
I bought a Thawte Java Code Signing certificate (primarily to facilitate Connector.http API, which is restricted on some phones). I tested the signed midlet on 3 brand new devices, by installing it OTA (using JAD-JAR pair). The results are quite depressing.
Nokia6301 fails (with code "909 Application authentication failure"), Motorola MOT-E8 fails (909 Application authentication failure) and SonyEricsson TM506 fails (905 Attribute Mismatch). All 3 devices are from T-Mobile USA.
I know that both Nokia6301 and SE TM506 have Thawte Code Signing certificate installed (checked by going to "Security" section) and active. The time is current on these phones.
I have tested my certificate by signing an applet (using command line tools) - it works fine, showing me the company info, etc, in the browser when I launch the applet. I used NetBeans 6.0 IDE to sign the midlet (I also tried command line tools with the same result). There are no warnings or errors during the signing.
The SonyEricsson phone actually has a certificate "review" in the browser. I can see the certificate details, including the "fingerprint code" (it matches what I can print with keytool -v -list command). Still, I get 905 Error when it's done downloading the JAR file.
The Nokia6301 shows "Certificate not on phone or SIM" message. Which is different from SonyEricsson TM506 behavior.
The midlet installs successfully on both phones if I don't sign it. But it is untrusted then.
Here's the JAD (midlet/website names are modified):
MIDlet-Description: MyApp - light
What is it I am doing wrong? I tried removing Java obfuscation, removing optimization, setting the Securiy Domain to "trusted" in NetBeans IDE, all in vain. Exactly the same error.
I would greatly appreciate your help.