FAQ-1322 What is the difference between self signing and Self Certifying a SIS file?


FAQ-1322 What is the difference between self signing and Self Certifying a SIS file?

» Symbian OS » Developer Knowledgebase » FAQ-1322

Classification:	General	Category:	Symbian Signed
Created:	10/17/2005	Modified:	10/17/2005
Number:	FAQ-1322
Platform:	Symbian OS v6.0, Symbian OS v6.1, Symbian OS v7.0, Symbian OS v7.0s, Symbian OS v8.0, Symbian OS v8.0a, Symbian OS v8.0b, Symbian OS v8.1a, Symbian OS v8.1b, Symbian OS v9, Symbian OS v9.0

Question:
What is the difference between self signing and Self Certifying a SIS file?

Answer:
Self signing should not be confused with Symbian Signed Self Certification. The later allows various types of organizations to test and self certify (Symbian Sign) their applications under a Self Certification agreement (see Symbian Signed White Paper for more details). Self Certification removes the need for submitting applications to approved Symbian Signed Test Houses for testing and signing.

On the other hand, self signing involves the signing of a SIS file by the user himself/herself using a certificate that has been self generated (using makekeys.exe or possibly other tools), or counter-signed certificates such as DevCerts or ACS Publisher ID. In contrast, when Self Certifying (or equally, Symbian Signing) a SIS file, the signing of the SIS file is actually done by the certifying authority itself i.e. Verisign and not the user. This also applies to organizations that hold the Self Certification status - they don't physically sign the SIS file, however, they submit the SIS file via the portal (using their account) to get it signed as Symbian Signed.

Unlike a file that has been Symbian Signed, a self signed SIS file will always install with a security warning during installation; as these certificates do not have a CA Root associated to them on a device.