×

Discussion Board

Results 1 to 11 of 11

Hybrid View

  1. #1
    Registered User
    Join Date
    Feb 2010
    Posts
    3

    Unhappy Certificate error, when i install signed MIDP application on S60 3rd emulator

    Help me please - i unable to install signed MIDP application on S60 3rd emulator - when i trying to install any signed MIDP application (f.ex. HelloWorld with Verisign cert. that i get from forum.nokia.com) via OTA, after downloading application i get an error: "Certificate error. Contact the application supplier" and application was not install.
    First, i think to verify certificates set on emulator - "Settings" -> "General" -> "Security" -> "Certificate Managment" -> "Authority certificates" and there are only 4 certificates - for symbian applications only:
    (VeriSign Identity-Based ACS Root for Symbian OS
    VeriSign Testing-Based ACS Root for Symbian OS
    GeoTrust Testing-Based ACS Root for Symbian OS
    GeoTrust Identity-Based ACS Root for Symbian OS)
    then i decide, that i need certificates from real device - (Nokia S60 3rd phone - Nokia E71) and i tell to my friend to send me file cacerts.dat from c:\private\101f72A6. When i get this file i was copied it to the following folders on empulator install place:
    C:\S60\devices\S60_3rd_FP2_SDK_v1.1\epoc32\release\winscw\udeb\z\private\101f72a6\CACerts.dat
    C:\S60\devices\S60_3rd_FP2_SDK_v1.1\epoc32\release\winscw\udeb\z\system\data\CACerts.dat
    C:\S60\devices\S60_3rd_FP2_SDK_v1.1\epoc32\winscw\c\private\101f72A6\CACerts.dat
    C:\S60\devices\S60_3rd_FP2_SDK_v1.1\epoc32\winscw\c\system\data\CACerts.dat
    After it, i have go to "Certificate Managment" and i see all certificates from real device, but when i see a "Trust settings" option for any of them, i don't see an "Application install" option as on real device (there are only "Internet" and "Online certif. check" set to true).
    I trying again, to install HelloWorld signed midlet on emulator but again get the following error ("Certificate error. Please ... ").
    PLEASE! Help me to decide this problem! I think that is any configuration error of my emulator. (I set up Nokia S60 3rd FP2 SDK v1.1).

    P.S.
    (I know, that certificate in HelloWorld midp application is expired and always set date to 19.02.2008)

  2. #2
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    Quote Originally Posted by sdg2010 View Post
    i need certificates from real device - (Nokia S60 3rd phone - Nokia E71) and i tell to my friend to send me file cacerts.dat from c:\private\101f72A6.
    Which does not contain code-signing certificates for MIDP.
    However, I have no idea how to add a certificate for a S60 emulator. Why do you need that exactly? Anyway, MIDP2SECURITYPOLICYV2.DLL might (never tried) your friend.

  3. #3
    Registered User
    Join Date
    Feb 2010
    Posts
    3

    Unhappy Re: Certificate error, when i install signed MIDP application on S60 3rd emulator

    Thank you for your answer, Traud. I need this, because i have certificate from Verisign and when i try to sign
    any midlet it will not install - "Certificate error. Contact the application supplier".
    This error exist on Nokia S60 3rd device only. (On all other handset S40, S60 before 3rd edition - my Nokia N70 it installed properly).
    Before signing my midlet, i've read this forum and i've considered tricks, that was described in this forum.
    I think that my certificate is incorrect, but i don't know why. Now, i have Nokia N73 and can test midlets.
    So, this is my steps of getting my certificate and signing midlet:

    (Before all this steps i've installed JDK 1.6.10 and Sun Java ME SDK 3.0 with Netbeans)

    1) Generate private my keypair

    keytool -genkey -alias drsmart -keyalg RSA -keystore drsmart.key

    and after setting parameters i've got keystore with keypair with the following attributes:

