Discussion Board

Results 1 to 11 of 11
  1. #1
    Registered User
    Join Date
    Feb 2013
    Posts
    31

    Angry Nokia Asha 302 self-signed certificate !!!!!!!!!!!!!!!!!!!!!!!

    I want a full tutorial on how to install a self-signed certificate on my mobile phone! It's inconceivable how hard is to do it! I want to use my own apps with full rights! Is that much???
    Last edited by Revolter; 2014-03-06 at 22:07.

  2. #2
    Nokia Developer Champion
    Join Date
    Feb 2009
    Location
    Noida, India
    Posts
    3,087

    Re: Nokia Asha 302 self-signed certificate !!!

    AFAIK, S40 or Asha 302 can not install your own self-signed certificate.
    thanks,
    ~Amitabh
    (Champion of the Month -Aug'13)
    Follow me on my blog for Innovative Mobile Apps

  3. #3
    Registered User
    Join Date
    Feb 2013
    Posts
    31

    Re: Nokia Asha 302 self-signed certificate !!!

    Quote Originally Posted by im2amit View Post
    AFAIK, S40 or Asha 302 can not install your own self-signed certificate.
    It can, I did it a year ago after weeks of trial and error and now I can't remember how

  4. #4
    Registered User
    Join Date
    Feb 2013
    Posts
    31

    Re: Nokia Asha 302 self-signed certificate !!!

    Thank you Nokia for helping your users and developers! I find a great pleasure in clicking through popups when using some of the API's because I can't sign my own application that I made that I know it's not malware!

  5. #5
    Registered User
    Join Date
    Feb 2013
    Posts
    31

    Re: Nokia Asha 302 self-signed certificate !!!

    I have this command but I can't remember in which order I need to run them or what certificate to install with nokicert

    Code:
    set keytool="%JAVA_HOME%\bin\keytool"
    keytool -delete
    keytool -genkey -alias a -keyalg RSA -validity 3650
    keytool -export -alias a -file a.crt
    
    keytool -genkey -alias a -keyalg RSA -keystore a.sks
    keytool -certreq -alias a -keystore a.sks -keypass iulianonofrei -file a.csr
    
    keytool -genkey -keyalg rsa -keystore a.ks -alias a -keysize 2048
    
    
    
    "C:\Program Files\OpenSSL-Win64\bin\openssl"
    genrsa -des3 -out a.key 4096
    req -new -x509 -days 3650 -key a.key -outform DER -out a.cer
    req -new -x509 -days 3650 -key a.key -out a.crt
    
    x509 -req -days 3650 -in a.csr -CA a.crt -CAkey a.key -set_serial 01 -out code-sign.crt
    If someone could HELP me with this, please! Maybe someone WORKING AT NOKIA!

  6. #6
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    Quote Originally Posted by Revolter View Post
    I did it a year ago after weeks of trial and error and now I can't remember how
    You are angry about yourself, because you did not document your own findings. The answer of im2amit is the official answer because the J2ME specification forbids what you are looking for. Everything else is a bug, and a hack to use that bug. Therefore, it is unlikely a Nokia engineer is going to answer. May I?

    First, you need a certificate authority (CA):
    a) BeHappy contains one already
    b) NokiCert recommends CAcert …
    Don’t you have that CA still on your phone? In Series 40, CAs survive a software reset, consequently, it should still be there.

    Second, you need a CA installer:
    a) MobiMB for BeHappy, which requires Windows
    b) NokiCert, which requires Java Runtime Environment 6 (or you have to hack its launcher script to use JRE 7). When NokiCert ask for the Bluetooth Device Address (BD_ADDR; MAC) you enter *#2820# on your phone, and take the first line (enter in uppercase).

    Then, optionally, you have to create a certificate signing request (CSR) which you send to your certificate authority, for example in case of CAcert.

    Last, you have to sign your MIDlet:
    a) BeHappy comes with a drag-and-drop application to do so.
    b) Personally, I recommend the J2ME tools of Oracle because they come with a graphical tool to create a request and to sign a MIDlet.
    c) command line

    As you see, you have a lot of options and alternatives, creating a lot of possible combinations. Therefore, before I go into more detail, please answer the first question:
    1) Which CA do you want to go for? BeHappy, CAcert, or your own?
    2) because you were successful with NokiCert already, I guess you go that way.
    o) if you go for CAcert, you need a CSR; did you consider to use your existing one from last year?
    l) did you ever do signing your MIDlet? If not, we can go for the tool I like.

  7. #7
    Registered User
    Join Date
    Feb 2013
    Posts
    31

    Re: Nokia Asha 302 self-signed certificate !!!

    Quote Originally Posted by traud View Post
    You are angry about yourself, because you did not document your own findings. The answer of im2amit is the official answer because the J2ME specification forbids what you are looking for. Everything else is a bug, and a hack to use that bug. Therefore, it is unlikely a Nokia engineer is going to answer. May I?
    Yes, i'm sorry for that, and I understand that that's a hack, but nevertheless there should be an official way to do this, it seems odd to pay to use your own app on your own phone.

