×

Discussion Board

Page 1 of 3 123 LastLast
Results 1 to 15 of 38

Hybrid View

  1. #1
    Registered User
    Join Date
    Dec 2003
    Posts
    14

    Success story: Signed midlet & 6600 (4.09.1)

    Hello,

    After spending some agonizing hours in a world of x509 & al. (i.e. including but not limited to trying to generate e.g. correct root CA and codesigning certificates with the help of a openssl etc.) the solution turned out to be quite simple and obvious.

    So...in order to get midlet a) signed and b) work correctly in 6600 (4.09.1) (as a trusted third party software) one might want to do this:

    1) Create a RSA key with keytool like:
    keytool -genkey -keyalg RSA .....
    2) Self certificate the key:
    keytool -selfcert .....
    3) Export self certified key:
    keytool -export -file some.cer .....
    4) Send this some.cer to 6600 via e.g. bluetooth, save it and adjust trust settings
    5) Use Sun's WTK...File --> Utilities --> Sign Midlet --> Import Key Pair...(from a keystore where you had just put your newly created certificate)
    6) Sign your midlet with this certificate and download it via OTA to 6600 or send it via bluetooth (remember to send both jad and jar).

    Summasummarum...after these operations user can give a permission for a midlet to use e.g. PushRegistry alarms so that firmware doesn't always request confirmation from an end user.

  2. #2
    Registered User
    Join Date
    Dec 2003
    Location
    Düsseldorf, Germany
    Posts
    15

    Get the same error as before

    Hi,

    I spend hours on this dodgy problem without the final success.

    I can make a CA authority, requests, key pairs etc. and I can install the certificate. But when I try to install the signed MIDlet on the 6600 there is alway a security error: Cannot find the root certificate (translated from german)

    I tried your way, too but I got the same error.

    What the hell is wrong here?`

    Thanks.

    www.bluetoothflirt.de
    Last edited by schnejan; 2004-04-27 at 16:55.

  3. #3
    Registered User
    Join Date
    Dec 2003
    Location
    Düsseldorf, Germany
    Posts
    15

    Seem to be a problem of the firmware

    Now I had success after updating on the new firmware 4.09.1.

  4. #4
    Registered User
    Join Date
    Nov 2005
    Posts
    158

    Re: Seem to be a problem of the firmware

    Quote Originally Posted by schnejan View Post
    Now I had success after updating on the new firmware 4.09.1.
    Hi,

    Could you tell us the steps to update the firmware of 6600.

    Regars,
    Nagendra

  5. #5
    Super Contributor
    Join Date
    Mar 2003
    Location
    Finland
    Posts
    9,561

    Re: Seem to be a problem of the firmware

    If it is the original 6600, send or take it to your nearest Nokia authorized repair/service center: http://www.nokia.com/repair

    If it is the new 6600 Fold or 6600 Slide, then try Nokia Software Updater (NSU): http://www.nokia.com/softwareupdate

  6. #6
    Registered User
    Join Date
    Apr 2004
    Posts
    7

    I coud not get it work!

    Hi,
    I have the last firmware on my 6600,
    and I tried following You instruction but I always get the authorization error.

    I don't know if I'm wrong with keytool commands.
    I try following Your instruction but I always get a signed error exception (cannot recover the key) from the WTK2.1.

    Please coud You help me?

  7. #7
    Registered User
    Join Date
    May 2004
    Posts
    34
    I have a code signing certificate from a CA, but after I sign my midlet with it, and try to install it, I get an security error.

    Could you please tell me why?

    Thank you.

  8. #8
    Registered User
    Join Date
    Apr 2004
    Posts
    7
    Hi,
    I try to answer:

    1) check Your FW release: must be 4.09.1 or later

    2) if You use Your own "precompiled" library ("mylib.zip" inside the "lib" project folder) maybe You cannot get the authorization for the installation: check this just removing You library.

    I hope this help You.

