One of the main tasks confronted by developers wishing to sign their MIDlets is how to obtain a certificate suitable for their application. To decide the best approach, it is necessary to determine the target market. If the application is to be distributed via a particular developer program, such as Java VerifiedTM or programs provided by operators and portals, a good approach is to get a certificate from the program. In many cases the program will sign itself a MIDlet as part of their programs.
For an application aimed at other channels it is necessary to discover which root certificates are available in the target devices. This is not necessarily straightforward since there are variations on the set of certificates among different device manufacturers, operators, and device models. The best approach is to check the target device for the list of root certificates available and acquire the appropriate one. Entities emitting certificates should also be aware of their availability on different devices.
Once the Certificate Authority (CA) has been selected, it is necessary to purchase the certificate, usually for a fee and for a given period. The CA will normally verify the developer's identity to ensure that he or she is who he or she has claimed. Once this is done, the certificate is produced and delivered electronically, typically via e-mail or a Web page.
Note that a CA has normally many available certificate types for different purposes. Even for code signing there are several types, depending on the usage. The correct type for MIDlet signing, if not explicitly said, is a code-signing certificate for Java applications.