This seems pretty basic but I can't find the info I'm looking for anywhere, particularly with regard to Android apps.
I am creating my release key (self-signed) and I am asked for lots of info:
With that in mind, I've got two basic questions about self-signed certificates used to distribute Android apps:
Thanks in advance!
Edit: More info on #1 above: if this is anything like SSL certs, then the Name, Organization and Country should be sufficient. But IS that the case? Pros and cons of leaving any/all the other fields blank? I can't be the only one who's wondered about this in terms of apps... and the Android docs I've read so far aren't helping clarify this.
For #2, it appears that changing the certificate means regenerating it, and signing with that new cert doesn't avoid the Market problem (it's like a whole new app, even if you sign with both the new AND old certs). So it's all the more important to get it right (yet sufficiently generic in case you move) the first time you sign the app.
The content of these fields are actually pretty irrelevant and are not generally seen by anyone other than you. You can leave empty fields wherever keytool will allow without consequence later.
Once you sign an apk with a keystore and upload it to the Android Market, you cannot sign that same package with another keystore. This is obviously done to prevent someone else from replacing your app with another.
For my keystore I put my personal information in it, set the expiration date for 999 years in the future and keep it safe and backed up.