Midlet Signing : Questions

Similar Messages

• Midlet Signing

  Hello,
  Questions
  - Is trusted third party signing enough to reach a significant amount of JSR-75 compatible mobiles, with a good user experience ?
  -What is the best third party for signing midlets ?
  - Is Manufacturer & Operator Sining feasible for a small company ?
  Background
  we're involved in a project that aims at accessing various data on the memory car/Internal memory/Sim+ memory of mobile phones.
  we know JSR-75 "File connection" is a must to do that, and we wish to use it on every capable phone.
  Different-devices = different-behaviour
  However, we are facing a platform/menufacturer specific issue :
  With an unsigned midlet :
  -Nokia device (6680, 6120, n95...) give access to the data, but keeps asking the permission to the user each time he wants to read a single file
  -Sagem (my700x) device allows us to configure the program so that we're asked only once the permission.
  - Motorola (RAZR V3i) freezes....
  Midlet signing solutions
  I know that midlet signing can help. However, we don't know which signing process suites our need :
  - Java Code Signing (self-certification using keytool)
  - Java Code Signing - Trusted third party (buying the certificate from Verysign or Thawthe as in google mail)
  - Manufacturer & Operator.
  Edited by: Nicolas_Dmailer on Dec 19, 2007 8:16 AM
  Edited by: Nicolas_Dmailer on Dec 19, 2007 11:53 PM

  Signing issue related with permission of midlet like to send the SMS to open the http connection that api required certification of third party & u can sign the midlet using tool givan by java itself
  here is link u can see the how to sign the midlet first then follow the certification procedure
  http://developers.sun.com/techtopics/mobility/wtk/demos/wtk-sign.html
  its link how can sign with wireless tollkit
  to certification u can follow but u have to check u rdevice which certification support then choose
  1) Verisign certification : u can visit www.verisign.com here u got the link for digital key under u got link for for sun java certification
  2)Also u can follow thawte certification : u can visit also thwate.com
  3)Or u can visit for java certification www.javacertification.com
  Regards
  AB
  for RMS persistence issue no need of signing u have to check code

• Midlet sign with certificate

  Hello
  I have developed an application that check some data in a DB and in some
  cases it sends to a specific GSM an SMS as an alert. The problem was when
  I wanted to deploy this application on my target phone (Nokia 6230) cause if
  you want to send a SMS you always have to confirm this action. The phone
  always asks you if it can send this SMS. The problem is that this action
  should be automatically triggered and I can not always confirm to send SMS.
  I have read that the solution is to sign you midlet with a valid certificate and
  then the phone will not ask for confirmation any more.
  Can someone give me an advice where I can acquire such certificate and how
  this signing can be done. Any information will be useful.
  Thank to all
  Mitja

  Verisign ot Thawte are you best bet. Not that cheap though, and they may not be available on all carriers & phones.
  Google for MIDlet signing for some excellent tutorials.

• How Midlet Signing prevents code modification.

  Hello
  I've previously read somethings about signing but never experienced it.
  I have a question now.
  Every where it is said that signing a midlet prevents others from modifying my code and distribute it under my name.
  Is this easy for any user to check the certificate owner on his handset??
  And could you please tell me how it can be done??

  Yeah, I'm pretty sure of that thanks to watching the diagnostics window. Everything falls apart at that point. Yes, Class 3 root certs are installed on the devices.
  We're regenerating our cert, so we'll see what happens then and hopefully our problem is solved.
  Thanks for the reply!

