×

Discussion Board

Results 1 to 15 of 15
  1. #1
    Registered User
    Join Date
    Jul 2005
    Posts
    14

    "No valid certificate" error when installing signed app

    I am getting a "No Valid Certificate" error on my Nokia 6101 (S40 DP2) when trying to install an app signed by Verisign, and the install fails. I need to sign the app to access PIM functions, otherwise I get a SecurityException. I assume this means that it can't trace my cert back to the root cert. But there are a couple Verisign Class 3 root certs on the phone.

    My jad file has these entries (I've truncated the lines):

    MIDlet-Certificate-1-1: MIIE4DCCA8igAwIBAgIQL8lZMgod9gFoS7NTpQs2MTANBg
    MIDlet-Certificate-1-2: MIIEvzCCBCigAwIBAgIQQZGhWjl4389JZWY4HUx1wjANBg
    MIDlet-Jar-RSA-SHA1: STEqCVys4O49abTBLdP/AFU4WhgyWdT1OLffwt4+44nfMcoGq

  2. #2
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    If you click Options on the Nokia, you see which one is for code signing. Then compare the fingerprints with your's root certificate. Should we do this for you out of that hash dump?

  3. #3
    Registered User
    Join Date
    Jul 2005
    Posts
    14

    Re: "No valid certificate" error when installing signed app

    There are four Verisign Certificates on my phone used for code signing:

    Class 3 Public Primary Certification Authority - G2; Verisign
    Fingerprint: 85:37:....

    Class 3 Public Primary Certification Authority; Verisign
    Fingerprint: 74:2C:...

    Verisign Class 3 Public Primary Certification Authority - G3
    Fingerprint: 13:2D:...

    VeriSign Class 3 code signing 2001; Class 3 Public Primary Certification Authority
    Fingerprint: 2C:07:...

    And my app is signed with the following certificate:

    Issuer: CN=VeriSign Class 3 Code Signing 2004 CA

    Certificate fingerprints:
    MD5:
    8b:3e:cf:68:7b:1f:73:8e:78:b1:94:1b:94:37:1d:52
    SHA:
    ee:1b:d0:cf:ac:ef:3b:81:6a:3c:52:d2:ac:b1:59:09:23:71:7d:1a

    This doesn't match any of the above. Does this mean I don't have the right certificate on my phone?
    Last edited by molim; 2006-01-07 at 01:00. Reason: remove long lines to improve formatting

  4. #4
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    Four Verisign code signing certificates? Are you sure? In the phone click the Options tab on each certificate and check if code siging is activated.

    Your MANIFEST implies you have a certificate chain because there a two MIDlet-Certificate fields. This means there is at least one intermediate certificate. You have checked the root certificate of yours?

    I would say you bought the wrong certificate because it is not possible to install own root certificates for Java code siging (normally – only the Nokia Series 60 Edition 2 and 3 allows this).

    If you are sure you bought the right one, ask Verisign what is up.

  5. #5
    Registered User
    Join Date
    Jul 2005
    Posts
    14
    aaaaaaaaaa
    Last edited by molim; 2006-01-07 at 00:59. Reason: removed post because long lines caused poor formatting

  6. #6
    Registered User
    Join Date
    Jul 2005
    Posts
    14

    Re: "No valid certificate" error when installing signed app

    Yes, there are 4 Verisign code signing certs are on the 6101. They all have an 'X' by "App. Signing", which I assume is the same as code signing. I listed their names in my previous post.

    Today I got my app to run in the OTA simulation in Sun WTK 2.3 which allows you to add and delete root certificates (Utilities -> Manage Certificates). I verified that the app would not load if the Verisign certificate was deleted (Class 3 Public Primary Certification Authority). Also, I got it to run in NDS using the Nokia Prototype SDKs 2, 3, and 4, using the "Real Life" option in the SDK preferences, which is supposed to simulate a real download/code authentication. Therefore, I think that the code signing is correct. However, it will not run using the Nokia_S40_DP20_SDK_6230i. It gives the same error "No valid certificate" as I get when I run it on the actual phone (6101). Therefore, I suspect some problem or incompatibility with the 6101 and 6230i.

