Categories: Platform Security | Testing | Application Signing

This page was last modified 11:10, 11 March 2008.

From Forum Nokia Wiki

An application can be signed in so many ways and with a range of different certificates. To get an application to the markets it only needs to be signed, it is important to know the difference between signing and certification.

Development time signing

Self-created certificate

• Sign your application (not certified) to deploy it to all S60 3rd edition devices. Self signing is the minimum requirement for any application that does not use capabilities above the user grantable level. See Capabilities.

Symbian Developer Certificate (Publisher ID needed when requesting an offline DevCert)

• This is a development time certificate that enables you to test on a real device. You will only need this if your applciation requires capabilities that cannot be granted by the end-user.
  • Tips for submitting DevCert requests

Final signing

Final signing can be done either by you, using your own certificate (self-signing) – or by an external test house, using the Symbian Signed certificate. See also "How to pass Symbian Signed for Nokia tests".

Who needs Symbian Signed certification? Reasons may vary:

• Business need (certain delivery channels will require certification)
• Need for protected capabilities. Any application using capabilites above the user grantable ones needs to be certified before delivery to market.
• “Application comes from an untrusted source” notification. This notification is shown for all non-certified applications during installation. Your application has to be certified if you do not want the installer to show this note to the end user.