diff -r e0d6e9bd3ca7 -r bf7ee68962da javacommons/security/src/midpauthenticationmoduleimpl.cpp
--- a/javacommons/security/src/midpauthenticationmoduleimpl.cpp	Tue Jul 06 14:10:26 2010 +0300
+++ b/javacommons/security/src/midpauthenticationmoduleimpl.cpp	Wed Aug 18 09:43:15 2010 +0300
@@ -15,7 +15,7 @@
 *
 */
 
-
+#include "javacommonutils.h"
 #include "javajniutils.h"
 #include "com_nokia_mj_impl_security_midp_authentication_AuthenticationModule.h"
 #include "midpauthenticationmodule.h"
@@ -472,7 +472,22 @@
         if (X509_verify_cert(x509_ctx) != 1)
         {
             ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx));
-            break;
+            // If the secure time of the device has not yet been set
+            // to correct value (This can happen some times during
+            // the first device boot),
+            // allow installing with not yet valid certificates
+            if (KCertNotYetValidFailure == ret_code)
+            {
+                if (JavaCommonUtils::isFirstBoot())
+                {
+                    ret_code = KCertAndSignatureOk;
+                }
+            }
+
+            if (KCertAndSignatureOk != ret_code)
+            {
+                break;
+            }
         }
         // verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing)
         // or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension)