0. Mandatory signing

Signing is mandatory in S60 3rd Edition, so to be able to test the application on a real device, you need to sign it first. Otherwise the installation fails. How the signing is done, depends on the application.

Symbian Signed certification is not mandatory in all cases. If your application uses only unrestricted APIs or user-grantable capabilities, and you don't see any business value of getting the application Symbian Signed, you can self-sign the application using the SDK tools before delivering it.

• If the application needs no capabilities or only user-grantable ones, the signing can be done with developer’s self-issued certificate. The tools provided with the SDK allow you to generate your own customized certificate.
• If the application needs higher capabilities it has to be signed with a trusted certificate issued by Symbian.
• During development stage the certificate to be used is the Symbian Developer Certificate, obtainable from www.symbiansigned.com. See section 4 below.
• For the commercial release the application must be signed through the Symbian Signed certification program. See section 5 below.

Notice that in Nokia Eseries devices you need to change the default software installation setting to “All” to allow installation of self-signed applications (Tools -> App. Manager -> Options -> Settings).

1. Account to Symbian Signed

Register to Symbian Signed at www.symbiansigned.com. Familiarize yourself with the material provided at the site and download the following:

• DevCertRequest Tool
  This free tool is needed to create a developer certificate request file (.csr).
• Symbian Signed test criteria
  This document describes the test cases, which application must pass to be Symbian Signed.
• AppTest Lite tool (automated test tool)
  This free tool is used to in the pretesting phase to check that the application meets Symbian Signed test criteria.

Also request an Application UID for your application. For details, see www.symbiansigned.com/app/page/uid/requestType.jsp.

2. ID Certificate

An ID Certificate is used to identify the developer.

• The ID Certificate identifies where the submitted application came from and ensures that the material had not been changed after leaving the provider.
• The ID Certificate is mandatory in Symbian Signed, so if you plan to submit an application to Symbian Signed, request the ID Certificate sufficiently early.
• If you require a Developer Certificate with certain sensitive capabilities, the ID Certificate is needed for a Developer Certificate request. Purchase the ID Certificate from www.trustcenter.de/order/publisherid/dev.

3. Forum Nokia

Get familiar with the material provided at www.forum.nokia.com/testing and www.forum.nokia.com/platformsecurity. Check the FAQs and download and read the following:

4. Testing in the development phase

Signing is mandatory in S60 3rd Edition, so to be able to test the application on a real device, you need to sign it first. Otherwise the installation fails. How the signing is done, depends on the application.

Self-created certificate
If your application doesn’t need any capabilities, or needs capabilities which the user can grant at the installation time, you can create a certificate with the tools (makekeys and signsis or createsis) provided in the S60 3rd Edition SDK. For details, check the document How To Sign sis Files provided in the SDK Help.

Please bear in mind that the Carbide.c++ version 1.1 onwards will automatically sign the SIS files it generates.

Symbian developer certificate

1. If your application needs capabilities, which the user cannot grant, you need to request a Symbian developer certificate at www.symbiansigned.com.
2. You need to login to the portal to be able to make developer certificate request.
3. Use the DevCertRequest tool to make a developer certificate request file (.csr).
4. Upload the file via the Symbian Signed portal.
5. If you need sensitive, manufacturer-approvable capabilities, select the link “Request Phone Manufacturer Approved DevCerts” when making the request.

Meeting the test criteria
Test your application properly. Make sure that the application meets the required test criteria. If your application uses some sensitive capabilities, be aware that the in addition to meeting Symbian Signed test criteria (please find the criteria from: www.symbiansigned.com), the application must meet Nokia test criteria (please find the criteria from: www.forum.nokia.com/testing - Documents). The test cases that apply to applications with sensitive capabilities are marked with an asterisk (*) in the test criteria.

Find out the most common reasons that applications fail Symbian Signed and Nokia tests and make sure that your application doesn’t have the same failures:

• Most common failure reasons in Symbian Signed tests are available here.
• Most common failure reasons in Symbian Signed and Nokia tests list are available here.

Use the AppTest Lite tool to check that your application meets Symbian Signed test criteria.

5. Submission to final certification

When your application is ready and you have self-tested it properly, you can submit it to final certification. The channel you choose depends on the required capabilities:

Symbian Signed
If your application doesn’t need any sensitive capabilities, you can submit it to testing and certification via www.symbiansigned.com. Follow the submission instructions and submit a zip package, which contains the following files, to testing:

i. Sis file, signed with the ID Certificate
ii. Pkg file used to make the .sis file
iii. User manual or a “how to use the application” .txt file
iv. Release notes (known issues/limitations)

Symbian Signed for Nokia
If your application uses sensitive capabilities and is targeted at Nokia devices, you need to submit it to testing and certification via Symbian Signed for Nokia. Symbian Signed for Nokia is an invitation-only portal, so you need to have access rights to log in. Please communicate with your Nokia business contact or nokia.testing@nokia.com to request access rights. When you have the access rights, register to Symbian Signed for Nokia, read and accept the legal agreements, and submit the application via the portal. Follow the submission instructions and submit a zip package, which contains the following files, to testing:

i. Sis file, signed with an ID Certificate
ii. Pkg file used to make the .sis file
iii. User manual or a “how to use the application” .txt file
iv. Release notes (known issues/limitations)

However, notice that Symbian Signed is not mandatory in all cases. If your application uses only unrestricted APIs or user-grantable capabilities, and you don't see any business value of getting the application Symbian Signed, you can self-sign the application using the SDK tools before delivering it.