Unable to install a Midlet signed with a thawte Certificate

[nzeyi2008]

I am developing a J2ME application that access Messaging ,Network and PIM information so my Modlet needs to be signed before I deploy it to the users.
I purchased a Code Singing Certificate from Thawte saying that it is supported on many J2ME handsets.I signed my Midlet with that certificate using j2se the JadTool provided with the JadTool of the current Sun WTK .When I am trying to install the signed Midlet on my N72 , it shows the certificate is issued from Thawte for our Company (Pivot Access),and then after it says "Unable to verify the certificate , installation failed".This really sucks since I bought the certificate for 300 USD .I verified that my phone has a Thawte root certificate, so I don't know what is wrong with this signing.My application normally works with a development certificate on Motorola Handsets and the unsigned version is installed well.

Could any one help me ?
Thanks in advance !

This is a copy of my jad file:

MIDlet-1: Pmobile,rw/pivot/mobile/img/pivotLogo.jpg,rw.pivot.mobile.lcdui.Pmobile
MIDlet-Certificate-1-1: MIIDPDCCAqWgAwIBAgIQTRcOCMlRc8...
MIDlet-Certificate-1-2: MIIDTjCCAregAwIBAgIBCjANBgkqhkiG9w0BAQUFADCBzjE...
MIDlet-Certificate-1-3: MIIDJzCCApCgAwIBAgIBATANBgkqhkiG...
MIDlet-Description: This application purchase ELECTROGAZ prepaid Electricity through Pivot Access System , Developper: Nzeyimana Antoine
MIDlet-Icon: rw/pivot/mobile/img/pivotLogo.jpg
MIDlet-Info-URL: http://mobile.pivotaccess.com
MIDlet-Jar-RSA-SHA1: Y4mfvv+gmCLEURU4+oa42ZdMrwS9...
MIDlet-Jar-Size: 58855
MIDlet-Jar-URL: Pmobile.jar
MIDlet-Name: Pmobile
MIDlet-Permissions: javax.microedition.io.Connector.file.read,javax.microedition.io.Connector.file.write,
javax.microedition.io.Connector.http,javax.microedition.io.Connector.https,javax.microedition.io.Connector.sms,
javax.wireless.messaging.mms.send,javax.microedition.pim.ContactList.read
MIDlet-Vendor: Pivot Access
MIDlet-Version: 1.0
MicroEdition-Configuration: CLDC-1.1
MicroEdition-Profile: MIDP-2.0


and here is a list of my keystore chains:


C:\>keytool -list -keystore pivot -v
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: pivotaccess
Creation date: Dec 5, 2008
Entry type: PrivateKeyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=PIVOT ACCESS, OU=MOBILE SOFTWARE DEVELOPMENT UNIT, O=PIVOT ACCESS, L=KIGALI, ST=KIGALI, C=RW
Issuer: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
Serial number: 4d170e08c95173c406f3583970de136f
Valid from: Thu Dec 04 02:00:00 CAT 2008 until: Sat Nov 28 01:59:59 CAT 2009
Certificate fingerprints:
MD5: ED:89:91:86:BE:80:C6:76:85:36:6E:A8:ED:B8:E1:F2
SHA1: C2:BE:70:2A:E1:08:29:40:101:3A:870:63:0F:957:90:A0F
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]

#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]

#3: ObjectId: 2.5.29.4 Criticality=false

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl]
]]

#5: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
codeSigning
1.3.6.1.4.1.311.2.1.22
]

#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
Object Signing
]

Certificate[2]:
Owner: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Serial number: a
Valid from: Wed Aug 06 02:00:00 CAT 2003 until: Tue Aug 06 01:59:59 CAT 2013
Certificate fingerprints:
MD5: D4:A7:BF:00:7B:6A:0C:209:23:CD:5B:60:7B:7C:12
SHA1: A7:06:BA:1E:CA:B6:A2:AB:18:69:9F:C07D:8C:7D:E3:6F:29:0F
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]

#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
]]

#4: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
codeSigning
]

#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=PrivateLabel2-144
]

Certificate[3]:
Owner: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Serial number: 1
Valid from: Thu Aug 01 02:00:00 CAT 1996 until: Fri Jan 01 01:59:59 CAT 2021
Certificate fingerprints:
MD5: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
SHA1: 62:7F:8D:78:27:65:63:992:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
Signature algorithm name: MD5withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]



*******************************************
*******************************************

Help please !

[hartti]

Make sure that the settings in the application manager allows installation of all applications (not only signed ones) and that the online certificate check is off.

Hartti

[naveen_kovuri]

Hi all,

Any update on this issue, as i was able to install on Sony devices but on Nokia i did all combination as mentioned but still couldn't able to install it.

[hartti]

What do you mean with "all combination"?

Is the phone a generic Nokia phone or branded for some operator? If branded, for which operator?
Can you install the unsigned version of the MIDlet?
Does the Thawte certificate on the phone include application signing as accepted use?
Is the online certificate checking off?
Have you tried without the MIDlet certificate 1-3 line in the JAD file?

Hartti