For developer certificates, the limtied lifetime is probably okay, because they are , but I personally believe that the restriction on makekeys certificates that may be used in released software is quite a problem, because we will probably have a lot SIS files half a year from now that have been put onto various web sites, CDs etc. and that will no longer install. Sort of a smaller version of the Y2K problem... ;-)

For now, the best thing seems to be to use something like OpenSSL to create certificates that are valid for as long as you like.

In the long run, I believe makekeys should be very explicit about the lifetime of a certificate it generates, and allow overriding the default expiry date.

How do you make your own certificate with OpenSSL that will eventually be trusted by some root certificates provisioned on the phone?

Tote

For software installation you don't. In practise someone would need to place the public key to the phone and assign it for software installation.

For SSL the story is bit different. You could do X509 certificates and for S60 they have to be DER encoded. Then you'd need to import them to the device:
1. Export the certificate in DER format (without private key)
2. If the certificate file extension is .cer change it to .der
3. Copy the certificate file to your Web server
4. Set the MIME type for the directory where the certificate is as application/x-x509-ca-cert
5. Use the web browser in the S60 device to browse the certificate
6. Import the certificate

As Risto said, you can't make a cert yourself that is trusted by the roots on the phone, but you can make a self-signed certificate with a longer validity period.

For example, here are the commands I used with OpenSSL to create a 10-year self-signed certificate:

openssl genrsa 1024 >selfsigned.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key selfsigned.key >selfsigned.cer

(inspired by the instructions here: http://sial.org/howto/openssl/self-signed/)

how can i get or make certificate key for my software 3.0 edition? i cannot make sis due of certificate is missing or not found.

Please use the makekeys application. It comes with the SDK.

please give me some advice about how i can solve a problem with Certificates:

I doing this steps:
1. Create a new project
2. Change the Active Build configuration to Phone.
3. Build project.
4. Start the *.sis file

after 4th the phone displaying the message: "Certificate is not correct. "

That sounds like you have not signed the application. I cannot remember the exact location in Carbide where the certificate needs to be defined. But it is in the Properties. You can create a certificate pair with makekeys from the SDK.

The other thing could be that you have just signed an application which actually needs capabilities.

OR

You have a E-Series device and you have not set the device to allow uncertified application installation. This you can do from the App. manager - Options - Settings - Software installation: All