• MIDlet signing [openssl approach to generate CSR]

  Guys,
  Here are the questions that needs verification..
  1. Aside from Wireless Toolkit - JadTool.jar, What is another way to sign the MIDlet?
  a. the approach used to generate CSR was openssl.
  2. Is it possible to sign the MIDlet, if the CSR generated is from openssl approach? [Files generated r: .key and .csr] We know that on keytool approach [Files generated r: .keystore, .alias and .csr]
  3. Does Openssl technology is used only for web signing?
  4. Does certificate for web is different from mobile?
  5. Is it possible for one CRT file from Verisign, it can be use to certify WEB and mobile?
  Thanks in advance..
  Edited by: eesbee on Jul 30, 2009 3:03 AM

  Guys,
  Here are the questions that needs verification..
  1. Aside from Wireless Toolkit - JadTool.jar, What is another way to sign the MIDlet?
  a. the approach used to generate CSR was openssl.
  2. Is it possible to sign the MIDlet, if the CSR generated is from openssl approach? [Files generated r: .key and .csr] We know that on keytool approach [Files generated r: .keystore, .alias and .csr]
  3. Does Openssl technology is used only for web signing?
  4. Does certificate for web is different from mobile?
  5. Is it possible for one CRT file from Verisign, it can be use to certify WEB and mobile?
  Thanks in advance..
  Edited by: eesbee on Jul 30, 2009 3:03 AM

• MIDlet signing help

  I am having trouble with signing and perhaps you can help.
  We signed our SMS MIDP 2.0 application with a key generated with the J2ME wireless toolkit. We tried to install it on a Samsung SGH-E715 running on T-Mobile network and get "Installation error: info invalid". I have been told that these certificates only work with the toolkit and we need a valid certificate for phones. Is that correct?
  It appears that this phone does requires signing though, as we tried installing it without signing and got "Installation error: authentication failure." I assume that has to do with the following in the .jad file:
  MIDlet-Permissions: javax.wireless.messaging.sms.receive,javax.wireless.messaging.sms.send,javax.microedition.io.Connector.sms,javax.microedition.io.PushRegistry
  After installing without MIDlet-Permissions and then trying to send an SMS message, we of course get a security exception complaining about accessing a restricted API.
  Is there any way to sign the midlet with a trusted "development" certificate? I am on a very tight budget.
  Thanks in advance.
  Jim

  You must know that what we call third party certificates (thawt, verisign) are not supported by all the market's devices.
  To run, a signed application( ex thawte), must be installed on a device which contains that root certificate (thawte) !
  There are some operator cetificates too ( vodafone, T mobile) and the Java verified one (UTI) which is supported on a large part of market's devices.
  Finally, manufacturer certificates, (Motorola) are delivered for free, but can only be used on one phone ( you've to send the phone's UID to Motorola).
  I became crazy by all this issues, I lost most of my time in trying to sign my applications to test them !
  (I have a dream) I think that it will be a good idea to make a testing certificate (by java, why not) which will be supported on all devices !
  thanks, Idir.
  Edited by: skizo on 21-Aug-2008 11:18
  Edited by: skizo on 21-Aug-2008 11:19

• Grey screen"no entry sign/question mark

  My imac was working fine and then the browsers began freezing.
  Tried force quits but no apps came up in the window.
  Tried restarting and heard a loud beep followed by grey screen and folder with question mark.
  Took out all connections and tried starting up again,this time a grey screen with a no entry sign appeared.
  Powered off and on again,this time blue screen appeared after 5 mins then went on to mouse/keyboard bluetooth set up,finally got back on to my log in screen.Logged in and tried disk utility which began verifying permissions but got stuck saying 4 mins remaining.
  Spotlight was also beginning to re-index.
  another restart,and no entry sign appears.
  Next restart,reset Pram,apple logo appeared and stuck on grey screen with nothing happening.
  Any ideas people?
  thanks in advance!
  Also,is there still an apple support contact number from the UK? used to be able to phone through for one off incidents.

  just done this:
  "Try Disk Utility
  Start from your Mac OS X Install disc: Insert the installation disc, then restart the computer while holding the C key.
  When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu.
  Click the First Aid tab.
  Click the disclosure triangle to the left of the hard drive icon to display the names of your hard disk volumes and partitions.
  Select your Mac OS X volume.
  Click Repair. Disk Utility checks and repairs the disk."
  Taking AGEs again,ut waiting to see what happens next!

