×

Discussion Board

Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 38
  1. #16
    Registered User
    Join Date
    Nov 2003
    Posts
    8
    I got it also working with a small and simple midlet. Worked with 6600 and 7610.
    With more complicated midlet, "Authorisation failed" error message was shown.

  2. #17
    Registered User
    Join Date
    Jun 2004
    Posts
    24
    I managed to follow the steps that you have outlined and installed my MIDlet as trusted 3rd party. But is there any way to get access to other security level domains, such as manufacturer or maximum? The program that I am developing needs to make bluetooth connections and send smses with absolutely no interaction with the end user. Is this possible? I've heard about creating policy files that define custom security levels. Can these be used on the actual phones? Any help on this topic is welcome. Thanks in advance

    Ram
    Last edited by ram_64892; 2004-06-24 at 11:05.

  3. #18
    Registered User
    Join Date
    Nov 2003
    Posts
    8
    As far as I know, always allowed sms sending is included in manufacturer protection domain and only the manufacturer's applications can use this domain.

  4. #19
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105

    Thumbs up Nokia 6680

    Thanks for the information. Helped a lot.

    Just want to add my Nokia 6680 success story. Bluetooth and Over The Air worked. But with a trusted third-party MIDlet on my my Nokia 6680 (Firmware: 2.04.15; Operator Edition: E-Plus Germany) not much changes. For maximum permissions only User Data Access goes up from Oneshot to Blanket. The default permissions do not change either except for Multimedia which goes up from Oneshot to Session. If you do not use FileConnection and PIM (JSR-75), signing for a Nokia 6680 is useless. I think it is easier to force the user to change the multimedia setting in Nokia Series 60 > Menu > Tools > Manager > your MIDlet > Options > Suite settings herself.

    Default Untrusted – Default Trusted – Maximum Untrusted – Maximum Trusted
    • Net Access: Session
    • Messaging: Oneshot
    • Application Auto Invocation: Session
    • Local Connectivity: Session – Session – Blanket – Blanket
    • Multimedia recording: Oneshot – Session – Session – Session
    • Read User Data Access: Oneshot – Oneshot – Oneshot –Blanket
    • Write User Data Access: Oneshot – Oneshot – Oneshot –Blanket
    The Blanket of Local Connectivity and Read User Data Access is mutally exclusive. This is with a self signed certificate. I wonder if there is an additional trust level like a self signed third party domain.

    Make sure to include the MIDlet-Permissions(-Opt) field in the JAR Manifest and the JAD for all required permissions otherwise the call will fail with a SecurityException and without any user interaction. The most compatible way is to add all permissions via MIDlet-Permissions-Opt. Make sure to be in a non-Offline profile. This caused a Authorisation failed message here. A SMS Push Registry in the JAD and JAR Manifest was rejected too. Unknown why. So it is even more risk to have a MIDlets signed, because it might not work anymore. If you do not need JSR-75 and target a Nokia 6680 only, forget signing.

    For those who have a PKI (and a CA) already and do not want to create a new CA in Java's keytool use a tool like OpenSSL to convert your private and public keys into PKCS#12 format:
    Code:
    openssl pkcs12 -in cacert.pem -inkey private/cakey.pem -export -out cacert.p12 -name personalCA
    Then use a tool which can convert from PKCS#12 to Java's own keytool format like Jetty. You have not to install it, just decompress, change the current directory to its main folder and start the tool we need:
    Code:
    java -classpath lib/org.mortbay.jetty.jar org.mortbay.util.PKCS12Import cacert.p12 cacert.sks
    Then import this SKS file with the import key pair option of Java's keytool and you keep your good old CA (Thanks).

