Unlock MIDlet: Incorrect SSL server certificate

[Alex_Polt]

Just tried today to unlock Nokia 6212 and got the following error: Incorect SSL server certeficate.
Could it be that Nokia server certificate has expired or is it something else.

[dertew]

I also encountered this problem recently. First few attempts to unlock was failed but with Errors likes Service Denied, HTTP Post Failed but finally I was stuck with this error permanently.
Any one have any solution to this?
Please advise Thanks.

[traud]

I did not try, but what happens if you change the date/time setting to 2009?

[minisystem]

That doesn't help - Nokia has changed server SSL certificate and Unlock midlet contains specific certificate it expects from server.

[minisystem]

OK, solved by editing expected certificate info...

[snic]

I'm having the same problem...what did you change...something inside the system.properties file in the midlet?

[minisystem]

No, I just edited directly the condition in the class file.

[limcy]

@minisystem: Do you mind sharing the details on how to do so? Which class exactly that you modify? Do you use java decompiler? Thanks...

[minisystem]

Constant #380 in p.class, directly with class editor (decompiler doesn't work).

[limcy]

@minisystem: Thanks for the lead. CMIIW: If you change that, you'll need to also re-sign the jar, right? Mind sharing the values you assigned to the constant? Any modifications on the certificate in the jad?

[minisystem]

Yes, I've re-signed the jar (with my own certificate). I'm not sure if it's necessary, but I suppose it is (to access SE).
You don't need to change .jad, that value isn't used. I've changed the constant to

Code:

C=US;O=VeriSign, Inc.;OU=VeriSign Trust Network;OU=Terms of use at https://www.verisign.com/rpa (c)10;CN=VeriSign Class 3 International Server CA - G3

I hope this answers all questions you might have.

[limcy]

@minisystem: I've changed the variable to the value you provided. I put the modified class file back into the .jar file. Copy the .jar file to the phone. Then tried to run it on the phone. It gave me a 'No Card Connection' error.

If I also copy the .jad file (with the MIDlet-Jar-Size parameter adjusted according to the size of the .jar) then a 'Certificate is not on the Phone or SIM'.
Then, I tried to remove the MIDlet-Jar-RSA-SHA1 and MIDlet-Certificate-1-1 lines in the .jad file, I got the 'No Card Connection' error once again.
Looking at such behavior, it seems that the certificate in the .jad file matters. It is strange that you're able to run the application without .jad file involvement.
Are you running the application on Nokia 6131 or different phone? Mine is 6131. Anyhow, if it is not too much, I'm wondering if you're willing to share your modified
.jad and .jar files? (I will send you my email address) Thanks.

Yes, I've re-signed the jar (with my own certificate). I'm not sure if it's necessary, but I suppose it is (to access SE).
You don't need to change .jad, that value isn't used. I've changed the constant to

Code:

C=US;O=VeriSign, Inc.;OU=VeriSign Trust Network;OU=Terms of use at https://www.verisign.com/rpa (c)10;CN=VeriSign Class 3 International Server CA - G3

I hope this answers all questions you might have.

[minisystem]

As I said, you need to sign the midlet with (somewhen) valid certificate to allow midlet access to internal SE. I suppose you have (had) such certificate and you use it to deploy other midlets on the phone.
I use my old (currently expired) certificate and set date back for midlet installation.
I'm not exactly keen on sending app with my certificate somehwere out.

[limcy]

@minisystem: currently, we're new to nfc development, and acquiring certificates at the moment will take a long process and perhaps some arguments internally. Anyway, it's our problem. I understand your concern and respect it. Thanks so much for guiding us and sharing with us.

[minisystem]

If you get current certificate usable on available 6212 or 6131, let me know - I'd really like to know that.

Problem with missing certificate could be solved by using trick with SDK Emulator and phone on external reader - I've seen it mentioned in similar topic here. You can set midlet to trusted even when unsigned and unlock phone using external interface and desktop reader connected to emulator.