    Keystore type: JKS
    Keystore provider: SUN

    Your keystore contains 1 entry

    Alias name: drsmart
    Creation date: 30.07.2009
    Entry type: PrivateKeyEntry
    Certificate chain length: 1
    Certificate[1]:
    Owner: CN=GRN, OU=DrSmart, O=DrSmart, L=Moscow, ST=Unknown, C=RF
    Issuer: CN=GRN, OU=DrSmart, O=DrSmart, L=Moscow, ST=Unknown, C=RF
    Serial number: 4a70d5c6
    Valid from: Thu Jul 30 03:05:42 MSD 2009 until: Wed Oct 28 02:05:42 MSK 2009
    Certificate fingerprints:
    MD5: F0:F3:6D:F3:28:28:6F7:F3:31:64:63:72:3D:66:FB
    SHA1: 5C:98:15:0E:C1:4B:C5:74:0A:3A:38:6F:F15:94:7B:2CA:C9:BC
    Signature algorithm name: SHA1withRSA
    Version: 3


    2) Generate CSR to Verisign

    keystore -certreq -alias drsmart -keystore drsmart.key -keypass 3409909 -file certreq.csr

    3) Set password on the WTK keystore:

    cd C:\Java_ME_platform_SDK_3.0_EA\runtimes\cldc-hi\lib\

    keytool -storepasswd -keystore keystore.ks -protected

    and set password to 123456

    4) Then kill all alias there:

    keytool -delete -keystore keystore.ks -alias dummyca
    ...

    and so on until keystore is empty

    5) Then import my keystore at this keystore:

    keytool -importkeystore -srckeystore drsmart.key -destkeystore keystore.ks -srcalias drsmart -destalias drsmart

    6) Import certificates chain reply from Verisign at WTK keystore:

    keytool -import -file cert.p7b -alias drsmart -keystore keystore.ks -keypass 3409909 -trustcacerts

    after it, i open my project, select key to sign my midlet and rebuilt it.

    I have the following jad that will not install on my N73:

