J2ME - code signing - What's the Certificate that works in all handsets such as Nokia,samsung,Micromax,LG?

Question

I am creating a MP3Player which will access the device memory card to list the songs.For this I am using File Connection API so devices like Nokia keep on asks for permission.To overcome this the jar file has to be signed.Does any one know which CA is widely accepted by all devices such as Nokia, Samsung, Sony, LG, karbonn, Micromax and even the china devices?

Does any one know what's the common certificate available for all devices?

Is there any free trial version available for developers?

Answer 1

Unfortunately with that range of handsets and I assume territories you are looking for a unicorn that does not exist

However you need to check which devices you wish to deploy to, as common as a Verisign, Thwate or UTi certificate is, the root certificate is not present on all phones! unfortunately this means if you sign the application you will be unable to install on those devices where the root certificate is not present.

The phones you will need to pay particular attention are any that have been customised by carriers, in a great example most Sony K800s have the Verisign certificate unless they are VodafoneUK ones in which case they will not for certain firmwares

Your best bet is to obtain a couple of signed midlets and place on a provisioning server and use http install notify to see if you have many failures, you can then attempt to redirect these phones that are having difficulties installing a particular signed application

Answer 2

Each phone has got certain authorized root certificate like thwate,verisign with different access level. You need to check common certificate that will satisfy your need.

Answer 3

This post is over a year old, but this SSL CA issue still exists in many flip and non-smart phones. After finding limited solid information online, I called a few vendors and started some of my own testing. VeriSign clearly has the largest install base, but costs an arm and a leg. After looking at Thawte which did not work on all devices, I found GeoTrust (which is a subsidiary of VeriSign) that seems to work on every flip that I have tested.

I have written a post that discusses the issue in a bit more detail, but overall GeoTrust deals with the issue at a fraction of the cost of other certificates. In my case I was looking for a wildcard. As of 10/15/2012 that runs $499/year with unlimited sub domains and server installs.

http://www.alexfoley.com/ssl-certificate-roots-on-old-mobile-devices/

Answer 4

May be its based upon your requirements. Thawte, Verisign and Java verified supports most of the devices. I already chat with Thawte and Verisign technical team for this purpose. They said most of the device support after signing the application. But they dont have supported mobile model list. I suggested Thawte is better than both.