Nokia S60 3rd edition midlet signing
Dear all:
It would appear that to have a midlet run on an ACTUAL Nokia S60 3rd ed phone, one has to actually sign it with areal certificate - ie, one released by a CA (eg Verisign or Thawte) and not a self-generate certificate (ie, one generated by keytool).
Now, this is hugely annoying, as it would cost (at best) $199 from Thawte, when the requirement would just be to TEST the app on one or two phones lying about in the dev room.
Of course, once one goes to market, a REAL certificate would be needed.
Symbian have a Developer Certificate programme - that works a beauty, but it seems it only works for SIS (Symbian C++ native apps) and cannot be used to sign Java MIDP midlets.
SO a couple of questions spring to mind:
1. having the Java Verified Programme (JVP) up and running, why don't they set up a process similar to Symbian for Java developers?
It is all automated, no real cost involved for JVP, and the certificate issued is only valid for 6 months onone device (IMEI) so no security threat either.
2. why is not Sun coming up with some sort of solution to the problem? there must be literally thousand of developers around the world, working for small start-ups developing Java code for mobile phones who can't afford to spend $199 (or even $499 for a Verisign certificate) just to 'give the code a spin'
It's all good and well to run the code in the emulators, but as we all know, development on mobile devices, requires extensive testing on the real thing.
Am I missing something here?
can anyone help - or care to join in generating some swell of support in getting the JVP to have a bit more friendly approach to us, the small guys?
Cheers,
Marco Massenzio
Managing Director, Infinite Bandwidth ltd
admin@infinitebw.com
[1857 byte] By [
massenza] at [2007-11-26 22:15:53]
# 2
I reckon your query must be answered from an expert from Sun Microsystems but I feel Sun has nothing to do with the certificate business here and it is not their piece of cake.
It must be taken by the OEM's since, Any application that we develop does get credits to Sun's Java ME platform but will provide revenues to the OEM's/Device manufacturers, Network operators and finally the Developer. By and large I feel that the emulators/toolkits provided by Sun and as well as by the OEM's themselves cater the testing/staging needs to certain extent.
You feel that there must be some help from Sun's front for the developer community to test the security/midlet signing/certificate related stuffs in real/production environment right? If someone grants that option then every customer using your application will become a developer. I think you understand what I'm saying here.
~Mohan
# 4
Ok - folks, thanks for replies.
Have actually worked out what I was doing wrong (ie, signing the midlet with the 'dummy' certificate on NetBeans - this clearly would not work on an actual phone).
My midlet now runs on my test phone (and, I presume, on any phone that I connect via cable to the PC and install manually).
I don't actually think it will run on any other phone that downloads it from my website - be it for testing or commercial purposes.
I still think it's a rotten process in which one has to buy a certificate even to do some testing in a real environment (eg asking friends & family to download the midlet and mess around with it - even BEFORE one can consider commercial deployment).
And, yes, it is a piece of cake to implement it (just go and have a look at Symbian's Developers certificates).
I still believe that Sun, Nokia and Symbian (ie, Nokia again) ought to get their act together and provide the development community with a much simpler (and cheaper) mechanism than it is the case today.
