From Forum Nokia Wiki

Let's assume you want to get rid of those annoying security messages when accessing JSR-75 (or another), what can you do? There are 2 main ways to reduce the number of messages:

• JavaVerified
• Code signing

This document describes the how to code sign an application.

You can code sign your application with Verisign and Thawte. Thawte provides certificates for US$ 299, cheaper than Verisign, and I just followed the whole process, so I'll describe the process, as it worked for me.

Contents 1 1) Generate keystore and CSR for JavaSoft Certificate 2 2) Buy certificate from Thawte 3 3) Prove Thawte that "you are you". 4 4) Import the certificate into your keystore 5 5) Sign your application

1) Generate keystore and CSR for JavaSoft Certificate

Follow this document from Thawte: Solution SO3186

You will use a tool from Sun called keytool. You can get more info about it here: keytool

You will end up with a keystore (which is basically a file where your keys are stored) and a CSR, which is a text that you must send to Thawte.

2) Buy certificate from Thawte

Go to Buy / Code signing [1]

Choose "JavaSoft Developer Certificate". This is the J2me certificate in Thawte's terminology.

3) Prove Thawte that "you are you".

They'll ask you more information and maybe documents. In my case, our company is located outside the US (in Chile) and the whole process took 2 weeks. I guess if you are in the US, it will be much faster.

4) Import the certificate into your keystore

Read this small document from Thawte Solution SO1079

5) Sign your application

For this step, there is no information in Thawte's site. You may find this document Solution SO7517, but it's about signing standard jars, not midlets.

If you like working with the console, you may follow the instructions from Verisign Sign Midlet Suites with JadTool or read more deeply about Sun's JADtool.

But I recommend you turn to Netbeans (I guess Eclipse will have a similar feature).

Open up your project, go to its Properties and the Signing tab. Check the "Sign Distribution" option and click in "Open Keystores Manager". Here you need to add the keystore you created in the step 1. Be sure to unlock your keystore and then your key.

Next, rebuild your project and Viola! Your application is signed!

To verify it, open the jad file. You will notice a number of new lines regarding the certification stuff. Also, your jar file will be a bit bigger than without the signing.