    If anyone knows of a way to add a root certificate to the 6230i emulator, or to view/edit the root certificates in the Nokia Prototype SDKs, please let me know. That would help with my investigation.

    And if anyone was able to get their signed app to load on a S40 DP2 (or DP3) phone, please let me know the signer and the phone model.

    In fact the error I'm getting can be reproduced in the NDS using just the jad file and the 6230i emulator (uncheck "Overrule default handset behavior" under preferences, no jar file necessary):

    MIDlet-Name: MR
    MIDlet-Version: 1.0
    MIDlet-Vendor: IW
    MicroEdition-Profile: MIDP-2.0
    MicroEdition-Configuration: CLDC-1.1
    MIDlet-Jar-URL: MR.jar
    MIDlet-Jar-Size: 49590
    MIDlet-Permissions: javax.microedition.pim.ContactList.read, javax.microedition.pim.ContactList.write
    MIDlet-1: MR, ,MR
    [ see post above for missing lines ]

    Any help is greatly appreciated. :-)

    Thanks,
    Matt
    Last edited by molim; 2006-01-05 at 05:48. Reason: fix formatting of previous post

  7. #7
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    All you have to do is to compare fingerprints of your root certificate. If they do not match, than you have bought or got a certificate for a different certificate root chain. I cannot do that for you, because I have no Nokia 6101 and my only Series 40 Edition 2 device (a Nokia 6230) is in repair.

    They do not match, you say – well than you have the answer. By the way I would not go for MIDlet-Permissions. Use MIDlet-Permissions-Opt instead. Solved a lot of issues here.

    What are your JAD and MANIFEST look like? Did not understand that.
    MANIFEST only:
    – MIDlet-Permissions…
    JAD only:
    – MIDlet-Certificate…
    – MIDlet-Jar-RSA-SHA1
    Never ever duplicate them in both. This is waste of bandwidth and wrong.

    You should be able to add a root certificate, if you start the emulator and go to it's browser. From there access your root certificate which will be installed into the certificate list. Go into the certificate list and activate it for code siging. I have tested this successfully with Nokia Series 40 Edition 3 SDK. I have not tested it with Nokia Series 40 Edition 2 SDK. I have not tested it with a real Nokia Series 40 Edition 3 phone. My tests with a real Nokia Series Edition 2 phone failed because the application code signing tick box stayed grey and is not activeable.

    Next time go for an Entrust certificate…

  8. #8
    Registered User
    Join Date
    Jul 2005
    Posts
    14

    Re: "No valid certificate" error when installing signed app

    Thanks for your help with this.

    I'm not sure I understand what you are saying about comparing the fingerprint of my root certificate. Compare it with what? There are 3 certificates in the chain, each of which has its own fingerprint:

    1. Root certificate (on phone) - Class 3 Public Primary Certification Authority (Verisign)
    2. Intermediate certificate (in JAD) - Class 3 Public Primary Certification Authority (Verisign) -> VeriSign Class 3 Code Signing 2004 CA
    3. My Certificate (in JAD) - VeriSign Class 3 Code Signing 2004 CA -> My Company

    This completes the certificate chain. Each certificate has its own fingerprint. The first one is on the phone, and the second two are given to me by Verisign. I may be wrong here, but I think what matters is the *name* on the certificate, not the fingerprint, when matching the links in the chain. So, the fingerprints are not supposed to match. Because the names match, this would be a valid chain.

    I'm using the Manifest and jad file as created by the Sun WTK 2.3b and/or the Nokia Developer's Suite v3. Yes there is some duplicated info but I don't want to muck around with that. I'd rather have the tool create it for me. However, both certificates and the jar signature are all in the JAD file, not in the manifest.

    I was unable to view the root certificate list in the Prototype_3_0_S40_128x160_MIDP_Emulator. The emulaotr runs only my application, and does not run any other programs. In fact, when I exit my app, it just starts it right back up again. I started up the emulator in the NDS. Is there another way to start up the emulator that allows you to use the browser? Or are we referring to 2 different emulators?

    Thanks,
    Matt

  9. #9
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    Yes, the name has to match but the fingerprints of the root on your computer must match the fingerprint on your phone. The question is, was your intermediate certificate created against the same root. Is the root on your computer the same root as on the phone. This is step one – coming out from your first post.

