Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
pfbertrand
Posts: 32
Registered: ‎11-21-2008
My Device: Not Specified
Accepted Solution

Can't start websigner service

I downloaded and installed the BlackBerry Signing Authority tool, generated a Signer Name and ID (is it really mine to pick at random?), and emailed the file to myself.  When I try to start the service it gets stuck in starting mode and never gets to the started state.  What port does the service run on and how do I configure it?

 

Thanks,

Philippe

Developer
Developer
gtj
Posts: 319
Registered: ‎07-20-2008
My Device: Not Specified

Re: Can't start websigner service

Yep, you can pick any signer ID  you want but it can't conflict with RIM's.

 

When the signing service starts it should pop up a dialog asking for the password to the keystore.  Are you seeing the dialog?

 

What operating system are you using and are you trying this locally or via remote desktop?

 

The service runs on port 3600 but there's no configuration.

 

 

Developer
pfbertrand
Posts: 32
Registered: ‎11-21-2008
My Device: Not Specified

Re: Can't start websigner service

The OS is Windows Server 2003 R2. I saw the screen, I setup the remote client database, but the service always shows as "Starting..." The remote client can't load the csi file because the server is not responding. I did notice the prot is listed as a configuration option in the properties.ini file. Reboot did not help. Thanks, Philippe
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: Can't start websigner service

It may be that you need to allow the signer service to interact with the desktop. The service shows a couple of password prompts at startup to decrypt the customer database and the private key used for signing. On Vista, for example, it's not very obvious that the service is trying to access the desktop -- a new button appears on the taskbar. If you press the button, you can access a separate desktop through which the service prompts you for passwords.
Developer
pfbertrand
Posts: 32
Registered: ‎11-21-2008
My Device: Not Specified

Re: Can't start websigner service

That didn't help.  I allowed it to interact with the desktop and it still did not start.

 

Looking at the task manager, two process are running "RngMixer *32" and "websigner *32" but the status of the service is "in a state other than running or stopped."   Nothing can be done until the process is killed (at which the status is installed and stopped).

Developer
pfbertrand
Posts: 32
Registered: ‎11-21-2008
My Device: Not Specified

Re: Can't start websigner service

I got the websigner to finally start by starting it on the console.  If I logged on using remote desktop (same user as on console), I wouldn't get the prompts for passwords.

 

So now my problem is when a remote client tries to register his key.  I keep getting a message saying "Password incorrect" and now my signing tool doesn't seem to want to sign cod files with my RIM provided keys anymore!  I now get a bunch of:

Failed - See details
Error connecting to web signer from proxy
Response command invalid.

Is it not possible to have the one signature tool contact two separate signing authorities???

Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: Can't start websigner service

[ Edited ]

The Signature Tool can contact multiple web signers. In fact, it's contacting three or four different websigners to obtain the standard RIM signatures. Check the sigtool.db file that tells the Signature Tool which customer ID to submit where to get the module hash signed with a particular key. Keep in mind that your customer ID/number for your own signing authority will be different from the ID/number for RIM's authorities.

 

As far as I can tell, the signing infrastructure works as follows. Every signing authority has a private/public key pair. Every client has a public/private key pair. Clients authenticate themselves to signing authorities using the combination of their customer ID and private key. After a signing authority has authenticated a client/customer (i.e., that this client indeed has posession of the private key corresponding to the customer's public key on record held by the signing authority), the signing authority signs with its private key the module hash provided by the customer. The client/customer then integrates this signature into the module. The BlackBerry OS can then verify the signatures, since it knows the public keys of RIM's standard signing authorities (e.g., RRT, RCR, RCC), and since the public keys of non-standard (third-party) signing authorities are explicitly handed to the OS by third-party modules wishing to protect their APIs or PersistentStorage. The "key" files (protected by PIN) issued by websigners for registering clients/customers simply enable the client/customer to securely report its public key to the signing authority so that the authority can permantently link a customer/client public key to a customer ID to complete the customer registration process.

 

In the light of the above, check whether the customer public key registration process updated the signing authority with the customer's public key and whether the correct entry (customer ID + websigner URL) was added the customer's sigtool.db. 

Message Edited by klyubin on 08-06-2009 11:07 PM
Developer
pfbertrand
Posts: 32
Registered: ‎11-21-2008
My Device: Not Specified

Re: Can't start websigner service

I tried everything again and it worked.   The RIM servers must have been down and for some reason when I tried registering with my server, it tried to validate something with the RIM servers and gave the bad error message "Password incorrect" - makes no sense but I'm ready to try signing my own files now.

 

Summary: on Windows Server 2003 - you must use the console to start the service.

 

Thanks to everyone who provided tips, etc.