• NetBeans Midlet signing not working for Sony Ericsson M600i

  Hi,
  I'm developing an midlet that uses FileConnection class extensively. I intend to deploy the midlet on Sony Ericsson M600i. I want to make my Midlet a trusted one so that the annoying warning popups stop each time access the device filesystem.
  I created a keystore in netbeans and created a certificate using keytool using that keystore. Then I installed the certificate on the device. When I tried to depoly the midlet it says 'security check failed. cant install'.
  the device has MIDP 2.0 and CLDC 1.1
  pls explain how to make my Midlet trusted.
  thank you in advance

  pls explain how to make my Midlet trusted.You have to purchase a certificate (Verisign, Thawte...). NetBeans and WTK self-generated certificates are only for testing on the emulator and are not recognized by any handset (the root certificate is not available in the certificate store). And then, whether your purchased certificate is recognized by a specific device is both manufacturer/model and carrier dependent.
  For self-signing MIDlets for Nokia Series 60 handsets, see SD's topic [n]Free Self Signing Midlet for Series 60 3'rd Edition at
  {color:#0000ff}http://forum.java.sun.com/thread.jspa?threadID=5212743{color}
  Haven't come across anything similar for SE phones though.
  cheers, Darryl

• MIDlet Signing a tutorial (or sorts)

  Hi,
  I've spent some time recently documenting how I managed to get a signed MIDlet installed on my phone. It's all here
  http://www.spindriftpages.net/pebble/dave/2005/06/20/1119275880301.html
  Hope somebody here finds this useful
  David Hayes

  HI,
  I appreciate it much. Hope it will be help me, but I havn't tried, yet.
  Does signing my MIDlet helps to suppres the announcement "Untrusted Midlet" some mobile phones show before instalation?
  Thx.

• Four Java Applet signing questions

  hi all;
  I'd like to ask a few quick questions about applet signing. As you know there is a "Security Warning" Gray Alert box that appears when the user tries to load your signed applet.
  1. When the alert window asks someone to accept the signed applet, is it possible to some how capture the Yes or No button click event by javascript or something like that ? I noticed that the Yes and No Response seems to be saved in an in-memory cookie? Is it possible to figure out wht the person clicked ?
  2. Is it possible to keep that "Security Warning" Alert box on top so that the user will not be able to accidentally ignore it (it goes under the browser and stays there).
  3. Is there some way to inspect the PC to determine weather your applet loaded properly - apart from seeing a properly working applet ? For example , If I want to make sure it is being cached properly.
  4. When a new version of the applet is available on the server ? how does the browser know to download something ? is that something I would code for manually or would is this automatically handled behind the scenes.
  Thanks in advance
  Stephen

  I can only reply to nr 1 but looking at java.security.AccessControl there is a method called checkPermission() you can use.

• OCSP across domains - signing questions

  hi all, another question for you
  2-tier PKI hierarchy with an offline root and 2 subordinate Enterprise CA's in different domains (also different forests, lets call them domain1 and domain2).
  We have an OCSP array in domain1 and that all works well. We are now looking to set up domain2 to also use OCSP. I think there are two main scenarios we can pursue
  1) Install a new OCSP server in domain2
  2) Create a new revocation config in the OCSP server in domain 1
  Option 2 is our preference although I'm sure option 1 is technically a better solution (we have some internal reasons to want to keep it to one OCSP server). So creating the config for the new domain seems easy enough, but how do install an OCSP signing
  certificate from domain2 to the OCSP server in domain1? Will it be a manual enrolment (and if so, what about the validity period then? If it's set to the 2 week default we would have to manually renew every 2 weeks, any issue increasing it?).
  thanks in advance!

