Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection



Reply
LinkBack (5) Thread Tools Display Modes
KB16159 - How to import and use a third-party signed certificate with BES MDS IS
 
  5 links from elsewhere to this Post. Click to view. #1 (permalink)  
Old 06-18-2009, 04:53 PM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default KB16159 - How to import and use a third-party signed certificate with BES MDS IS

KB16159 - How to import and use a third-party signed certificate with BlackBerry MDS Integration Service

Environment

  • BlackBerry® Enterprise Server
  • BlackBerry® Mobile Data System (BlackBerry MDS) Integration Service



Overview

To import and use a third-party signed certificate with BlackBerry MDS Integration Service, complete the following steps:
  1. Create a backup of the following file: C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key.
  2. Open a command prompt and type cd C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\jre\bin.
  3. Generate a Self-Signed Certificate using the following command. This is the certificate you will authorize with the Certificate Authority.
    Keytool -genkey -v -keyalg RSA -validity 3652 -dname "CN=<host domain name>, OU=<department name>, O=<company name>, L=<city name>, S=<state/province name>, C=<country name>" -alias ey name alias> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -keypass <key password>
  4. Generate a Certificate Signing Request. This file will be used by the Certificate Authority to generate the required signed certificate.
    keytool -certreq -v -alias <key name alias> -file C:\<filename>.csr -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass >
  5. Import the signed certificate generated by the Certificate Authority by installing the Issuing Server Certificate into the keystore using the following process. Be sure to choose Yes when asked whether to trust the certificate.
    keytool -import -v -alias FreeSSL -file C:\freessl.crt -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>
    Owner: CN=UTN-USER<Company Name>, OU=<certificate authority domain>, O=<certificate authority name>, L=<city name>, ST=<state/province code>,C=<country code>

    Issuer: CN=UTN-USER<Company Name>, OU=<certificate authority domain>, O=<certificate authority name>, L=<city name>, ST=<state/province code>, C=<country code>

    Serial number: 000000000000000000000000000000000

    Valid from: Fri Jul 09 14:48:39 EDT 1999 until: Tue Jul 09 14:57:49 EDT 2019

    Certificate fingerprints:

    MD5: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

    SHA1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

    Trust this certificate? [no]: yes
    Certificate was added to keystore

    [Storing C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key]
  6. Import the signed SSL Certificate from the Certificate Authority based on the .cer file that you generated in Step 4.
    keytool -import -v -alias <key name alias> -file C:\<filename>.crt -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>



    Certificate reply was installed in keystore

    [Storing C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key]
  7. Remove the certificates that were installed by default so that they can be replaced by the aliases with the new signed certificate.
    keytool -delete -alias <certificate alias name 1> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>
    keytool -delete -alias <certificate alias name 2> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>
  8. Alias the externally signed certificate <key name alias> to <certificate alias name 1> and <certificate alias name 2>.
    keytool -keyclone -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -alias <key name alias> -dest <certificate alias name 1> -keypass <key password> -new <new key password>
    keytool -keyclone -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -alias > -dest <certificate alias name 2> -keypass <key password> -new <new key password>
  9. Restart the BlackBerry MDS Integration Service in the Windows® Services panel, and start BlackBerry Manager.
__________________
http://blog.port3101.org/hdawg/
Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: http://www.port3101.org/featured-blackberry-kb-articles/1329-kb16159-how-import-use-third-party-signed-certificate-bes-mds.html
Posted By For Type Date
Untitled document This thread Refback 09-03-2009 05:02 PM
Untitled document This thread Refback 08-21-2009 07:02 AM
Untitled document This thread Refback 06-23-2009 03:44 AM
Untitled document This thread Refback 06-20-2009 02:17 AM
Untitled document This thread Refback 06-18-2009 05:00 PM

Similar Threads
Thread Thread Starter Forum Replies Last Post
Where is the Blackberry MDS certificate?????? gpalmer Port 3101: The BES Admin Bar & Grill 13 09-15-2010 03:08 AM
BES 5.0 - Installing an SSL Certificate for BAS/WDM Otto Port 3101: The BES Admin Bar & Grill 7 05-28-2010 04:46 PM
Load Balancer Configuration and SSL Certificate Placement with BAS Otto Port 3101: The BES Admin Bar & Grill 3 11-17-2009 12:01 AM
KB12887 - How to import a non-default SSL certificate after the installation of BAS hdawg Featured BlackBerry KB Articles 0 07-21-2009 05:27 PM
KB16375 - Processing a multipart/signed message with attachment causes a server crash hdawg Featured BlackBerry KB Articles 0 01-05-2009 12:14 PM


All times are GMT -4. The time now is 10:27 PM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.


 

SEO by vBSEO 3.3.2 PL2