  9. #9
    Registered User
    Join Date
    Nov 2005
    Posts
    158

    Re: Success story: Signed midlet & 6600 (4.09.1)

    Quote Originally Posted by daniele.pinto
    Hi,
    I try to answer:

    1) check Your FW release: must be 4.09.1 or later

    2) if You use Your own "precompiled" library ("mylib.zip" inside the "lib" project folder) maybe You cannot get the authorization for the installation: check this just removing You library.

    I hope this help You.
    Could explain the second point.. where to look for mylib.zip etc..

    Also for guy's who does not how to check the FW on you phone.. type *#0000# as phone number.

    Regards,
    Nagendra
    C.T.O
    www.tejasoft.com

  10. #10
    Registered User
    Join Date
    May 2004
    Posts
    34
    Yes, I check it is 4.0.91.

    No, I don't have any library.

    Could you please tell me how to get a signed mildet to work on Nokia 6600 phone?

    Do you use a code signing certificate from a CA?
    Or you use a self certificate created by yourself like the steps listed above.

    Thanks in advance for your help.

  11. #11
    Registered User
    Join Date
    Apr 2004
    Posts
    7
    Hi,
    I've installed a midlet without sign it.
    This midlet use PushRegistry and WMA.
    It's work right!!

    Once I'll solve some problems with the library I use, I'll install also the MIDLet signed using the steps described on top of this thead.

    Please, let me know if You have success.

  12. #12
    Registered User
    Join Date
    May 2004
    Posts
    34
    I get a certificate from a CA, but when I use that to sign my midlet, that does not work. I got security exception.

  13. #13
    Registered User
    Join Date
    Nov 2003
    Posts
    8

    More details?

    Hi,

    Seems like only random_john_doe and schnejan got this thing working with their own certificate's (or at all). Could you guys describe your process in more detail?
    I also tried creating certificate and signing with 6600 (4.09.1), but got only "Authorisation failed" message while installing.

  14. #14
    Registered User
    Join Date
    Dec 2003
    Posts
    14

    Check your sertificates trust settings

    Hello,

    I was unable to get any "Authorisation failed" error message (no matter how hard I tried). Instead I was able to get "Installation security error. Unable to install" (or similar...dialog wasn't visible long enough to learn it by heart) _if_ sertificate that I had used to sign a midlet was not marked as "Application install sertificate". Tools -> Settings -> Security -> Certif. Management -> [my selfsigned sertificate] -> options -> Trust settings -> App. installation -> [change to yes].

    I don't know how I could describe "process" in more detail without takin actual screenshots or command prompt log.

  15. #15
    Registered User
    Join Date
    Feb 2005
    Location
    Stockholm
    Posts
    10

    Angry Re: Check your sertificates trust settings

    Quote Originally Posted by random_john_doe
    Hello,

    I was unable to get any "Authorisation failed" error message (no matter how hard I tried). Instead I was able to get "Installation security error. Unable to install" (or similar...dialog wasn't visible long enough to learn it by heart) _if_ sertificate that I had used to sign a midlet was not marked as "Application install sertificate". Tools -> Settings -> Security -> Certif. Management -> [my selfsigned sertificate] -> options -> Trust settings -> App. installation -> [change to yes].
    I had the same problem when installing a midlet on a 6630. I downloaded ok, but when the installation was nearly finished it said "Security error, installation failed" (or something like that). I use a Thawte Premium Server CA certificate, and looked it up as you said. The settings for installation of java-programs were "No". I changed to "Yes", and restarted the application.

    It now installs correctly. BUT.

    Is this how it is supposed to be? This is so stupid it is unbelievable! You can never ever get the mainstream end-user to go through all those steps just to install an application. Therefore, you have to make special versions without any certificates for all phones which have this stupid setting (which are all series 60?), since their installation will fail if it is certified.

    This all works all right with SE phones anyway, otherwise the 200$ spent on the certificate had been a complete waste.

    But why :
    1. Installed root-certificates are not trusted for midlet-installation??
    2. Installation will fail, not just be untrusted, but FAIL, if the trust-setting for the certificate is set to false.

    Please correct me, and tell me it is just a joke...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×