    MIDlet-1: KreditHelper,/img2.png,kh.KreditHelper
    MIDlet-Certificate-1-1: MIIFCDCCA/CgAwIBAgIQTerl0dQenAtYgS+FOLGspDANBgkqhkiG9w0BAQUFADCBtjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEwMC4GA1UEAxMnVmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAwOS0yIENBMB4XDTA5MDgyNDAwMDAwMFoXDTExMDgyNDIzNTk1OVowgagxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIEwZNb3Njb3cxDzANBgNVBAcTBk1vc2NvdzEZMBcGA1UEChQQRG9jdG9yIFNtYXJ0IGx0ZDExMC8GA1UECxMoRGlnaXRhbCBJRCBDbGFzcyAzIC0gSmF2YSBPYmplY3QgU2lnbmluZzEOMAwGA1UECxQFQm9va3MxGTAXBgNVBAMUEERvY3RvciBTbWFydCBsdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ+7H4cy99GR2ru3HHxqw21p0On13C0MGNhvLccXGkiHFVl52w+7bHryXSJyMQeSjq0v84BawMNiVHJU8uzdaR5azpjI3QrupGZaQntn+WdxnYZoPPCkMgD/Ezffx6ehX5MRCKI/LwgiDi/u0CoWuYx1+ox5YMjvZLMc3BH4xOi5AgMBAAGjggGgMIIBnDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3NjMy0yMDA5LTItY3JsLnZlcmlzaWduLmNvbS9DU0MzLTIwMDktMi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBMGA1UdJQQMMAoGCCsGAQUFBwMDMHUGCCsGAQUFBwEBBGkwZzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMD8GCCsGAQUFBzAChjNodHRwOi8vY3NjMy0yMDA5LTItYWlhLnZlcmlzaWduLmNvbS9DU0MzLTIwMDktMi5jZXIwHwYDVR0jBBgwFoAUl9BrqCZwyKE/lB8ILcQ1m6ShHvIwEQYJYIZIAYb4QgEBBAQDAgQQMBsGA1UdEQQUMBKCEERvY3RvciBTbWFydCBsdGQwFgYKKwYBBAGCNwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBAHLte2vgGqGUDJV+2qosy+zEtsqxfi1F63ejrWJ8TxQpoHnN2QDJRt+lKgf2mwYbSrcw0rM8i6EGZbt6ihZQc9wNWIGqREOf8Zd3MW0xYZcAL+fa77ST9Y6bmFarjcrPi4+/qHn8rV8j7QJFPZzRxiAbzowR1I/+WduL0E+9m2nG0X8m0faDXV7uQ9krA02y1No6EK5pK81RelnakCZJgf1YbY9Lj59gUWMmj5OuOlmEix7jkEvkFubfzhAYLZeteJkaIP2gl3Kezppf6j4a/9BA5Bdk2mHtfjY55EhhWiQJ53R4IlF/Vkvn2j6Z/LnTvqKDm7qQirofkoyntgxLWvM=
    MIDlet-Certificate-1-2: MIIE/DCCBGWgAwIBAgIQZVIm4bIuGOFZDymFrCLnXDANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDkwNTIxMDAwMDAwWhcNMTkwNTIwMjM1OTU5WjCBtjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEwMC4GA1UEAxMnVmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAwOS0yIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmcdtGCqEElvVhd8Zslehg3V8ayncYOOi4n4iASJFQa6LYQhleTRnFBM+9IivdrysjU7Ho/DCfv8Ey5av4l8PTslHvbzWHuc9AG1xgq4gM6+J3RhZydNauXsgWFYeaPgFxASFSew4U00fytHIES53mYkZorNT7ofxTjIVJDhcvYZZnVquUlozzh5DaowqNssYEie16oUAamD1ziRMDkTlgM6fEBUtq3gLxuD3KgRUj4Cs9cr/SG2p1yjDwupphBQDjQuTafOyV4l1Iy88258KbwBXfwxh1rVjIVnWIgZoL818OoroyHnkPaD5ajtYHhee2CD/VcLXUENY1Rg1kMh7wIDAQABo4IB2zCCAdcwEgYDVR0TAQH/BAgwBgEB/wIBADBwBgNVHSAEaTBnMGUGC2CGSAGG+EUBBxcDMFYwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwKgYIKwYBBQUHAgIwHhocaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMDMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFDbGFzczNDQTIwNDgtMS01NTAdBgNVHQ4EFgQUl9BrqCZwyKE/lB8ILcQ1m6ShHvIwDQYJKoZIhvcNAQEFBQADgYEAiwPA3ZTYQaJhabAVqHjHMMaQPH5C9yS25INzFwR/BBCcoeL6gS/rwMpE53LgULZVECCDbpaS5JpRarQ3MdylLeuMAMcdT+dNMrqF+E6++mdVZfBqvnrKZDgaEBB4RXYx84Z6Aw9gwrNdnfaLZnaCG1nhg+W9SaU4VuXeQXcOWA8=
    MIDlet-Certificate-1-3: MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Dolbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNycAA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
    MIDlet-Jar-RSA-SHA1: NEFe8ehYxnV+550JjCBI2X6lQSo72tyNYQu9WeSbF+nD2oyaRmoEy7zUUIw90IEgaufAlHvT8+H7ZVWGfKFZ805yifu0uA+06VRx+lSItMWRVYS2USamWu2YxEY16RjjHL69LBjcgdxNPa+PUUmd1EhYy4jXuVAe88hlV0+Kx+w=
    MIDlet-Jar-Size: 4253
    MIDlet-Jar-URL: krh.jar
    MIDlet-Name: KreditHelper
    MIDlet-Permissions: javax.microedition.io.Connector.http
    MIDlet-Vendor: KREDITCONSULT
    MIDlet-Version: 2.0
    MicroEdition-Configuration: CLDC-1.0
    MicroEdition-Profile: MIDP-2.0
    Prefix: 442424
    Short_num: 3649

    Then, i trying to kill MIDlet-Certificate-1-3 string, but midlet also not install (Certificate error. Contact the application supplier).

    Please, help me! I trying do it already 1 month!
    I can send my certificate keystore! Help me!

