How to create a secure digital certificate

The Certification Generator can be used to create a certificate request file, which is sent to a Certification Authority (CA). The developer's public key (contained in the certificate request) is digitally signed by the CA, and returned to the developer. The certificate can then be included with the installation file and used to verify the identity of the application's sender.

The process is:

1. Invoke MakeKeys (see MakeKeys - Certificate Generator syntax) to create a private key and a self signed certificate. This process is discussed in MakeKeys - the Certification Generator.

2. Invoke the Certificate Generator to create a certificate request, specifying the previously created private key and self signed-certificate, and a distinguished name string.

3. Send the certificate request to a Certificate Authority; an authenticated digital certificate is returned.

• How to digitally sign an installation file

• How to create a private key and self signed certificate

• Package signature

The following command line invocation creates the certification request file HelloWorldreq.p10:

makekeys -req -dname "CN=Symbian O=Symbian Ltd C=GB" HelloWorld.key HelloWorld.cer HelloWorldreq.p10

The -dname command passes a simple distinguished name string to the Certification Generator. HelloWorld.key and HelloWorld.cer are the private key and public key self-signed certificate that were created in a previous invocation of the Certification Generator. Helloworldreq.p10 is the name of the output certificate request file.

The certificate request should then be sent to a Certification Authority, who will verify your identity and then return an authenticated digital certificate.

• The private key may be specified to the Installation File Generator to digitally sign an installation file.

• The digital certificate returned by the CA must be bundled with the installation file, to allow the digital signature to be verified. The self-signed certificate may then be discarded.