Port3101.org : Your BES Connection

Port3101.org : Your BES Connection (http://www.port3101.org/index.php)
-   Featured BlackBerry KB Articles (http://www.port3101.org/forumdisplay.php?f=3)
-   -   KB16159 - How to import and use a third-party signed certificate with BES MDS IS (http://www.port3101.org/showthread.php?t=1329)

hdawg 06-18-2009 04:53 PM

KB16159 - How to import and use a third-party signed certificate with BES MDS IS
 
KB16159 - How to import and use a third-party signed certificate with BlackBerry MDS Integration Service

Environment

<content>
  • BlackBerry® Enterprise Server
  • BlackBerry® Mobile Data System (BlackBerry MDS) Integration Service
</content>
<hr class="section">
Overview

<content> To import and use a third-party signed certificate with BlackBerry MDS Integration Service, complete the following steps:
  1. Create a backup of the following file: C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key.
  2. Open a command prompt and type cd C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\jre\bin.
  3. Generate a Self-Signed Certificate using the following command. This is the certificate you will authorize with the Certificate Authority.
    Keytool -genkey -v -keyalg RSA -validity 3652 -dname "CN=<host domain name>, OU=<department name>, O=<company name>, L=<city name>, S=<state/province name>, C=<country name>" -alias <key name alias> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -keypass <key password>
  4. Generate a Certificate Signing Request. This file will be used by the Certificate Authority to generate the required signed certificate.
    keytool -certreq -v -alias <key name alias> -file C:\<filename>.csr -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>
  5. Import the signed certificate generated by the Certificate Authority by installing the Issuing Server Certificate into the keystore using the following process. Be sure to choose Yes when asked whether to trust the certificate.
    keytool -import -v -alias FreeSSL -file C:\freessl.crt -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>
    Owner: CN=UTN-USER<Company Name>, OU=<certificate authority domain>, O=<certificate authority name>, L=<city name>, ST=<state/province code>,C=<country code>

    Issuer: CN=UTN-USER<Company Name>, OU=<certificate authority domain>, O=<certificate authority name>, L=<city name>, ST=<state/province code>, C=<country code>

    Serial number: 000000000000000000000000000000000

    Valid from: Fri Jul 09 14:48:39 EDT 1999 until: Tue Jul 09 14:57:49 EDT 2019

    Certificate fingerprints:

    MD5: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

    SHA1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

    Trust this certificate? [no]: yes
    Certificate was added to keystore

    [Storing C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key]
  6. Import the signed SSL Certificate from the Certificate Authority based on the .cer file that you generated in Step 4.
    keytool -import -v -alias <key name alias> -file C:\<filename>.crt -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>



    Certificate reply was installed in keystore

    [Storing C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key]
  7. Remove the certificates that were installed by default so that they can be replaced by the aliases with the new signed certificate.
    keytool -delete -alias <certificate alias name 1> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>
    keytool -delete -alias <certificate alias name 2> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>
  8. Alias the externally signed certificate <key name alias> to <certificate alias name 1> and <certificate alias name 2>.
    keytool -keyclone -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -alias <key name alias> -dest <certificate alias name 1> -keypass <key password> -new <new key password>
    keytool -keyclone -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -alias <key name alias> -dest <certificate alias name 2> -keypass <key password> -new <new key password>
  9. Restart the BlackBerry MDS Integration Service in the Windows® Services panel, and start BlackBerry Manager.
</content>


All times are GMT -4. The time now is 11:16 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.


SEO by vBSEO 3.3.2 PL2