  Yes, scenario 1 would be more straight-forward.
  With 2 you would have to do one of the following:
  Manually enroll OCSP certificates cross-forest which I think is not feasible for short validity periods. You could try to
  automate it such as: Creating the request and key with certutil, submitting it to the CA in the other forest (in the context of a user with Enroll permissions in the other forest), and installing the retrieved certificate.
  Increase the validity period of the OCSP Signing template (and manually enrol or script it) but since those certificate cannot be revoked by design I would not do this unless you use an HSM to store the OCSP server's key.
  If there a trust between the forests: Add the Certificate Enrollment and Policy Service (CES / CEP) in domain 2 and give the OCSP server from the other forest autoenroll permissions (assuming that OCSP 1 can also access the CDP 2).
  But this means adding two more AD CS roles - so instead of maintaining a second OCSP responder you have to manage CEP/CES (and configure Kerberos delefagation if you want to run them on the smae machine). But since you have a CA in the each forest cross-forest
  enrollment is not needed except for OCSP - unless you might need CEP/CES anyway, e.g. for supporting telecommuting users or external users that enroll for certificates over HTTP.
  Elke
  Edit: Having read Vadim's reply - I wrote this being ignorant of the option to use certificates from a different CA. I would be wary about non-Windows platforms though.

• Midlet signing for testing

  hi experts,
  l'm developing a midlet that uses PushRegistry, i knew the midlet need to be signed in order to get rid of the permission prompt. Any others way to get rid of the prompt when run in the actual device for developement and testing purpose?
  many thanks.

  ffjia wrote:
  ngoonee wrote:
  For reference, you can't post to [arch-dev-public] (I've tried it before), its read-only for non-devs.
  There's also been a bit of noise on [arch-dev-public] (about 2-3 months ago?) about getting a new category 'testers' to supplement the current devs and TUs. Basically a group of people who are trusted to say 'yes this package in [testing] works' but not to actually upload packages etc.
  It's read-only for non-devs? I remember seeing "User signoffs are fine" some day, does that mean non-devs can signoff?
  For those, send the signoff to [arch-general].