  4. #4
    Nokia Developer Expert
    Join Date
    Aug 2007
    Posts
    1,595

    Re: Certificate error, when i install signed MIDP application on S60 3rd emulator

    Hello sdg2010,

    your issue is S60/Symbian specific due to the following reason: Your certificate path MIDlet-Certificate-1-1 (attached in zip at the end of this message) contains this info (in page 'Details'):

    Subject Alternative Name, DNS Name=Doctor Smart ltd

    The DNS info above contains white spaces which should not exist because of http://tools.ietf.org/html/rfc3696, which says as follows:

    "Any characters, or combination of bits (as octets), are permitted in DNS names. However, there is a preferred form that is required by most applications. This preferred form has been the only one permitted in the names of top-level domains, or TLDs. In general, it is also the only form permitted in most second-level names registered in TLDs, although some names that are normally not seen by users obey other rules.
    ..
    The LDH rule, as updated, provides that the labels (words or strings separated by periods) that make up a domain name must consist of only the ASCII [ASCII] alphabetic and numeric characters, plus the hyphen. No other symbols or punctuation characters are permitted, nor is blank space."


    Remedy:

    I was in contact with VeriSign which said: "The customer should replace the certificate within 30 days..I am sure that if the customer replaces the certificate (its Free) then there should be no Subject alt name in the new certificate. Here are the instructions to replace the certificate.

    Please take a look at this solution from our Knowledge Base: https://knowledge.verisign.com/suppo...tent&id=SO1737 "

    Due to S60/Symbian platform specific nature, this "DNS Name with spaces is not allowed" issue is not just limited to VeriSign but applies also for Thawte due to which Thawte has reported guidelines for getting the Java code signing certificate right for S60/Symbian devices in their public Knowledge Center: https://search.thawte.com/support/ss...=1266776100206

    In case a SAN has been included in a Thawte signature (quoting Thawte guidelines which I received): "Please submit for free replacement, this should give you a new certificate without the SAN.

    You can locate the order online using the below link:
    https://ssl-certificate-center.thawt...cale=THAWTE_US

    After finding the order, select revoke and replace and follow the steps."

    Regards,
    r2j7
    Forum Nokia
    Attached Files Attached Files
    Last edited by r2j7; 2010-02-21 at 23:51. Reason: Guidelines for replacing Thawte and VeriSign certs with SANs
    [URL="http://library.forum.nokia.com/java"][B] >>> Java Developer's Library <<<[/B][/URL]
    [URL="https://www.developer.nokia.com/Resources/Support/Technical_support.xhtml"] [B]>>> Technical Support for Java ME development <<<[/B][/URL]
    [URL="https://publish.ovi.com/info/"][B]>>> Nokia Publish: reach millions of Nokia users worldwide through Nokia Store <<<[/B][/URL]

  5. #5
    Nokia Developer Expert
    Join Date
    Aug 2007
    Posts
    1,595

    Re: Certificate error, when i install signed MIDP application on S60 3rd emulator

    CONTINUED: In addition to submitting for a code signing cert replacement, Java Runtime for S60 Beta for S60 5th Edition devices includes a Java sw fix as a workaround for this issue: the sw fix allows installing Java applications which have been signed with a 'faulty' cert i.e. a cert including the SANs using a DNS Name with SPACE chars.

    Tested by using Forum Nokia's Remote Device Access, the fix applies for the S60 5th Edition devices (with sw versions):

    Nokia 5800 XpressMusic (SW 30.0.011)
    Nokia N97 (SW 20.0.019)
    Nokia N97 mini (SW 11.0.045)
    Nokia X6 (SW 11.0.077)

    In addition to the RDA devices above, the fix applies for the rest of S60 5th Edition devices (as tested by Forum Nokia) also:

    Nokia 5230 (SW to be defined)
    Nokia 5530 XpressMusic (SW to be defined)

    To install the sw fix for a S60 5th Edition device, please refer to the guidelines for Java Runtime for S60 Beta.

