I'm trying to figure out how to build S60 3rd applications under linux.
There are no problems to create SIS files signed with self-signed certificate.
Just one simple perl script and openssl instead of makesis+signsis ( anybody interested? ).
Now, I want developer certificate (not for software, but just for VPN settings).
I take a look at cerificate request generated by DevCertRequest.exe
I read Developer Certificate FAQ, especially at
But openssl easily can generate any extensions!
16. Can I generate a .csr file by other means (e.g. OpenSSL) and submit it for requesting a Developer Certificate?
No. The Developer Certificate Request tool generates the .csr specific to Symbian. The Developer Certificate .csr
includes Symbian specific constraint certificate extensions that are internal and private to Symbian.
I do following:
1. Write openssl.conf:
where XX - my phone IMEI string as HEX ASCII codes. ( 30:31:32:33:34... for 01234... )
default_bits = 1024
prompt = no
default_md = md5
distinguished_name = req_dn
req_extensions = req_ext
countryName = RU
stateOrProvinceName = NA
localityName = Moscow
organizationName = Stanson
commonName = Stanson
# This is IMEI ( bytes 5-19 )
1.2.8126.96.36.19965188.8.131.52.1 = critical, DER:30:11:0C:0F:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
# This is capabilities ( bytes 4-11 )
1.2.8184.108.40.20665220.127.116.11.6 = critical, DER:03:09:00:2D:8F:F0:00:00:00:00:00
2. Then run
And get nearly same certificate request as generated by DevCertRequest.exe with completely same extensions.
openssl genrsa -out private.key 1024
openssl req -new -config openssl.conf -out request.csr -key private.key
openssl asn1parse -in request.csr
to compare certificate requests in deep.
Differences between requests are:
1. strings in original request are IA5STRING, in openssl request strings are PRINTABLESTRING for distinguished name data.
2. version in original request is 3, in openssl request version is 0
This is the only differences between certificate requests.
Unfortunately, certificate request signing does not work now ( http://developer.symbian.com/forum/t...threadID=20791 ) , and I can't check if openssl generated certificate request is good for signing by symbiansigned.com
As far, as I understand, openssl request must be acceptable for signing, as "native" request. So, I have to check it on symbiansigned.com when it will be up again.