My OperaInstalling x509 root certificates in Nokia's S40 & S60 emulators
Friday, July 7, 2006 9:06:34 AM
Not knowing my PEM from my DER, I delved into the world of certificates (x509 that is) and spent countless hours trying to install my test root CA cert from Verisign into Nokia's phone emulators. I'll explain how to do it for the S40 SDK but it works the same for the S60 SDK as well. Here's what you should do.
My toolbox
Prepare the test root cert
* Download the root cert and call it root.pem
* In the x509 standard, the ASN.1 structures are encoded in DER format (native format)
* For easier transport on the web, it is usually encoded in PEM. PEM is just a base64 encoding of the DER byte stream.
* The test cert downloadable from the link above is encoded in PEM. However, the Nokia phones only accept DER encodings. Thus, convert it to DER using openssl in Cygwin:
openssl x509 -in root.pem -inform PEM -out root.cer -outform DER
Prepare the tomcat server
* Copy root.cer to the webapps/ROOT directory of your Tomcat installation.
* Add this MIME mapping to our web.xml
<mime-mapping>
<extension>cer<extension>
<mime-type>application/x-x509-ca-cert</mime-type>
<mime-mapping>
* Next create cert.html
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Install root CA</title>
</head>
<body>
<p>
<a href="root.cer">Download a CA Cert</a>
</p>
</body>
</html>
* Restart tomcat
Installation of cert
* Fire up the S40 emulator & navigate to http://localhost:8080/cert.html
* Click on the link and the browser will prompt to install the cert
Settings > Security > Authority Certificates > Certificate List
Update
Similar process decribing installation of root certs for Gmail POP access
My toolbox
- Nokia S40 FP1 SDK
- Apache Tomcat 5.5
- Windows XP SP2
- Cygwin
Prepare the test root cert
* Download the root cert and call it root.pem
* In the x509 standard, the ASN.1 structures are encoded in DER format (native format)
* For easier transport on the web, it is usually encoded in PEM. PEM is just a base64 encoding of the DER byte stream.
* The test cert downloadable from the link above is encoded in PEM. However, the Nokia phones only accept DER encodings. Thus, convert it to DER using openssl in Cygwin:
openssl x509 -in root.pem -inform PEM -out root.cer -outform DER
Prepare the tomcat server
* Copy root.cer to the webapps/ROOT directory of your Tomcat installation.
* Add this MIME mapping to our web.xml
<mime-mapping>
<extension>cer<extension>
<mime-type>application/x-x509-ca-cert</mime-type>
<mime-mapping>
* Next create cert.html
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Install root CA</title>
</head>
<body>
<p>
<a href="root.cer">Download a CA Cert</a>
</p>
</body>
</html>
* Restart tomcat
Installation of cert
* Fire up the S40 emulator & navigate to http://localhost:8080/cert.html
* Click on the link and the browser will prompt to install the cert
Go the certificate list to verify that the installation was successfull.
Settings > Security > Authority Certificates > Certificate List
The cert should be listed
Click on the option left soft button to view usage profile for the cert
Clicking on the cert allows you view its detail
Update
Similar process decribing installation of root certs for Gmail POP access
