The MakeKeys tool is a PC-side stand-alone tool that helps you to create a private key-public key pair and generate certificate requests.
The following diagram illustrates the procedure for creating a private key, self-signed certificate and a certificate request file.
The private key can be specified as an argument while signing an installation file using the SignSIS tool. For details, see SignSIS.
Symbian developer must send the certificate request to a trusted third party, that is, a Certificate Authority (CA) for signing.
The CA verifies the identity of the originator of the certificate request. After verification, the CA signs the public key (contained in the certificate request) using the CA's private key and creates a signed certificate. This signed certificate is then sent back to the applicant.
The CA can return a single certificate or a file containing a chain of certificates. This includes intermediate certificates in addition to the CA's root certificate and the Symbian developer certificate.
The digital certificate returned by the CA must be bundled with the installation file to allow the digital signature to be verified. The self-signed certificate can then be discarded.