×

Discussion Board

Results 1 to 6 of 6
  1. #1
    Registered User
    Join Date
    Apr 2008
    Posts
    9

    Problem in Midlet signed with Thawte certificate

    hi everybody.
    After a lot of reading regarding midlet signing, we finally decided to purchase a code signing certificate from Thawte, we signed our midlet and now we realized that it only works in a few Nokia devices.

    Our original assumption (from the research we made), was that in order for a Thawte certificate to work, the device MUST have the Thawte root certificate installed (named: Thawte Premium Server Certificate CA")

    The problem, as far as we have tested, is that our signed midlet only works on the phones that have TWO root certificate from Thawte, one is the one mentioned above and the other is called:
    " MIDP2 Thawte Premium server certificate"
    all the devices that we had the chance to put our hands on, that have these two certificated; allows the successfull installation of our midlet; but unfortunatelly there are only few phones form Nokia wuth this MIDP2 Thawte.... certificate"

    Can anyone please tell me for real what the problem is?
    we found that Nokia OBI (for example) is warning about signing with VeriSign, but it doesn't mention anything about Thawte certificates, so we thought that it would be the safest option for covering the maximum number of device models, but it seems that it is not (unless we are doing somethign wrong)

    We have checked with Thawte that the midlet is properly signed, and it is, since it works in the devcies with this "MIDP2 ..." root certificate.

    thanks.

  2. #2
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: Problem in Midlet signed with Thawte certificate

    In short: The signed MIDlet works, if there is a Thawte certificate on the phone which allows application/MIDlet signing. Usually the correct certificate is named the way you noted (in the third paragraph) but the naming is not very consistent :-(

    Yes, the availability of Thawte (as well as Verisign) MIDlet sigining certificate varies based on phone model, on region (different countries/regions have different approaches) and operator. Unfortunately.
    And unfortunately there is no global reference list of phone models and available certificates.

    Hartti

  3. #3
    Registered User
    Join Date
    Apr 2008
    Posts
    9

    Re: Problem in Midlet signed with Thawte certificate

    thank Jartti, this signing stuff .... it is confusing
    here are 3 questions.

    1. do you know if there is a way to check on the device which ones of the installed root certificates allow midlet signing?

    2. does it say somewhere for which j2me domain ?

    3. what do you mean when you state that " (different countries/regions have different approaches) "?
    is it related to the carrier sec domain? or it as something to do with 3rd party sec domain?

    As far as I understood, by purchasing a certificate like this, my signed midlets should be installed on the 3rd party app domain and give me unrestricted access toa number of APIs without asking permisisons. (like http or pushregistry ) Am I right?


    thanks.

  4. #4
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: Problem in Midlet signed with Thawte certificate

    1) If you have the phone in hand then yes. In S60 devices I think you can see this through certificate manager. I do not have a S60 or Series 40 phone at hand and I cannot tell the exact menu sequence off the top of my head :-)

    2) Verisign/Thawte (and certification through Java Verified) places you app in to the identified 3rd party domain. For operator and manufacturer domains you need to get the certificate from the respective party (which usually requires at least partnering). In case of Nokia, that will not happen. Nokia signs only Nokia branded apps.

    3) Sorry for not being completely clear. What I meant that if you have a phone model XYZ sold in Europe and the same XYZ model sold in Asia, those phones might have different set of certificates in them.

    4) You are slightly wrong. Yes, MIDlets are placed in to the trusted 3rd party domain. Usually the default access right to a specific API is something lower than "always allowed" (something like "ask once") and the user has to manually change the settings to higher (less restrictive ones) if she wants. In some cases for certain APIs the "always allowed" is not available at all. See here for more detailed information
    http://wiki.forum.nokia.com/index.ph...on_real_phones

    Note also that there are some restrictions in the MIDP spec on certain APIs. The following example is copy-pasted from the MIDP spec
    "Additionally, the Blanket setting for Application Auto Invocation and the Blanket setting for Net Access are mutually exclusive. This constraint is to prevent a MIDlet suite from auto-invoking itself, then accessing a chargeable network without the user being aware. If the user attempts to set either the Application Auto Invocation or the Network Function group to “Blanket” when the other Function group is already in “Blanket” mode, the user MUST be prompted as to which of the two Function groups shall be granted “Blanket” and which Function group shall be granted “Session”."

    Hartti

  5. #5
    Registered User
    Join Date
    Apr 2008
    Posts
    9

    Re: Problem in Midlet signed with Thawte certificate

    thanks a lot Hartti for the usefull information and your time.

  6. #6
    Registered User
    Join Date
    Apr 2008
    Posts
    9

    Re: Problem in Midlet signed with Thawte certificate

    I have one last question, I'm not sure if this is the right thread, please let me know.

    it is my understanding that in order to publish an app in the Nokia OBI app store, it has to be signed; could you tell me which is the best certificate in this case?

    thanks.

Similar Threads

  1. MIDlet signing by thawte certificate
    By baritra in forum Mobile Java Networking & Messaging & Security
    Replies: 1
    Last Post: 2010-07-28, 12:59
  2. Unable to install a Midlet signed with a thawte Certificate
    By nzeyi2008 in forum Mobile Java General
    Replies: 3
    Last Post: 2009-01-22, 06:44
  3. Problem with running midlet signed with custom certificate
    By ElegantBits in forum Mobile Java General
    Replies: 2
    Last Post: 2008-02-11, 11:59
  4. Signing Midlet with Thawte trial certificate
    By ptutino in forum Mobile Java Networking & Messaging & Security
    Replies: 4
    Last Post: 2007-01-03, 19:41
  5. Thawte Certificate OK for MIDlet signing?
    By heeb in forum Mobile Java Networking & Messaging & Security
    Replies: 4
    Last Post: 2005-10-15, 19:17

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×