Skip to main content

X509Certificate Bug

No replies
Joined: 2007-05-30

I wanted to point out the bug that I found in that precludes it from ever reading a V3 certificate correctly.

See the answer to that I posted for the solution.

With this I have been successful at signing a MIDlet using Operator Credentials by using a certificate issued by the free service at Ascertia and having the Ascertia Root certificate added as the operator certificate in appdb/_main.ks.

Note that when you run JadTool to add the certificate to the JAD, it inserts the entire 3-Certificate chain including the self-signed Ascertia root certificate. From my reading of the PKI docs, the JAD should not have the root certificate in the chain. Therefore, I pull the third certificate out of the JAD. Since getting that working I have not tried leaving it in to see if it really matters.

BTW: In order to have the certs even checked, you have to build PhoneME Feature with the USE_RESTRICTED_CRYPTO=true and RESTRICTED_CRYPTO_DIR=${MEHOME}/midp set. Otherwise, everything is just assumed to be untrusted.