    Quote Originally Posted by traud View Post
    First, you need a certificate authority (CA):
    a) BeHappy contains one already
    b) NokiCert recommends CAcert …
    Don’t you have that CA still on your phone? In Series 40, CAs survive a software reset, consequently, it should still be there.
    The problem is that the old certificate expired. I neved used BeHappy but I'm open to it if i

    Quote Originally Posted by traud View Post
    Second, you need a CA installer:
    a) MobiMB for BeHappy, which requires Windows
    b) NokiCert, which requires Java Runtime Environment 6 (or you have to hack its launcher script to use JRE 7). When NokiCert ask for the Bluetooth Device Address (BD_ADDR; MAC) you enter *#2820# on your phone, and take the first line (enter in uppercase).
    I was able to use NokiCert, but I didn't know which one of the files with different extensions I have to transfer.

    Quote Originally Posted by traud View Post
    Then, optionally, you have to create a certificate signing request (CSR) which you send to your certificate authority, for example in case of CAcert.

    Last, you have to sign your MIDlet:
    a) BeHappy comes with a drag-and-drop application to do so.
    b) Personally, I recommend the J2ME tools of Oracle because they come with a graphical tool to create a request and to sign a MIDlet.
    c) command line
    I used the command line but I got stuck with the multitude of different commands and forgot which one worked and in which order. I don't know where to find the GUI one.

    Quote Originally Posted by traud View Post
    As you see, you have a lot of options and alternatives, creating a lot of possible combinations. Therefore, before I go into more detail, please answer the first question:
    1) Which CA do you want to go for? BeHappy, CAcert, or your own?
    2) because you were successful with NokiCert already, I guess you go that way.
    o) if you go for CAcert, you need a CSR; did you consider to use your existing one from last year?
    l) did you ever do signing your MIDlet? If not, we can go for the tool I like.
    1) Whatever is easier and works, I thinks I used CAcert last year but I'm not sure.
    3) Isn't the CSR different for a different certificate? I have some .csr files in the trash like a kind of back-up
    4) Yes. I made a .bat file that used to sign them automatically which included these lines:

    Code:
    java -jar .utils/JadTool.jar -addjarsig -keypass iulianonofrei -alias Revolt -keystore .utils/revolt.ks -inputjad "!name!.jad" -outputjad "!name!.jad" -jarfile "!name!.jar"
    java -jar .utils/JadTool.jar -addcert -alias Revolt -keystore .utils/revolt.ks -inputjad "!name!.jad" -outputjad "!name!.jad"

  8. #8
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    With NokiCert, you transfer your certificate authority CA (public certificate) not in base-64 (PEM) but in binary (DER) format. The BeHappy certificate can be found on the Internet.
    Quote Originally Posted by Revolter View Post
    I understand that that's a hack, but nevertheless there should be an official way to do this
    That official way is blocked by the specification. An implementation of this specification is not allowed to circumvent this.
    Quote Originally Posted by Revolter View Post
    the old certificate expired
    If you change the date of your phone back into the valid period, the installation is going to succeed. With J2ME, Nokia does not do any OCSP or timestamping.

  9. #9
    Registered User
    Join Date
    Feb 2013
    Posts
    31

    Re: Nokia Asha 302 self-signed certificate !!!

    Quote Originally Posted by traud View Post
    If you change the date of your phone back into the valid period, the installation is going to succeed. With J2ME, Nokia does not do any OCSP or timestamping.
    I wouldn't want to keep my phone with a wrong date, and also I deleted the old certificate, trying to install the new one.

    Also, can't you pretty please explain how to correctly create the certificate and the keystore I need to sign the applications?

  10. #10
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    Quote Originally Posted by Revolter View Post
    I wouldn't want to keep my phone with a wrong date.
    The wrong date is required at installation time only. Once installed, you can change your date again. Anyway, which certificate authority do you have installed now: BeHappy, CAcert, or your own? If you want to go for your own CA, I made good experience with the graphical tool xca. It avoids all these command lines. Were you able to use NokiCert to install your CA? If you do not answer my questions, I write books.

    BeHappy is a drag&drop solution. All you have to do is to drag your MIDlet onto the app.
    If you want to go for CAcert or your own CA, I would use the Sun Wireless Toolkit 2.5 for CLDC » Utilities » Sign MIDlet » Generate CSR. With those tools, you never ever have to touch a command line.
    Quote Originally Posted by Revolter View Post
    Can't you pretty please explain how to correctly create the certificate and the keystore I need to sign the applications?
    There, you go …
    Found via this which leads to this and the “Signed MIDlet Developer’s Guide”.

  11. #11
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    If you want to go for Drag&Drop with BeHappy …

Similar Threads

  1. 'Certificate not on phone or SIM' on Nokia ASHA 311 even after signing the app
    By jemishsp in forum Mobile Java Networking & Messaging & Security
    Replies: 12
    Last Post: 2013-07-08, 11:55
  2. I want to install a nokia signed UIDs used application with developer certificate -
    By GTO_India in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 12
    Last Post: 2011-12-13, 10:54
  3. System error -1 in deveoper certificate sis not in self signed certificate Problem??
    By sunil304047 in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 1
    Last Post: 2011-08-21, 04:44
  4. j2me Code Signing: Self Signed Certificate VS Unknown Certificate VS No Certificate?
    By Nikolaos in forum Mobile Java Networking & Messaging & Security
    Replies: 6
    Last Post: 2008-11-22, 21:34

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×