• Midlet Signing Problem

  I signed a midlet and tried to load it to my Cingular Motorola V557 phone.
  All I want is to use Bluetooth. So I bought a Verisign Java Code signing certificate and did everything the tutorials told me to do in regards to the keystore file. I am using EclipseME and set it to sign my midlet using that keystore, it correctly asks me for my passwords so I know it tried to do its work.
  When I upload it to the phone I get the following error:
  Authorization failed, application not installed.
  I am a noob to signing java code so I am hoping this is something fundamental:
  Here is a copy of my jad file:
  MIDlet-Jar-Size: 40360
  MIDlet-1: tbt,,midlets.BluetoothTest
  MIDlet-Jar-URL: tbt.jar
  MIDlet-Jar-RSA-SHA1: a8I0l6zLBH6JoL0VGnHjaJ5rZ8YptQf1q7tW1BzXe+Xr4EWVp4mrhtfhAy1dooXFYj2aihZg5IaCcG4mWb6fTnpWkwUo1mUt8J88HUu8kaPrRywfJJ1DX+BM2zeHnffck4Psg4S+Iv6LqhaSzr7vzFvMF2uxvRrz7qkSdVFXOiw=
  MicroEdition-Configuration: CLDC-1.1
  MIDlet-Version: 1.0.10
  MIDlet-Certificate-1-2: MIIEvzCCBCigAwIBAgIQQZGhWjl4389JZWY4HUx1wjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNzE2MDAwMDAwWhcNMTQwNzE1MjM1OTU5WjCBtDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNDEuMCwGA1UEAxMlVmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAwNCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL687rx+74Pr4DdP+wMQOL4I0ox9nfqSfxkMwmvuQlKM3tMcSBMl6sFjevlRZe7Tqjv18JScK/vyZtQk2vf1n24ZOTa80KN2CB4iJyRsOJEn4oRJrhuKof0lgiwQMOhxqyjod0pR8ezN+PBU1G/A420Kj9nYZI1jsi1OJ/aFDv5t4ymZ4oVHfC2Gf+hXj61nwjMykRMg/KkjFJptwoRLdmgE1XEsXSH6iA0m/R8tkSvnAVVN8m01KILf2WtcttbZqoH9X82DumOd0CL8qTtCabKOOrW8tJ4PXsTqLIKLKP1TCJbdtQEg0fmlGOfA7lFwN+G2BUhSSG846sPobHtEhLsCAwEAAaOCAaAwggGcMBIGA1UdEwEB/wQIMAYBAf8CAQAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDAzAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgABMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFDbGFzczNDQTIwNDgtMS00MzAdBgNVHQ4EFgQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzANBgkqhkiG9w0BAQUFAAOBgQCuOhe4SntV+mRV7ECk7UlBkJmcibyvLh3KeCP5HBkPf+tovDLZiDje3D/TibQ/sYKW8aRauu0uJtPefAFuAAoApAaSEUgJQPkcGHlnIyTgu9XhUK4b9Q7d4C6BzYCjbFJPkXVViroi8tLqQXWIL2NVfR5UWpVZytk0gcBfXvZ6tQ==
  MIDlet-Certificate-1-1: MIIE5DCCA8ygAwIBAgIQczrbZKL5lkATnBWyJJPECDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNDEuMCwGA1UEAxMlVmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAwNCBDQTAeFw0wNjA4MjkwMDAwMDBaFw0wNzA4MjkyMzU5NTlaMIGoMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxEDAOBgNVBAcTB0hvdXN0b24xITAfBgNVBAoUGGVQcm9jZXNzaW5nIE5ldHdvcmssIExMQzExMC8GA1UECxMoRGlnaXRhbCBJRCBDbGFzcyAzIC0gSmF2YSBPYmplY3QgU2lnbmluZzEhMB8GA1UEAxQYZVByb2Nlc3NpbmcgTmV0d29yaywgTExDMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGyIADMloGcWMEp16WHfNfbCZltLwzG5ooxpq9mzSBtpHW1Qv8FH7/xXYFwumxtM58h1r75cwYoROj4kZHHE1YrAv68Ze/9SRkpnii7wbJJSblgL826ZlWfPbR926u+p4ICZUjKSRB1StiNynBRxwcrWdqWjS5PUfdkPT6b1z5hNAgMBAAGjggF/MIIBezAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vQ1NDMy0yMDA0LWNybC52ZXJpc2lnbi5jb20vQ1NDMy0yMDA0LmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwMwdQYIKwYBBQUHAQEEaTBnMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPwYIKwYBBQUHMAKGM2h0dHA6Ly9DU0MzLTIwMDQtYWlhLnZlcmlzaWduLmNvbS9DU0MzLTIwMDQtYWlhLmNlcjAfBgNVHSMEGDAWgBQI9VHo+/49PWQ2fGjPW3io37nFNzARBglghkgBhvhCAQEEBAMCBBAwFgYKKwYBBAGCNwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBACis5xvgrQDI+1X+WQ3OlpIH/MEX4iSawYxlLoQZsct6hBdGIiqPQNPyyMr9EBNeCVt7Eb+h7zWQCZfRD/nVPaxqzUFR1H40Yrt0KGPPvq65UdZ4FjMYAt6BI2KHaG/2R90BJMAtgfSJs53rR4CaTU55XLlgwKx54nh0qqqc9LRwcwrxnxXGoW4ZO7WDTyMeT2nC9h+VacicyJjGpcaPLHfmvf9OLUrv8BvvLEqtqStKf2zVtUsIpTEfcwLyTLC+5jZxE2rKlpBvMjbkv7zIThFxMd9Zm3T8b3G0J5/OU4DLi57WFmRlDeUEx8O+JAHRN3exM264vQRcfsc5J2uwCA8=
  MIDlet-Name: tbt Midlet Suite
  MIDlet-Vendor: Midlet Suite Vendor
  MicroEdition-Profile: MIDP-2.0
  MIDlet-Permissions: javax.bluetooth.DiscoveryAgent
  Is there a tool or something I can grind this through to determine what the problem might be?
  Thanx
  Bodger

