Custom Java root certificates on the Motorola EZX phone platform

Motorola doesn't provide any way to install new root certificates for Java (despite there being an interface to install them for SSL) and the only root certificates installed other than their own is the lucrative "Java Verified" monopoly certificate.

Fortunately it is possible to insert your own root certificates, such as the one provided by CAcert who issue free code signing certificates.

  1. Add the certificate to /ezxlocal/download/appwritecmsec/.policy/._policy.txt:
    CA Cert Signing Authority (anything)
    MIIHPTCCBS... (root certificate)
    This will make it appear in the list of Java Root Certificates under Security Settings. That's all it does. The following two files are actually used by the JVM.

  2. Add the certificate to /ezxlocal/download/java/.policy/._policy.txt:
    domain: C=;L=;O=Root CA;OU=;CN=CA Cert Signing Authority
    AAAcHBwcHB... (copy this from the UTI certificate)
    MIIHPTCCBS... (root certificate)
    FrUyG9TH8+DmjvO90rA67rI5GNE= (unknown)
    1049027389 (start date)
    1995712189 (end date)
  3. Add the certificate to /usr/securesetup/.policy/_devdomain.txt:
    domain: CA Cert root certificate (anything)
    type: 2
    rootcert: MIIHPTCCBS... (root certificate)
    allowchangestatus: 0
  • Where the root certificate is specified, it's in DER format and Base64 encoded all on one line.
  • I copied the unknown part in the second policy file from the UTI certificate and it was automatically updated for me (including the domain DN).
  • Somehow /ezxlocal/download/java/.policy/._hmac.txt was not world readable, which is required to run the MIDlet from the menu.

Using signed MIDlets, I can finally set some of the permissions to "Never Ask" and avoid irritating prompts.

MIDlet certificate information

About this Entry

This page contains a single entry by Simon Arlott published on August 24, 2009 20:22.

Network Speakers was the previous entry in this blog.

Insoles is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Content authored by myself is just my honest opinion.

  • Linux
  • Get Firefox!
  • Get Thunderbird!