    For all devices prior to S60 5th Edition, the solution is to submit for a cert replacement from a CA (see my previous post for the details).

    Regards,
    r2j7
    Forum Nokia
    Last edited by r2j7; 2010-02-22 at 21:47.
    [URL="http://library.forum.nokia.com/java"][B] >>> Java Developer's Library <<<[/B][/URL]
    [URL="https://www.developer.nokia.com/Resources/Support/Technical_support.xhtml"] [B]>>> Technical Support for Java ME development <<<[/B][/URL]
    [URL="https://publish.ovi.com/info/"][B]>>> Nokia Publish: reach millions of Nokia users worldwide through Nokia Store <<<[/B][/URL]

  6. #6
    Registered User
    Join Date
    Feb 2010
    Posts
    3

    Re: Certificate error, when i install signed MIDP application on S60 3rd emulator

    Hello r2j7! It works! Thank you! We revoked our previous certificate, and generate new keypair without any white spaces at Common Name. I also excluded a "Subject Alternative Name" attribute, when i generate certificate. We received new certificate from Verisign.

    With best Regards, sdg2010.

  7. #7
    Nokia Developer Expert
    Join Date
    Aug 2007
    Posts
    1,595

    Re: Certificate error, when i install signed MIDP application on S60 3rd emulator

    Hello,

    sdg2010: that's is great to hear!

    Related Known Issue has been created in Forum Nokia Wiki:

    KIJ001581 - Domain name with spaces in certificate path results in MIDlet installation failure on S60

    Regards,
    r2j7
    [URL="http://library.forum.nokia.com/java"][B] >>> Java Developer's Library <<<[/B][/URL]
    [URL="https://www.developer.nokia.com/Resources/Support/Technical_support.xhtml"] [B]>>> Technical Support for Java ME development <<<[/B][/URL]
    [URL="https://publish.ovi.com/info/"][B]>>> Nokia Publish: reach millions of Nokia users worldwide through Nokia Store <<<[/B][/URL]

  8. #8
    Registered User
    Join Date
    Jan 2011
    Posts
    2

    Re: Certificate error, when i install signed MIDP application on S60 3rd emulator

    Quote Originally Posted by sdg2010 View Post
    Hello r2j7! It works! Thank you! We revoked our previous certificate, and generate new keypair without any white spaces at Common Name. I also excluded a "Subject Alternative Name" attribute, when i generate certificate. We received new certificate from Verisign.

    With best Regards, sdg2010.
    hi, sdg2010, i have this problem also, and i have saw the solution that r2j7 had said. But my communicator can not work. I need the help, I want to know how to install the certificate into the emulator? Where can I received the new certificate? thanks.

  9. #9
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105

    Re: Certificate error, when i install signed MIDP application on S60 3rd emulator

    show_mk, can you elaborate a bit more? What do you mean with ‘communicator’. You do not install any certificates anywhere. if you are affected by this issue, you have to revoke your certificate together with the team of VeriSign.

  10. #10
    Registered User
    Join Date
    Mar 2010
    Posts
    9

    Smile multimedia sur mobile

    good evening
    thank you Mr r2j7's Avatar
    r2j7 for the reply last time, and I have another request please
    I want to know if there is an API that allows you to convert video or audio

  11. #11
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    as_aouraghe, please let us continue with your original post&#160;…

Similar Threads

  1. Icons in s60
    By drizzt6 in forum Mobile Java General
    Replies: 5
    Last Post: 2009-03-06, 09:32
  2. Replies: 1
    Last Post: 2008-01-03, 12:41
  3. S60 3rd MIDP SDK FP2 emulator
    By cryptoalex in forum Mobile Java Tools & SDKs
    Replies: 6
    Last Post: 2007-09-29, 04:32
  4. Replies: 6
    Last Post: 2006-05-02, 07:52
  5. Series 60 Concept Emulator (SDK Beta 0.2 Linux) not working
    By mattbee in forum Mobile Java Tools & SDKs
    Replies: 1
    Last Post: 2003-06-10, 11:43

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×