    I used these SDKs – the 3rd Edition was tested by me with this. The Nokia 6255 Edition – which is very near to your model, lacks a browser. I guess you used the Prototype SDK. Even the Prototype SDKs should be startable from the Windows Start menu – it was this way in the past although I have not checked recently. I go for the individuals normally.

    Have you tested the MIDlet without the JAD (=unsigned)? Does this install? Have you tried with opted permissions?

  10. #10
    Registered User
    Join Date
    Jul 2005
    Posts
    14

    Re: "No valid certificate" error when installing signed app

    OK, I see. I imported the certificate into Internet Explorer (Tools -> Options -> Content -> Certificates), and it recognized the certificate chain, and linked back to the same certificate (with same fingerprint) as is on my phone. Therefore, I think the certification chain is correct.

    I tried with permissions-opt, without a signature (installs fine), and still got a SecurityException when trying to access PIM. If signed, I still get "No valid certificate" when attempting to install.

    I'm not sure what you mean by installing without a JAD, but the app installs fine without a signed JAD. It just gives the SecurityException.

    I ordered a certificate from Thawte (they also have a code signing root cert on the 6101). They told me they have a 30 day return policy, and they are much cheaper than Verisign. So I thought it was worth a shot. Entrust does not sell code signing certificates.

    Thanks for the link to the 3rd Edition SDK. I did not see this before. Yes, I was using the prototype.

    Well I will post if I make any progress on this. I appreciate your help!

  11. #11
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    I meant GeoTrust. Stupid of me.

  12. #12
    Registered User
    Join Date
    Apr 2013
    Posts
    1

    Re: "No valid certificate" error when installing signed app

    no valid certificate occur while downloading

  13. #13
    Super Contributor
    Join Date
    Nov 2003
    Location
    Bangalore , India
    Posts
    4,429

    Re: "No valid certificate" error when installing signed app

    Quote Originally Posted by ashish@nokia.com View Post
    no valid certificate occur while downloading
    Hi ashish! Welcome to Nokia Developer Discussion Boards!!

    Are you a software Developer or an end user ? Please note this discussion board is only for mobile App development related issues. If you are a developer, please explain your issue, so that we can better support you.

    Regards
    Gopal
    Twitter : @balagopalks
    Linkedin : @balagopalks

  14. #14
    Registered User
    Join Date
    Jun 2013
    Posts
    1

    Re: "No valid certificate" error when installing signed app

    Hello all,

    I have same issue, i am getting same error ("invalid certificate please contact service provider ")on my nokia E71 when i am trying to install application signed by verisign. I signed my jad file with following
    http://www.codeproject.com/Articles/...-a-J2ME-Midlet.

    Do we need to install certificate into mobile? If yes than how can we do that? right now i am just transfering jad and jar file to device via USB.

    Please help me on this thanks in advance

  15. #15
    Nokia Developer Champion
    Join Date
    Feb 2009
    Location
    Noida, India
    Posts
    3,087

    Re: "No valid certificate" error when installing signed app

    right now i am just transfering jad and jar file to device via USB.
    Try OTA download via JAD file URL.

    Also go thu - certificate/signing related FAQ type Q&A - at
    http://developer.nokia.com/Community...before-posting
    thanks,
    ~Amitabh
    (Champion of the Month -Aug'13)
    Follow me on my blog for Innovative Mobile Apps

Similar Threads

  1. "No valid certificate" error when installing signed app
    By molim in forum Mobile Java Tools & SDKs
    Replies: 0
    Last Post: 2005-12-31, 20:53
  2. Installing signed application
    By hrdonka in forum Mobile Java General
    Replies: 4
    Last Post: 2005-10-19, 07:22
  3. "Memory full" on installing app on 3650
    By Stengun in forum Mobile Java General
    Replies: 0
    Last Post: 2004-04-26, 23:46
  4. broken path when installing app in memory
    By evanyzer in forum Symbian
    Replies: 4
    Last Post: 2004-02-13, 03:21
  5. error installing app on 6100
    By kenlmf in forum Mobile Java General
    Replies: 0
    Last Post: 2003-04-09, 04:55

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×