    For Nokia Series 40 and self signed certificates I tried a WPKI hashed certificate. It is easier to convert a X.509 to WPKI than WTLS (1, 2). Put it on your webpage with MIME type application/vnd.wap.hashed-certificate and download it with the internal browser. Then go to Nokia Series 40 > Menu > Services > Settings > Security Settings > Authority certificates > Certificate list > your certificate > Options > Select use > Application signing. This setting appears on Nokia Series 40 developer Platform 2.0 (MIDP 2.0) or higher only. Here with my Nokia 6230 (Firmware: 04.28) this options is grey and not active. So it works not. A self signed MIDlet which works on my Nokia 6680 is rejected because of a non valid certificate. Would be great if someone could test with a newer Nokia Series 40 like 3rd Edition. Nokia 6230i and 6822 are reported not to support X.509 DER format certificates either.
    Last edited by traud; 2006-03-23 at 19:56.

  5. #20
    Registered User
    Join Date
    Jun 2005
    Posts
    14

    Re: Success story: Signed midlet & 6600 (4.09.1)

    no success while uploading the certificate to my 6230i
    i tried the above "keytool" procedure to create the appropropriate certificate and set up the mime type within apache...
    but downloading the certificate with 6230i gives me the following error:
    "Zertifikat von Zertifizierungststelle fehlerhaft" or in english "wrong certificate from CA"!
    i don't know whats going wrong?!? any hints?

  6. #21
    Registered User
    Join Date
    Sep 2005
    Posts
    10

    Re: Success story: Signed midlet & 6600 (4.09.1)

    Hi tried to install my application which used SIP but not done

    Initiallt it was giving authorisation failed so i signed midlet from the emulator's utilities option.

    now its not giving any error but its not installing it completely. its stops just before complete installation without any error message

    can you please tell me the reason and solution for this?

  7. #22
    Regular Contributor
    Join Date
    Sep 2005
    Posts
    138

    Re: Success story: Signed midlet & 6600 (4.09.1)

    I follow the steps of jon doe, and i can successfuly install my app, but when i try to acces to the file system, o to the camera...




  8. #23
    Registered User
    Join Date
    Feb 2005
    Location
    Stockholm
    Posts
    10

    Angry Re: Check your sertificates trust settings

    Quote Originally Posted by random_john_doe
    Hello,

    I was unable to get any "Authorisation failed" error message (no matter how hard I tried). Instead I was able to get "Installation security error. Unable to install" (or similar...dialog wasn't visible long enough to learn it by heart) _if_ sertificate that I had used to sign a midlet was not marked as "Application install sertificate". Tools -> Settings -> Security -> Certif. Management -> [my selfsigned sertificate] -> options -> Trust settings -> App. installation -> [change to yes].
    I had the same problem when installing a midlet on a 6630. I downloaded ok, but when the installation was nearly finished it said "Security error, installation failed" (or something like that). I use a Thawte Premium Server CA certificate, and looked it up as you said. The settings for installation of java-programs were "No". I changed to "Yes", and restarted the application.

    It now installs correctly. BUT.

    Is this how it is supposed to be? This is so stupid it is unbelievable! You can never ever get the mainstream end-user to go through all those steps just to install an application. Therefore, you have to make special versions without any certificates for all phones which have this stupid setting (which are all series 60?), since their installation will fail if it is certified.

    This all works all right with SE phones anyway, otherwise the 200$ spent on the certificate had been a complete waste.

    But why :
    1. Installed root-certificates are not trusted for midlet-installation??
    2. Installation will fail, not just be untrusted, but FAIL, if the trust-setting for the certificate is set to false.

    Please correct me, and tell me it is just a joke...

  9. #24
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    Everything is correct; you bought the wrong certificate. you should buy a code signing and not a SSL/Internet one.

  10. #25
    Registered User
    Join Date
    Feb 2005
    Location
    Stockholm
    Posts
    10

    Re: Success story: Signed midlet & 6600 (4.09.1)

    I did! But when I look at the settings in the 6630, it seems only GeoTrust and one of the verisign certificates are trusted for java-installations, no Thawte code signing certs at all. I thought Thawte was supported by Nokia ?

