What kind of certificate is needed to avoid permission questions?

**inzan** · 2006-11-01, 16:26

Hi.

I'm developing some benchmarks in Java which uses Bluetooth, PIM, Network etc. The problem is that I want to get rid of the questions regarding permission to access different things, like PIM or Network. I have set the permissions in the JAD-file and created a 3rd party self-certified certificate and installed it on the phone. Then I've tried to sign my midlet with the certificate and run it on the phone (N93), but I only get Certificate error when I try to install the application. (And yes, I am sure that the JAD-file is correct and that I'm using the correct certs, keystores and so on).

I've looked in the Certificate list and noticed that there are a couple of certs called MIDP2....

So my question is...do I need to buy one of these certs in order to have automatic permission to access restricted areas or is it possible to use a 3rd party cert? I have read a number of different forum posts, but there seem to be a lot of confusion about what's needed to do this.

Thanks in advance.

Best, Andreas

**hartti** · 2006-11-01, 21:17

You cannot add certificates to be used in midlet signing on the phone. So you have to use of the certificates available on the phone.

By signing you midlet you get better access to various APIs. However, when you install you midlet the midlet is given default permissions (which you can find out from the MIDP security policy recommendation). These default permissions usually do not give blanket access (always allowed) but the user has to change the access settings for each API manually after installation, if one wants to bypass the permission dialogs altogether.

Hartti

**inzan** · 2006-11-02, 08:43

Hi.

Thanks for your answer.

I found the setting you were talking about in the Application Manager. However, the only options I can choose from in most of the APIs are "Not allowed" and "Ask every time". What I need is "Always allowed" or at least "Ask first time".

I assume this is because the midlet isn't signed. So my straightforward question is: If I purchase a Verisign or Thawte certificate and sign my midlet with it, will the phone consider my midlet as trusted and let me choose the options I'm looking for in the Application Manager? If not, how to do it?

Thanks.

**traud** · 2006-11-02, 13:00

Yes and no.

Unfortuantely, nobody can tell you which permission are granted in 3rd party level. This depends on the operator version of your phone. Finding the one at the operator who has this list is near to impossible. Anyway, as you target to release this software to users who might have all different kind of operator versions, there is nothing you can do more.

Go for a VeriSign and thawte code signing certificate. This is all you can do and all permissions you get. On the other hand, there will be still some devices rejecting your new JAD as they have only operator or even no certifiactes on board.

Self-signed code signing works in Nokia S60 2nd Edition only. This was a bug removed in 3rd Edition. To get all permissions, you would need operator or manufacturer level. This is theoretic blah blah as near to noone even most Nokia own applications do not get this level.

To make it short: When you application works now even without signing, keep that level. Signing will not cure all (if any) of your user interface issue, unfortunately.

**matteopiccioni** · 2006-11-07, 09:12

(sorry for bad english)
i sign my jad with thawte code signing certificate, in phone (6600 and 6630) i had to do:

1) Allow installation on "Thawter Premium..." certificate:
Settings -> Security -> Certif.Management -> Trust Settings on "Thawter Premium..." and set App.installation to YES

2) Set permission under Application Manager:
Manager -> [select the the midlet] -> Option -> Suite Settings -> and set permission for Network access, Messaging, App.auto start, Connectivity, Multimedia, Read/Edit user data

My question is:
When i update my application with the next versione one (for ex. from 1.0 to 1.1) why i have to set again permission into Application Manager?
There is a way to avoid it?

thanks for answer

Matteo

**hartti** · 2006-11-07, 19:08

matteo, unfortunately you need to change the settings again. There is no workaround for that. I agree that is not nice from the developer perspective, as the application us updated usually very often.

Hartti

**desijatt** · 2006-12-01, 18:54

Originally Posted by hartti

You cannot add certificates to be used in midlet signing on the phone. So you have to use of the certificates available on the phone.

By signing you midlet you get better access to various APIs. However, when you install you midlet the midlet is given default permissions (which you can find out from the MIDP security policy recommendation). These default permissions usually do not give blanket access (always allowed) but the user has to change the access settings for each API manually after installation, if one wants to bypass the permission dialogs altogether.

Hartti

I don't agree with you here unless I misunderstood something. I have have generated my own certificates and loaded them on the phone and used them to sign my midlets for a while now and they are working fine.

**desijatt** · 2006-12-01, 18:57

Originally Posted by inzan

Hi.

I'm developing some benchmarks in Java which uses Bluetooth, PIM, Network etc. The problem is that I want to get rid of the questions regarding permission to access different things, like PIM or Network. I have set the permissions in the JAD-file and created a 3rd party self-certified certificate and installed it on the phone. Then I've tried to sign my midlet with the certificate and run it on the phone (N93), but I only get Certificate error when I try to install the application. (And yes, I am sure that the JAD-file is correct and that I'm using the correct certs, keystores and so on).

I've looked in the Certificate list and noticed that there are a couple of certs called MIDP2....

So my question is...do I need to buy one of these certs in order to have automatic permission to access restricted areas or is it possible to use a 3rd party cert? I have read a number of different forum posts, but there seem to be a lot of confusion about what's needed to do this.

Thanks in advance.

Best, Andreas

No you don't need to buy any certificates. I have been using my self generated certs on my N70 phone.

**traud** · 2006-12-01, 22:16

desijatt, we have to correct you. Please read my answer again.

**alliance205** · 2006-12-06, 02:25

Yes, it's working fine on your N70 because it's an S60 2nd Edition phone.

**speedalert** · 2006-12-13, 06:55

Does anyone know how to transfer the certificate : physiclly as well as installing on s60 2nd edition device. so that the self signed midlet (requiring access to restricted API'S for ex jsr 75 file access api's) can run on it.

1)My question is how we send it , if via bluetooth then which folder we store it?

2) (Correct me if i am wrong) we send the abc.cer file to phone which we used to sign the midlet by creating through keytool command called selfcert.

3) Once we store it (please tell if storage is in specific folder), how do we install the abc.cer file?

**peterblazejewicz** · 2006-12-15, 23:28

hi,

just to help you get started: try that thread solution:
http://discussion.forum.nokia.com/fo...ht=self-signed

regards,
Peter

Discussion Board

Thread: What kind of certificate is needed to avoid permission questions?

Thread Tools

Search Thread

Rate This Thread

Display

Similar Threads

Self-signed CA certificate

How we can avoid security questions while accessing contacts using PIM API..??

needed man page kind of info. for symbian c++ libraries

what kind file it is ( MMS ) ? help needed..

two questions about listbox, header/library needed and inserting text

Posting Permissions