  It apparently has something to do with the midlet permission string.
  The one I had was definitely wrong.
  So, I now have:
  javax.microedition.io.Connector.bluetooth.client
  Now I get this error when I try to load the midlet, this is from my phones debug log:
  SM_GetNumRootCerts: Total number of KJAVA certs on SIM and NVM (Type-3): 0, 0
  SJ_IsCoreletDI: Synerj signature not found into the JAD file
  SM_GetRootCertificate: DN = C="US";O="VeriSign, Inc.";OU="Class 3 Public Primary Certification Authority", Type = 15
  SM_GetRootCertificate: Subject key ID extension is not present.
  sm_LoadDomainRegistryIDs: number of domains = 6
  sm_LoadDomainRegistryIDs: number of permissions = 28
  sm_LoadDomainRegistryIDs: domain "0" name length = 3f
  sm_LoadDomainRegistryIDs: Read domain: 'CN="Cingular Preferred Root CA",O="Cingular Wireless, LLC",C=US' with 8 permission groups
  sm_LoadDomainRegistryIDs: domain "1" name length = 3d
  sm_LoadDomainRegistryIDs: Read domain: 'CN="Cingular Trusted Root CA",O="Cingular Wireless, LLC",C=US' with 10 permission groups
  sm_LoadDomainRegistryIDs: domain "2" name length = 42
  sm_LoadDomainRegistryIDs: Read domain: 'CN="GeoTrust CA for UTI",O="Unified Testing Initiative (UTI)",C=US' with 3 permission groups
  sm_LoadDomainRegistryIDs: domain "3" name length = 55
  sm_LoadDomainRegistryIDs: Read domain: 'O="Motorola Inc",C=US,ST=Illinois,L=Libertyville,OU=PCS,CN="Manufacturer Domain 40-1"' with 10 permission groups
  sm_LoadDomainRegistryIDs: domain "4" name length = 4b
  sm_LoadDomainRegistryIDs: Read domain: 'OU="Class 3 Public Primary Certification Authority",O="VeriSign, Inc.",C=US' with 3 permission groups
  sm_LoadDomainRegistryIDs: domain "5" name length = 10
  sm_LoadDomainRegistryIDs: Read domain: 'Untrusted_Domain' with 2 permission groups
  sm_LoadDomainRegistryIDs: WARNING! Permission UID "0x301e" not found on the device
  sm_LoadDomainRegistryIDs: WARNING! Permission UID "0x301e" not found on the device
  sm_LoadDomainRegistryIDs: WARNING! Permission group UID "0x100b" not found on the device
  sm_LoadDomainRegistryIDs: WARNING! Permission UID "0x301e" not found on the device
  sm_LoadDomainRegistryIDs: WARNING! Permission UID "0x301e" not found on the device
  sm_LoadDomainRegistryIDs: WARNING! Permission group UID "0x100b" not found on the device
  sm_LoadDomainRegistryIDs: WARNING! Permission UID "0x301e" not found on the device
  sm_LoadDomainRegistryIDs: WARNING! Permission UID "0x301e" not found on the device
  SM_MapDomainToRootCert: certType = 4, certName = 'C="US";O="VeriSign, Inc.";OU="Class 3 Public Primary Certification Authority"'
  SM_MapDomainToRootCert: Found domain: 'OU="Class 3 Public Primary Certification Authority",O="VeriSign, Inc.",C=US'!
  SM_getDomainPermissions: Domain name: OU="Class 3 Public Primary Certification Authority",O="VeriSign, Inc.",C=US
  SM_getDomainPermissionGroup: Domain name: OU="Class 3 Public Primary Certification Authority",O="VeriSign, Inc.",C=US, Requested group: 6
  sm_SetDomainPermissions: Critical permission 'javax.microedition.io.Connector.bluetooth.client' is not found in domain!
  SECMGR_verifyJADSecurity: Returned error code: 23
  SECURITY_MANAGER FINAL CODE: 23. DATE: 01-09-2006 16:40:17 (81)
  AMS ERROR: AMS_JADR_PROCESSING, 103, 23
  AMS: AMS_STATE_CHANGED_TR, 21
  AMS: AMS_INST_EXIT
  AMS: "ams_Inst_Start_Posting, code ", 10
  AMS: AMS_INSTL_FINALIZATION
  AMS: AMS_HEAP_RELEASED_TR
  AMS: "ams_Inst_Finalize() end."
  AMS: AMS_STATE_CHANGED_TR, 0
  JsaInst : JsaInst_Exit.
  [AMSDLG] : AmsDlgGainFocus route id=41.
  [AMSDLG]: process event_list code=20 route id=41..
  JTOOLS : Event 0x14 has come
  AMS: "ams_Inst_Exit() end."
  This has to be the problem can you give me some idea how to proceed?
  'javax.microedition.io.Connector.bluetooth.client' is not found in domain!
  Thanx
  Bodger

