Installing an App Signing CA on the N95?

**gagravarr** · 2007-05-14, 22:36

On my old series 60 phone (a 6630), when I'd installed a new certificate authority, the trust settings let me pick if it could be used for internet, app installs or symbian installs.

With my 3rd edition phone, an N95, after I install a new CA, the trust settings only allow me to set it for internet or not. However, other CAs in the list do have the option to be used for app installs, so the option is still there.

Does anyone know how you tell a N95 that a new CA is to be used for application signing, as well as internet connections? Do you have to set some special flags in the certificate when you generate it, or do you have to do something special (with Nokia's help?) to get your certificate authority trusted for application signing on your own phone?

Cheers
Nick

**hartti** · 2007-05-15, 02:04

Installing app signing certificates is not possible on S60 3rd Edition phones.

Hartti

**gagravarr** · 2007-05-15, 10:22

That's really rubbish. I've just spent nearly €1000 on a new Nokia phone (direct from a reseller, no networks involved). Despite that, I'm not allowed to decide that I want to trust someone else to certify the applications to run on my phone?

**hartti** · 2007-05-15, 17:46

This has been specified (in the recommended security policy section) in the MIDP specification.

"Third party Protection Domain Root Certificates downloaded after device manufacture MUST NOT be used for
authentication of MIDlet suites. This does NOT prevent obtaining trusted third party Protection Domain Root
Certificates from the specified location in the SIM, USIM, WIM."

Hartti

**hekkoe** · 2007-06-26, 16:32

So what if it has been specified? It's still a disgrace! Besided it's a recommandation so it seems to me that Nokia is just hiding behind it.

This is *my* phone, and if I write an application *myself* and install it on my phone, I should be able to pick my own security settings, even disable security alltogether if I wish to do so.

Nokia should let me do it, no matter what MIDP specs say.

Now, I have to spend $400 on a Versign certificate, or pay $$$ to have my application verified by Symbian if I want my app to run unrestricted.

We are told it's a security 'feature' but it feels like a sneaky way to control small application developers. Getting a developers certificate from Symbian even requires you to send your IMEI!?

I totally agree with gagravarr, it's completely ridiculous.

**hartti** · 2007-06-27, 20:09

hekkoe,

Thanks for your feedback. I passed these comments to our people working on these issues.

best regards,
Hartti

Discussion Board

Thread: Installing an App Signing CA on the N95?

Thread Tools

Search Thread

Rate This Thread

Display

Similar Threads

Thawte Premium Server CA

code signing for symbian app

broken path when installing app in memory

Error installing midp 1.0 app on 6600

Installing APP to 3530 via OTA

Posting Permissions