Symbian3/PDK/Source/GUID-DD7D5D55-A2F1-54FB-AA38-B4A7C920B6A6-GENID-1-12-1-26-1-1-10-1-6-1-4-1-4-1-7-1.dita
Week 28 contribution of PDK documentation content. See release notes for details. Fixes bugs Bug 1897, Bug 344, Bug 2681, Bug 463, Bug 1522.
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License
"Eclipse Public License v1.0" which accompanies this distribution,
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
Nokia Corporation - initial contribution.
Contributors:
-->
<!DOCTYPE concept
PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept id="GUID-DD7D5D55-A2F1-54FB-AA38-B4A7C920B6A6-GENID-1-12-1-26-1-1-10-1-6-1-4-1-4-1-7-1" xml:lang="en"><title>Manipulating
Applicability and Trust Settings for a Certificate</title><prolog><metadata><keywords/></metadata></prolog><conbody>
<p>A certificate can be trusted for a certain task or application. Currently,
the following applications are defined: </p>
<ul>
<li id="GUID-7AA1F386-C411-5C87-B234-9FEC74ADE9A0"><p>Software installation
(SWInstall) </p> </li>
<li id="GUID-7C7932B0-CF2F-5A07-9873-FC24BDAFBA29"><p>Signature verification
of OCSP response (SWInstallOCSP) </p> </li>
<li id="GUID-24224A47-76A0-578E-8FCD-7658640B568A"><p>TLS/SSL authentication
(TLS/SSL) </p> </li>
</ul>
<p>The SWInstall application allows us to use a given certificate to verify
the signature of the signed sis files you want to install. A certificate with
SWInstallOCSP applicability can be used to verify the signature of OCSP responses. </p>
<p>Certificate can be used to perform TLS and SSL authentication. Certificates
are trusted to do that with the TLS/SSL application. </p>
<p> <codeph>certtool</codeph> offers three commands to manipulate the applications
of a given certificate: setapps, addapps and removeapps. </p>
<p>For this to work, <filepath>certclients.dat</filepath> should exist in <filepath>c:\private\101f72a6\</filepath> with
the required application. </p>
<p><b>The setapps command </b> </p>
<p>The setapps command can be used to set the applications a specific certificate
can be used for. For instance, update the applications of the CertCA certificate.
Initially it is trusted for SWInstall: </p>
<p><userinput>certtool –list CertCA</userinput> </p>
<codeblock id="GUID-A38ABE67-FDCD-547B-A3C7-0949FDC5D950" xml:space="preserve">Symbian CertStore Manipulation Tool
Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved.
Label: TCA Format: X509 Owner Type: Root (CA)
Issuer Name: CertCA Subject Name: CertCA
Valid From: 16:36:00 Tue 12th May 2009 Valid Until: 16:36:00 Tue 11th May 2010
Trusted for Applications: SWInstall</codeblock>
<p>Change the applications using the setapps command. Set the applications
to SSL/TLS: </p>
<p><userinput>certtool –setapps –apps SSL/TLS TestCA</userinput> </p>
<codeblock id="GUID-3B74BA88-9944-599A-AE9C-B8EEF7D57070" xml:space="preserve">Symbian CertStore Manipulation Tool
Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved.
Certificate applications set successfully
Label: TestCA Format: X509 Owner Type: Root (CA)
Issuer Name: CertCA Subject Name: CertCA
Valid From: 16:36:00 Tue 12th May 2009 Valid Until: 16:36:00 Tue 11th May 2010
Trusted for Applications: SSL/TLS</codeblock>
<p>The TestCA certificate is now trusted for server authentication with SSL
and TLS. If the specified applications are not recognized, an error will occur: </p>
<codeblock id="GUID-10F4F705-5B67-58C4-9C0A-964DF78C77A1" xml:space="preserve">Symbian CertStore Manipulation Tool
Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). All rights reserved.
No valid applications specified, try one of:
[SWInstall, SWInstallOCSP, SSL/TLS]</codeblock>
<p>Remember that applications are case sensitive. </p>
<p>You can also set the applications using UIDs, for example: </p>
<p><userinput>certtool –setapps –uids 0x100042AB abc</userinput> </p>
<p><b>The addapps command </b> </p>
<p>If you want to add again SWInstall to the applications TestCA is trusted
for, you can use the setapps command to accomplish our goal. But you would
need to specify all the applications, for example: </p>
<p><userinput>certtool –setapps –apps SSL/TLS SWInstall TestCA</userinput> </p>
<p>The addapps command gives a shortcut. It enables you to specify an application
which will be added to the existing ones: </p>
<p><userinput>certtool –addapps –apps SWInstall TestCA</userinput> </p>
<p>You can also add the applications using UIDs, for example: </p>
<p><userinput>certtool –addapps -uids 0x101F9B28 abc</userinput> </p>
<p><b>The removeapps command </b> </p>
<p>The removeapps command is essentially dual to addapps. It helps to remove
apps from those a certificate is trusted for. </p>
<p><userinput>certtool –removeapps –apps SWInstall TestCA</userinput> </p>
<p>You can also remove the applications using UIDs, for example: </p>
<p><userinput>certtool -removeapps –apps 0x101F9B28 abc </userinput> </p>
<p>Remember that applications and labels are case sensitive. </p>
</conbody><related-links>
<link href="GUID-F6C20181-0F03-5B8A-B548-C81FF8824503.dita"><linktext>Working with
Multiple Certificate Store Implementations</linktext></link>
<link href="GUID-88EC0D74-5595-5FA8-B7BA-B914CC8022FB.dita"><linktext>Listing Contents
of Certificate Stores</linktext></link>
<link href="GUID-6CDB86E4-89BB-5266-8CEC-7353B664D638.dita"><linktext>Importing
Certificates</linktext></link>
<link href="GUID-DCC2060B-BFEC-5ECF-8154-5AE9C8513F75.dita"><linktext>Removing
Certificates</linktext></link>
</related-links></concept>