When trying to access signed application on Nokia 6303 Classic and Nokia 5130 Express Music handsets, basically on those handset which are based on S40 & S60 OS:
Error : No Valid Certificate ( or ) Certificate not on phone or SIM
Error: Certificate Error : Contact the Application supplier
Before proceeding, its assumed you have already prepared a keystore containing the private key, code signing certificate and CA chain.
Your Java MIDlet consists of two files: a JAR file and a JAD file. The JAD file is a descriptor file that specifies information about your JAR file. The JAD file is the file that has to be signed with the certificate and distributed for installation, not the JAR file. When the Application is run, the JAR file is called automatically using the web location specified in MANIFEST attribute later described in this article.
Step 1: Add certificate the JAD file:
There is a lot going on here. We need to review each field value carefully:
You should eventually end up with something that looks like this:
Step 2: Add signature of the JAR to JAD file:
Now that you have added the certificate to the JAD, you must add the signature to the JAD. The command is similar to the previous, the main difference is the change of the "-addcert" command to "-addjarsign" command.
Note: Ensure when specifying the <input_jadfile> parameter that you point to the JAD file you just created ("C:\Users\moe\Desktop\App 0.jad") rather than the original. Give the <output_jadfile> parameter a new name, such as "C:\Users\moe\Desktop\App 1.jad".
Step 3: Verify that JAD is signed
You can verify that the JAD file was correctly signed by issuing the following command:
Now that your application is signed, delete "App.jad" and "App 0.jad". Now rename "App 1.jad" to "App.jad".
Step 4: Compare MANIFEST entries
Check that the MANIFEST entries of JAD/JAR are the same.
There is a predefined set of attributes to be used in every application descriptor, here is an example:
What your looking to do here is make sure the MANIFEST attributes match exactly for the JAD and the JAR.
Other things to note:
Step 5: MANIFEST permissions
It is not required for signing a MIDlet, however for your code to function properly you may have permissions added in your MANIFEST, be sure to verify the permissions with the device vendor to ensure compatibility or any mis-configuration.
Again, any changes made need to be consistent on both JAD and MANIFEST.MF files, see below sample of MANIFEST with permissions:
If you see strange errors when trying to run the application it may be due to a misconfig in your MANIFEST/JAD. Isolate your MANIFEST file by removing one attribute at a time, including MIDlet-Permissions as these are not require as part of the digital signing process.
Troubleshooting Chaining issues
In some cases, depending on the mobile device make/model when trying to run your application you may encounter a certificate error. You will run into this issue if the phone does not have the Root certificate to which the Code Signing certificate chains. Having the code signed correctly is not enough, the top level Root certificate must be installed on the device in order for the chain to pass on the device.
There is no best method as workaround as not all devices will be impacted.
#1 Update the device with the root certificate
The Root certificate must be downloaded and installed from a web source, such as:
Once the Root certificate is installed/saved on to the device, restart the device and retry the installation of Application.
#2 Removing the Root certificate from the chain
In the case your device does not contain the Root certificate specified in your signed code then you can remove the Root certificate from the chain of the JAD file, doing so will allow the code to chain to any available Root certificate on the device.
If signed correctly, your JAD should contain a total of 4 certificates in the chain. In the JAD file, remove the following certificate entry:
#3 Consult the device vendor
If the above still did not resolve your solution, please contact the device vendor for further assistance/insight to this issue.