Certificates without Windows

[Stanson_ru]

I'm trying to figure out how to build S60 3rd applications under linux.

There are no problems to create SIS files signed with self-signed certificate.
Just one simple perl script and openssl instead of makesis+signsis ( anybody interested? ).

Now, I want developer certificate (not for software, but just for VPN settings).

I take a look at cerificate request generated by DevCertRequest.exe

I read Developer Certificate FAQ, especially at

16. Can I generate a .csr file by other means (e.g. OpenSSL) and submit it for requesting a Developer Certificate?
No. The Developer Certificate Request tool generates the .csr specific to Symbian. The Developer Certificate .csr
includes Symbian specific constraint certificate extensions that are internal and private to Symbian.

But openssl easily can generate any extensions!

I do following:
1. Write openssl.conf:

Code:

[req]
default_bits        = 1024
prompt              = no
default_md          = md5
distinguished_name  = req_dn
req_extensions      = req_ext

[req_dn]
countryName         = RU
stateOrProvinceName = NA
localityName        = Moscow
organizationName    = Stanson
commonName          = Stanson

[req_ext]
# This is IMEI ( bytes 5-19 )
1.2.826.0.1.1796587.1.1.1.1 = critical, DER:30:11:0C:0F:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
# This is capabilities ( bytes 4-11 )
1.2.826.0.1.1796587.1.1.1.6 = critical, DER:03:09:00:2D:8F:F0:00:00:00:00:00

where XX - my phone IMEI string as HEX ASCII codes. ( 30:31:32:33:34... for 01234... )
2. Then run

Code:

openssl genrsa -out private.key 1024
openssl req -new -config openssl.conf -out request.csr -key private.key

And get nearly same certificate request as generated by DevCertRequest.exe with completely same extensions.

I used
openssl asn1parse -in request.csr
to compare certificate requests in deep.

Differences between requests are:
1. strings in original request are IA5STRING, in openssl request strings are PRINTABLESTRING for distinguished name data.
2. version in original request is 3, in openssl request version is 0

This is the only differences between certificate requests.

Unfortunately, certificate request signing does not work now ( http://developer.symbian.com/forum/t...threadID=20791 ) , and I can't check if openssl generated certificate request is good for signing by symbiansigned.com

As far, as I understand, openssl request must be acceptable for signing, as "native" request. So, I have to check it on symbiansigned.com when it will be up again.

Any ideas?

[storsjo]

Hi,

I independently developed roughly the same procedure yesterday (don't know why I didn't try to google about it before trying).

Certificate requests generated this way seem to work fine.

// Martin

[Stanson_ru]

Now, symbiansigned.com seems working. So, I test it. And yes, OpenSSL generated requests works. I checked it few minutes ago.

So, Developer Certificate FAQ question 2.16 have wrong answer.

You can create a private key and certificate request files using OpenSSL.

At least the result is:
You don't need Windows or Wine to get Symbian 9.1 Nokia VPN client working.

Really, it seems that we need only elf2e32 platform-independent tool to get minimalistic platform-independent toolchain working.

Certificate can be obtained using OpenSSL.
Compiler, linker and binutils is "GNU Toolchain for ARM Processors" from CodeSourcery
SIS file can be created using perl or python scripts
Only tool for creating Symbian executables from GCC output binaries is still Windows-only

[storsjo]

Really, it seems that we need only elf2e32 platform-independent tool to get minimalistic platform-independent toolchain working.

Certificate can be obtained using OpenSSL.
Compiler, linker and binutils is "GNU Toolchain for ARM Processors" from CodeSourcery
SIS file can be created using perl or python scripts
Only tool for creating Symbian executables from GCC output binaries is still Windows-only

Roughly, yes. Ensymble (http://www.nbl.fi/~nbl928/ensymble.html) has some tools for working with e32 images, perhaps this would be useful as a base for an elf2e32-tool?

In addition to that, in order to have a complete toolchain, the opensource rcomp would needs some updates, I think, and one also would need a mifconv replacement.

// Martin

[storsjo]

Really, it seems that we need only elf2e32 platform-independent tool to get minimalistic platform-independent toolchain working.

Certificate can be obtained using OpenSSL.
Compiler, linker and binutils is "GNU Toolchain for ARM Processors" from CodeSourcery
SIS file can be created using perl or python scripts
Only tool for creating Symbian executables from GCC output binaries is still Windows-only

I've created some kind of elf2e32 replacement now, which is available in my gnupoc package at http://www.martin.st/symbian/. It still lacks deflate compression support, but seems to work quite well otherwise.

The package also includes a mifconv replacement, and an updated opensource rcomp, which handles the new things in resources on Symbian 9.

// Martin