• MIDlet signing -trusted third party

  Hi all,
  I have signed my MIDlet and it shows as trusted third party, in my Nkia 6630 device.
  I was expecting it would prevent me from asking everytime when push message arrives to start application but it did not. And in suite settings there is not "always allowed" choice. Do you have any idea regarding this problem, because if it is going to ask everytime then certificate does not make any sense at all.
  Cheers

  It turns out that after the code signing certificate was downloaded, the private key was somehow lost or damaged or not associated with it in the first place. That is why I was not seeing the option to export the key. We needed to use certutil to repair
  the key association.
  I suspect this is because the request was made from a web form and handled by the 3rd party CA as opposed to being done with certreq. Am I off base?
  Anyway, running this command on the code signed certificate allowed me to export it as needed for SCUP:
  certutil -repairstore my "SerialNumberofCert"
  There are some how tos here:
  http://support.microsoft.com/kb/889651
  http://blogs.msmvps.com/ivansanders/2011/07/26/restoring-a-certificates-private-key-without-the-certreq/

• URGENT SIGNING QUESTION

  hi all,
  for developing reasons i signed an applet with "MS_JAVA-SDK" and a batch file which looks like that:
  @echo off
  cls
  set prefix=MS_JAVA-SDK
  cd classes
  "..\%prefix%\cabarc" -p -r -s 16384 n ..\lernerdata.cab *.*
  cd ..
  "%prefix%\makecert" -sk ADVESCO -n "CN=ADVESCO" ADVESCO.cer
  "%prefix%\cert2spc" ADVESCO.cer ADVESCO.spc
  "%prefix%\signcode" -j javasign.dll -jp low -spc ADVESCO.spc -k ADVESCO lernerdata.cab
  "%prefix%\chkjava" lernerdata.cab
  while using IE everything works great, but as soon as i want to start the same with netscape 7.0 the java console shows a message wich says:
  "Netscape-Sicherheitsmodell wird nicht mehr unterst�tzt.
  Bitte stellen Sie auf das Java 2-Sicherheitsmodell um."
  (in english something like: netscape security model won�t be supported anymore - please change to the java 2 security model)
  what�s the problem?
  what do i have to do when i want to run my applet with ie and netscape?
  thanx a lot !!!!
  andi

  MS jdk is only Java 1 and from the error message you posted it looks as if Netscape isn't supporting Java 1 anymore only Java 2, thats why it isn't working. I don't know much about signing applets, but I believe there is a tool that ships with the JSDK... its called jarsigner.exe I believe. Just download the newest JSDK and use that jar signer and not the MS one. You might want to search the forums for more info about signing applets, I know I have seen it come up a bunch of times and there is probably a good walkthrough somewhere.