Petteri Kangaslampi, firstname.lastname@example.org
This short note describes the steps required to create a self-signed certificate for signing Symbian OS packages, converting it to a format suitable for use on a 9210 Communicator, installing it on the device, and signing the packages. Most of this information comes from the 9210 SDK, but some issues (such as certificate conversion) are not described there.
Note! This information is valid for Series 80 phones only. For information on self-signing applications for S60 3rd edition, see the SDK or Forum Nokia.
Shortly, the steps are the following:
The rest of this note describes each of the steps in more detail. The discussion assumes that the 9210 SDK has been installed, and paths set up properly.
The certificate and its corresponding private key can be created with the following command:
makekeys -cert -dname "CN=Your Name EM=email@address CO=XX" filename.key filename.cer
The items with emphasis should be replaced with your own values. The dname (distinguished name) parameter string can also contain other values, see the makekeys help for more information. makekeys will prompt you to enter a passphrase for the key, using one is highly recommended.
Important note: QuickEdit mode must be disabled from the shell window, otherwise random data gathering won't work.
For some reason, makekeys creates certificate files that the 9210 certificate manager software cannot read. To work around this, the certificate must be converted to a suitable file format. This can be done either using the built-in certificate management tools in Windows or with OpenSSL.
To convert the certificate to a supported format, use the following steps:
The resulting certificate from these steps can be installed on a 9210 communicator. Note that you should retain the original file too, since it can be useful with other SDK tools.
Conversion with OpenSSL requires just a single command:
openssl x509 -outform DER -in inputfile.cer -out outputfile.cer
Because the certificate is self-signed, the device will not trust it by default. To install the certificate on the device and set it trusted for software installation, follow these steps:
After this process the Communicator will accept installation packages signed using the new certificate.
Finally, to make use of the new certificate, installation packages must be signed using the corresponding private key. This process is documented in the SDK, but, briefly, the steps are the following:
Add the following line to the installation package file (project.pkg):
The new installation package can now be installed normally and without security warnings.