How to create a secure digital certificate

The Certification Generator can be used to create a certificate request file, which is sent to a Certification Authority (CA). The developer’s public key — contained in the certificate request — is digitally signed by the CA, and returned to the developer. The certificate can then be included with the installation file and used to verify the identity of the application’s sender.

The process is:

1. Invoke the Certificate Generator to create a private key and a self signed certificate. This process is discussed in the given “How to” topic.

2. Invoke the Certificate Generator to create a certificate request, specifying the previously created private key and self signed-certificate, and a distinguished name string.

3. Send the certificate request to a Certificate Authority — an authenticated digital certificate is returned.

How to digitally sign an installation file, How to create a private key and self signed certificate

The certification request file epoc32ex\ToolsAndUtilities\HelloWorldreq.p10 was created using the following command line invocation:

makekeys req -dname "CN=Symbian OR=Symbian Ltd CO=GB" HelloWorld.key HelloWorld.cer HelloWorldreq.p10

The -dname command passes a simple distinguished name string to the Certification Generator. HelloWorld.key and HelloWorld.cer are the private key and public key self-signed certificate that were created in a previous invocation of the Certification Generator. Helloworldreq.p10 is the name of the output certificate request file.

The certificate request should then be sent to a Certification Authority, who will verify your identity and then return an authenticated digital certificate.

• The private key may be specified to the Installation File Generator to digitally sign an installation file.

• The digital certificate returned by the CA must be bundled with the installation file to allow the digital signature to be verified. The self-signed certificate may then be discarded.