KB15973 - Prerequisites to use S/MIME on a BlackBerry smartphone activated on a BlackBerry Enterprise Server


Environment

• BlackBerry® Enterprise Server
• BlackBerry smartphones

---

Overview

To use Secure Multipurpose Internet Mail Extensions (S/MIME) on a BlackBerry smartphone activated on a BlackBerry Enterprise Server, the following are required:

1. BlackBerry smartphone
   • Install the S/MIME Support Package for BlackBerry® smartphones. If this Support Package is not installed before the BlackBerry smartphone is activated on the BlackBerry Enterprise Server, the BlackBerry smartphone must be re-activated once the Support Package is installed.
   • Configure a personal certificate to sign and encrypt email messages. Install this certificate on the BlackBerry smartphone by using any of the methods described in KB13355. If the certificate is located on a BlackBerry® Smart Card Reader, follow the instructions in KB13403.
   • If using a BlackBerry Smart Card Reader, the same version of the BlackBerry Smart Card Reader software must be installed on both the BlackBerry smartphone and the BlackBerry Smart Card Reader using the application loader tool in BlackBerry® Desktop Manager.
2. BlackBerry Desktop Manager (optional)
   • Install BlackBerry Desktop Manager with Certificate Synchronization. For more information, see KB16236.
3. BlackBerry Enterprise Server For BlackBerry Enterprise Server software version 4.1.x, complete the following steps:
   1. Open BlackBerry Manager.
   2. Click the icon for the BlackBerry Enterprise Server.
   3. Click the Server Configuration tab at the top of the screen.
   4. Click Edit Properties on the right side of the screen.
   5. In the new window, click Messaging.
   6. Scroll down to the section titled Secure Messages.
   7. Set Enable S/MIME Message Processing to True. This allows S/MIME messages to be processed by the BlackBerry Enterprise Server.
   For BlackBerry Enterprise Server software version 4.0.x, complete the following steps:
   
   1. Open BlackBerry Manager.
   2. Right-click the icon for the BlackBerry Enterprise Server.
   3. In the new window, click the Message Options tab.
   4. Scroll down to the section titled Encrypted messages.
   5. Make sure that the Support S/MIME encrypted messages on this server option is selected. This allows S/MIME email messages to be processed by the BlackBerry Enterprise Server.

__________________
http://blog.port3101.org/hdawg/

The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.

Too bad it still takes so long to get SMIME going on each device. Compared to just a wireless activation that is. Since SMIME CALs are free now, we had a request to setup S/MIME on all devices (6200). When I showed them how much time it would take per each one, they changed it to VIPs and others only on specific request.

re: #1 above - With v4.5 and later of the device software we no longer have to install the SSP, but you still need to use app loader to check the box for S/MIME support. It would be nice if web desktop manager did the cert synch too.

Exactly the biggest problem with its deployment

__________________
http://blog.port3101.org/hdawg/

The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.