Key Pages: Home | WikiSyntax | Recent Changes
Java Mobile Developer Signing Group
The Problem

I'm really annoyed about having to buy a j2me code signing certificate to sign java apps to run on my phone. The JSR have decided that you should not be able to install your own java root certificates on your own phone, but you should be forced into buying one from verisign or thawte each year, even if you are a developer. Thanks guys.

"For anyone else interested in lodging a complaint with the working group on MIDP 3.0 (JSR-271), download their early release draft, and scroll down to page 69. There you will find the following gem:

The working group for MIDP 3.0 - JSR-271 seemily have changed their proposal, I'm not sure what exactly this change means yet -

Early Draft Review: p69 - "Any Authority Certificates obtained after device manufacture MUST NOT be used for authentication of MIDlet suites."

Public Review: p67 - "Any Authority Certificates obtained after device manufacture MUST NOT be used as Protection Domain root certificate but MAY be used as Application Access root certificate."

Nokia reference for changing their policy for S60v3 java apps -

So, what I'm proposing is a group of folks get together and buy a certificate and share it. It's possibly against the term and conditions of the certificate, but If I want to develop apps to work on my own phone as a hobby, I shouldn't be forced to sign them each year to make them work properly. I'm sure one organisation can use a single certificate, and not use one per developer, so lets create our own organisation to do this.

Does anybody have an expired code-signing certificate? See Plan C

        Donate with Paypal

Once I get $299 I'll buy a thawte certificate and let everyone who donated know how to join the 'organisation' and get access to the signing cert. After $800 I'll buy a verisign one.

I can understand that people may not be happy with contributing any money to a project that may unfortunately never come to fruition, so you may pledge to donate $20 via pledgebank, if just 14 other folks do this, that's enough for our first certificate!


Donation Update

Hooray, We have our first couple of pledges and a donation, excellent! Lets hope this gets some momentum.

The Code Signing Providers

My N82 S60v3 has four J2ME trusted certificate authorities, I haven't verified that these are definitely the correct certificates that need purchased.

MIDP2 Geotrust - I think this is for javaverified certificates.

MIDP2 Nokia - Possibly for Nokia internal use only

Plan B - Hacking Phone Firmware

There is instructions on how to patch the firmware for a few models of S60 phones to allow you to do this. It's a bit too risky for me.

Plan C - Cheap And Nasty

Does anybody have an expired code-signing certificate? Please donate it to the cause? You can sign with an expired certificate and install by setting the time back on your phone, the signature time is only tested on installation, this would be fine for a developer or for testing purposes.