07-30-2009 03:25 PM
I downloaded and installed the BlackBerry Signing Authority tool, generated a Signer Name and ID (is it really mine to pick at random?), and emailed the file to myself. When I try to start the service it gets stuck in starting mode and never gets to the started state. What port does the service run on and how do I configure it?
Solved! Go to Solution.
07-30-2009 08:01 PM
Yep, you can pick any signer ID you want but it can't conflict with RIM's.
When the signing service starts it should pop up a dialog asking for the password to the keystore. Are you seeing the dialog?
What operating system are you using and are you trying this locally or via remote desktop?
The service runs on port 3600 but there's no configuration.
07-31-2009 11:30 AM
08-05-2009 09:41 AM
08-05-2009 11:04 AM
That didn't help. I allowed it to interact with the desktop and it still did not start.
Looking at the task manager, two process are running "RngMixer *32" and "websigner *32" but the status of the service is "in a state other than running or stopped." Nothing can be done until the process is killed (at which the status is installed and stopped).
08-06-2009 04:49 PM
I got the websigner to finally start by starting it on the console. If I logged on using remote desktop (same user as on console), I wouldn't get the prompts for passwords.
So now my problem is when a remote client tries to register his key. I keep getting a message saying "Password incorrect" and now my signing tool doesn't seem to want to sign cod files with my RIM provided keys anymore! I now get a bunch of:
Failed - See details
Error connecting to web signer from proxy
Response command invalid.
Is it not possible to have the one signature tool contact two separate signing authorities???
08-06-2009 05:47 PM - edited 08-06-2009 06:07 PM
The Signature Tool can contact multiple web signers. In fact, it's contacting three or four different websigners to obtain the standard RIM signatures. Check the sigtool.db file that tells the Signature Tool which customer ID to submit where to get the module hash signed with a particular key. Keep in mind that your customer ID/number for your own signing authority will be different from the ID/number for RIM's authorities.
As far as I can tell, the signing infrastructure works as follows. Every signing authority has a private/public key pair. Every client has a public/private key pair. Clients authenticate themselves to signing authorities using the combination of their customer ID and private key. After a signing authority has authenticated a client/customer (i.e., that this client indeed has posession of the private key corresponding to the customer's public key on record held by the signing authority), the signing authority signs with its private key the module hash provided by the customer. The client/customer then integrates this signature into the module. The BlackBerry OS can then verify the signatures, since it knows the public keys of RIM's standard signing authorities (e.g., RRT, RCR, RCC), and since the public keys of non-standard (third-party) signing authorities are explicitly handed to the OS by third-party modules wishing to protect their APIs or PersistentStorage. The "key" files (protected by PIN) issued by websigners for registering clients/customers simply enable the client/customer to securely report its public key to the signing authority so that the authority can permantently link a customer/client public key to a customer ID to complete the customer registration process.
In the light of the above, check whether the customer public key registration process updated the signing authority with the customer's public key and whether the correct entry (customer ID + websigner URL) was added the customer's sigtool.db.
08-06-2009 09:33 PM
I tried everything again and it worked. The RIM servers must have been down and for some reason when I tried registering with my server, it tried to validate something with the RIM servers and gave the bad error message "Password incorrect" - makes no sense but I'm ready to try signing my own files now.
Summary: on Windows Server 2003 - you must use the console to start the service.
Thanks to everyone who provided tips, etc.