    Does anybody know, or can point to any official Nokia document outlining what certificates are installed in the different series/devices, and what trust setting these certificates have by default?
    Last edited by holiman; 2005-11-18 at 08:14.

  11. #26
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    There is no such list, at least for non-Forum PRO members. Perhaps they have something like this, I do not know.

  12. #27
    Registered User
    Join Date
    Nov 2005
    Location
    Oregon
    Posts
    40

    Talking Re: Success story: Signed midlet & 6600 (4.09.1)

    Success Story: Signing J2ME app with VeriSign Certificate

    After two days of failure on Nokia 6630 and Motorola ROKR E1, I was finally successful. The issue was that the Nokia tutorial is incorrect and incomplete for using command line tools (ie. keytool) to sign your application. The tutorial can be downloaded at: nokia midlet signing tutorial


    The issue is that the 1-2 key chain entry is not added when signing your JAD using Nokia's JadTool. I do not know how to fix the issue using the JAD tool, and initially the Nokia Developer's Suite Sign Application tool would crash when trying to import a keystore.

    Once I successfully imported the keystore (*.sks file) into the NDS Sign Application, I attempted to sign my JAD and *voila* the MIDlet-Certificate-1-2 attribute was now present and the installation worked as expected!

    I'm supplying a summary of what I did that did not work and resulted in only the MIDlet-Certificate-1-1 attribute being set in the JAD. Perhaps someone more knowledgeable about JadTool could supply the missing command to get the key chain (MIDlet-Certificate-1-2) added also.

    1). Follow tutorial concerning creating key in a keystore using keytool:

    2). Tutorial incorrectly says to use 'keystore' command (which doesn't exist) to generate CSR to submit to CA (e.g. VeriSign). Instead just use keytool and the same params.

    NOTE: Reply certificate from CA *may* be embedded at the bottom or your email.

    3) Follow tutorial to import the reply certificate to the same keystore in which you originally created your key.

    *Caution: somewhere around here is the issue*
    4) Tutorial says to use JadTool to sign your jar. When you do this, it creates the MIDlet-Certificate-1-1 attribute to your jar file (for VeriSign anyway), but does *NOT* add the MIDlet-Certificate-1-2 attribute. The -addjarsig switch for JadTool does not have a way to indicate a keychain, so I'm not sure if it is a bug in JadTool, or I'm missing a command

    5) Tutoral for -addcert step seems to be correct, but addcert does have an argument for indicating the -keynum and the -keychain... so maybe the missing step is to use -addcert again

    Hope this helps and somebody can supply more details for how to use the manual approach, since the Nokia Signing Application seems to be extremely buggy for me

    - Jatal

  13. #28
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105

    Nokia Series 40 3rd Edition

    Finally, supports X.509 certificates, however, it still does not allow self-signed code certificates. Nevertheless, this works in the Nokia 6270 emulator for those who need it for testing purposes.

  14. #29
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    And there are no two levels of 3rd trusted party. Self-signed is the same as 3rd party level. However, do not rely on this feature as it is a bug which might get removed (at least in future Nokia Series 60 Editions).

  15. #30
    Regular Contributor
    Join Date
    Mar 2006
    Location
    South Africa
    Posts
    178

    Re: Success story: Signed midlet & 6600 (4.09.1)

    Just to add my experience to the midlet signing saga, I got it to work on the 6600 with latest firmware version (5.27) and it works (eventually). The only "Authorisation Failed" message I get, as was frequently reported in this thread, was when i did not set the required permissions in the JAD file. If you're trying to sign a midlet for the 6600, follow the steps outlined by random_john_doe in this thread and you should be fine (as long as you've got firmware version at least 4.09.1)

    and one more thing, use the signing feature in netbeans 5.0!!! it removes much of the scope for being an idiot yourself during the signing process

    regards
    Larry101
    Last edited by Larry101; 2006-05-25 at 17:07.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×