×

Discussion Board

Results 1 to 4 of 4
  1. #1
    Super Contributor
    Join Date
    Apr 2007
    Posts
    2,708

    Installing apps after Certificate Expiration date ?

    Hi all,
    I have been testing a signed MIDlet on a N95 to see if I would be able to install the MIDlet after the certificate's expiration date. In this case it would be the end of August.
    So I set the phone's date to december of this year and behold it would NOT install the midlet anymore.
    So I have been looking around for info and I obviously found this : http://wiki.forum.nokia.com/index.ph...ng_for_dummies

    which states :
    "Yes, when you buy a certificate (usually for a certain duration of time - 1 or 2 years) you can use that certificate for signing for the duration of the certificate. You can install MIDlets on the phone even after that period, granted that the corresponding root certificate is still valid - which they should be until sometime in 2020... "

    It owuld seem that my experience is somewhat contradictory so I was wondering if anyone has experience regarding this issue ?

  2. #2
    Registered User
    Join Date
    Aug 2008
    Location
    Berlin
    Posts
    18

    Re: Installing apps after Certificate Expiration date ?

    I tried to install the VeriSign Test MIDlet a few days ago and made the same experience as you.

  3. #3
    Super Contributor
    Join Date
    Jun 2003
    Location
    Cheshire, UK
    Posts
    7,395

    Re: Installing apps after Certificate Expiration date ?

    I couldn't find any info specifically referring to MIDlets. But, I found this, which says:

    Timestamping ensures that code will not expire when certificate expires. If your code is timestamped the digital signature is valid even though the certificate has expired. A new certificate is only necessary if you want to sign additional code. If you did not use the timestamping option during the signing, you must re-sign your code and re-send it out to your customers.
    And this:

    Every Code Signing Certificate is purchased with a specific validity period. The digital certificate can be used to sign code as frequently as needed during that validity period. When the digital certificate expires, all digital signatures that depend on that digital certificate expire also unless the signature includes a time stamp. A timestamp option shows when code was signed, allowing customers to verify that the code signing certificate was valid at the time of the digital signature.
    So, it sounds like the wiki article is misleading, and your experience is normal unless you specifically sign with the "timestamp" option. The next question is obviously: how to sign with a timestamp?

    Good question.

    J2SE's jarsigner tool appears to have an option for providing the URL of a Time Stamp Authority, like:

    Code:
    -tsa http://timestamp.comodoca.com/authenticode
    But I don't see a similar option in jadtool.

    Maybe you can't do this, and signed apps always expire...?

    Graham.

  4. #4
    Super Contributor
    Join Date
    Apr 2007
    Posts
    2,708

    Re: Installing apps after Certificate Expiration date ?

    Actually on the SE forum I found a document regarding signing which includes the following :

    Certificate life span

    A Thawte or VeriSign certificate is commonly purchased with a validity period of 1-3 years. When using Java Verified the certificate signature will be valid for 10 years.


    This has caused the Thawte and VeriSign certificate to be popular for signing during the development process.


    It's important to know that the signing of the application will have the same expiration date as the certificate the application was signed with. If the certificate has expired it will not be possible to install the application. The expiration date is only checked at install time so an install application will not expire.


    It actually seems pretty accurate, because it won't be able to install after the expiration date (simply because the date is checked right in that moment), BUT if the app is already installed it will actually just start up and work fine after the expiration date...

    To me it seems the Wiki Article I pointed out to is not correct, and if it is I'd like to know where I am going wrong ?
    Thx Graham though for all the info, and I will be posting again from now on after a fullfilling 2 weeks of vacation

Similar Threads

  1. Installing code signing certificate
    By amila4u in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 10
    Last Post: 2012-06-22, 10:37
  2. certificate error while installing sis file in N73
    By sukriti.sym in forum Symbian Media (Closed)
    Replies: 5
    Last Post: 2009-08-11, 08:58
  3. installing CA root certificate to the emulator
    By minstn in forum Symbian Tools & SDKs
    Replies: 0
    Last Post: 2009-02-18, 10:00
  4. Nokia Tech Specialists, can you help me in installing User Certificate in Nokia 6230i
    By umeshbansal79 in forum Mobile Java Networking & Messaging & Security
    Replies: 17
    Last Post: 2008-01-09, 18:20
  5. preverify error. PLZ HELP
    By michaelhann89 in forum Mobile Java Tools & SDKs
    Replies: 14
    Last Post: 2007-03-22, 22:51

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×