×

Discussion Board

Results 1 to 4 of 4
  1. #1
    Registered User
    Join Date
    Aug 2008
    Posts
    1

    Post Unable to install a Midlet signed with a thawte Certificate

    I am developing a J2ME application that access Messaging ,Network and PIM information so my Modlet needs to be signed before I deploy it to the users.
    I purchased a Code Singing Certificate from Thawte saying that it is supported on many J2ME handsets.I signed my Midlet with that certificate using j2se the JadTool provided with the JadTool of the current Sun WTK .When I am trying to install the signed Midlet on my N72 , it shows the certificate is issued from Thawte for our Company (Pivot Access),and then after it says "Unable to verify the certificate , installation failed".This really sucks since I bought the certificate for 300 USD .I verified that my phone has a Thawte root certificate, so I don't know what is wrong with this signing.My application normally works with a development certificate on Motorola Handsets and the unsigned version is installed well.

    Could any one help me ?
    Thanks in advance !

    This is a copy of my jad file:

    MIDlet-1: Pmobile,rw/pivot/mobile/img/pivotLogo.jpg,rw.pivot.mobile.lcdui.Pmobile
    MIDlet-Certificate-1-1: MIIDPDCCAqWgAwIBAgIQTRcOCMlRc8...
    MIDlet-Certificate-1-2: MIIDTjCCAregAwIBAgIBCjANBgkqhkiG9w0BAQUFADCBzjE...
    MIDlet-Certificate-1-3: MIIDJzCCApCgAwIBAgIBATANBgkqhkiG...
    MIDlet-Description: This application purchase ELECTROGAZ prepaid Electricity through Pivot Access System , Developper: Nzeyimana Antoine
    MIDlet-Icon: rw/pivot/mobile/img/pivotLogo.jpg
    MIDlet-Info-URL: http://mobile.pivotaccess.com
    MIDlet-Jar-RSA-SHA1: Y4mfvv+gmCLEURU4+oa42ZdMrwS9...
    MIDlet-Jar-Size: 58855
    MIDlet-Jar-URL: Pmobile.jar
    MIDlet-Name: Pmobile
    MIDlet-Permissions: javax.microedition.io.Connector.file.read,javax.microedition.io.Connector.file.write,
    javax.microedition.io.Connector.http,javax.microedition.io.Connector.https,javax.microedition.io.Connector.sms,
    javax.wireless.messaging.mms.send,javax.microedition.pim.ContactList.read
    MIDlet-Vendor: Pivot Access
    MIDlet-Version: 1.0
    MicroEdition-Configuration: CLDC-1.1
    MicroEdition-Profile: MIDP-2.0


    and here is a list of my keystore chains:


    C:\>keytool -list -keystore pivot -v
    Enter keystore password:

    Keystore type: JKS
    Keystore provider: SUN

    Your keystore contains 1 entry

    Alias name: pivotaccess
    Creation date: Dec 5, 2008
    Entry type: PrivateKeyEntry
    Certificate chain length: 3
    Certificate[1]:
    Owner: CN=PIVOT ACCESS, OU=MOBILE SOFTWARE DEVELOPMENT UNIT, O=PIVOT ACCESS, L=KIGALI, ST=KIGALI, C=RW
    Issuer: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
    Serial number: 4d170e08c95173c406f3583970de136f
    Valid from: Thu Dec 04 02:00:00 CAT 2008 until: Sat Nov 28 01:59:59 CAT 2009
    Certificate fingerprints:
    MD5: ED:89:91:86:BE:80:C6:76:85:36:6E:A8:ED:B8:E1:F2
    SHA1: C2:BE:70:2A:E1:08:29:40:101:3A:870:63:0F:957:90:A0F
    Signature algorithm name: SHA1withRSA
    Version: 3

    Extensions:

    #1: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:false
    PathLen: undefined
    ]

    #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
    AuthorityInfoAccess [
    [accessMethod: 1.3.6.1.5.5.7.48.1
    accessLocation: URIName: http://ocsp.thawte.com]
    ]

