Signing problem

[patrickfrei]

Hello!!

I've developed an application that uses capabilities as e.g. Location, ReadUserDate, etc. I offer this application on my website for developers for self-signing until I recieve the official Symbian signed version.

Now someone told me that he can't sign the application: "Unable to install. Constrained by the certificate."

Now my question: If I've compiled my application (SIS-file) with my own developer certificate, will it be possible for someone else to sign it again with his own develper certificate (kind of "double-signing")?? Or do I have to provide a version that is not signed?

What do you think about that issue?

[Ais]

It is possible to "double-sign" a sis.

Check the second post here: http://discussion.forum.nokia.com/fo...ad.php?t=83329

[symbianyucca]

Not sure if the post already explained some important issues with double-signing..

Basically OS 9.1 devices (i.e N73, N80 etc.) only care about the latest certificate, and if it is found valid, the sis file can be installed.

Then again OS 9.2 (i.e. N76, N95 etc.) devices actually check all of the certificates, and only is all of teh certificates are found valid the sis file can be installed, thus you actually can not do double certification on this case, since your developer certificate will not allow it to be installed into other OS 9.2 devices.

yucca

[wizard_hu_]

Or do I have to provide a version that is not signed?

What do you think about that issue?

I think that it is not relevant, since signsis -u can remove the signature.

[Ais]

Not sure if the post already explained some important issues with double-signing..

yucca

It's true I only tested this on OS 9.2 (uiq though). I double signed the sis, first with a valid dev cert and then with another cert (which is not valid) and it worked.