    #3: ObjectId: 2.5.29.4 Criticality=false

    #4: ObjectId: 2.5.29.31 Criticality=false
    CRLDistributionPoints [
    [DistributionPoint:
    [URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl]
    ]]

    #5: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
    codeSigning
    1.3.6.1.4.1.311.2.1.22
    ]

    #6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
    NetscapeCertType [
    Object Signing
    ]

    Certificate[2]:
    Owner: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
    Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
    Serial number: a
    Valid from: Wed Aug 06 02:00:00 CAT 2003 until: Tue Aug 06 01:59:59 CAT 2013
    Certificate fingerprints:
    MD5: D4:A7:BF:00:7B:6A:0C:209:23:CD:5B:60:7B:7C:12
    SHA1: A7:06:BA:1E:CA:B6:A2:AB:18:69:9F:C07D:8C:7D:E3:6F:29:0F
    Signature algorithm name: SHA1withRSA
    Version: 3

    Extensions:

    #1: ObjectId: 2.5.29.15 Criticality=true
    KeyUsage [
    Key_CertSign
    Crl_Sign
    ]

    #2: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:0
    ]

    #3: ObjectId: 2.5.29.31 Criticality=false
    CRLDistributionPoints [
    [DistributionPoint:
    [URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
    ]]

    #4: ObjectId: 2.5.29.37 Criticality=false
    ExtendedKeyUsages [
    clientAuth
    codeSigning
    ]

    #5: ObjectId: 2.5.29.17 Criticality=false
    SubjectAlternativeName [
    CN=PrivateLabel2-144
    ]

    Certificate[3]:
    Owner: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
    Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
    Serial number: 1
    Valid from: Thu Aug 01 02:00:00 CAT 1996 until: Fri Jan 01 01:59:59 CAT 2021
    Certificate fingerprints:
    MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
    SHA1: 62:7F:8D:78:27:65:63:992:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
    Signature algorithm name: MD5withRSA
    Version: 3

    Extensions:

    #1: ObjectId: 2.5.29.19 Criticality=true
    BasicConstraints:[
    CA:true
    PathLen:2147483647
    ]



    *******************************************
    *******************************************

    Help please !
    Last edited by hartti; 2008-12-10 at 21:25. Reason: shortened overly long lines to make the message more readable

  2. #2
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: Unable to install a Midlet signed with a thawte Certificate

    Make sure that the settings in the application manager allows installation of all applications (not only signed ones) and that the online certificate check is off.

    Hartti

  3. #3
    Registered User
    Join Date
    Dec 2008
    Posts
    1

    Re: Unable to install a Midlet signed with a thawte Certificate

    Hi all,

    Any update on this issue, as i was able to install on Sony devices but on Nokia i did all combination as mentioned but still couldn't able to install it.

  4. #4
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: Unable to install a Midlet signed with a thawte Certificate

    What do you mean with "all combination"?

    Is the phone a generic Nokia phone or branded for some operator? If branded, for which operator?
    Can you install the unsigned version of the MIDlet?
    Does the Thawte certificate on the phone include application signing as accepted use?
    Is the online certificate checking off?
    Have you tried without the MIDlet certificate 1-3 line in the JAD file?

    Hartti

Similar Threads

  1. Replies: 2
    Last Post: 2009-09-16, 08:07
  2. Unable to Install. Constrained by the certificate.
    By manjunaths in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 18
    Last Post: 2009-05-06, 10:47
  3. Unable to install constrainted by Certificate
    By butterflymonkey in forum Symbian
    Replies: 3
    Last Post: 2008-09-01, 19:34
  4. Replies: 2
    Last Post: 2007-04-30, 06:30
  5. Nokia 6600, install signed midlet?
    By ossipetz in forum Mobile Java Tools & SDKs
    Replies: 3
    Last Post: 2003-11-18, 12:51

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×