How to import a non-default SSL certificate after the installation of the BAS
Posted 07-24-2009 at 04:00 AM by hdawg
For those that have upgraded to BES 5.0 and are knee deep into the new management interface; the BAS, you'll notice that when you perform your installation the server uses a self-signed SSL certificate for encrypting the HTTPS connections.
While it is easy enough to either add the certificate to the trusted store / trusted root (Internet Explorer) or create an exception (Firefox) for a machine or two; I find it a hassle and would rather use either a 3rd party signed certificate or a certificate signed by another trusted root (perhaps an internal CA).
Taken from KB12887 - How to import a non-default SSL certificate after the installation of BAS ... here it is:
Task 1 - Reset the BlackBerry Administration Service key store password
Note: The steps in this task are based on the steps required to request a certificate from a Microsoft® Windows® Certificate Authority.
In the command prompt window used in Task 5, type keytool -import -alias httpssl -keystore "C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore" -file "C:\bascert.cer"
Task 7 - Restart the BlackBerry Administration Service
While it is easy enough to either add the certificate to the trusted store / trusted root (Internet Explorer) or create an exception (Firefox) for a machine or two; I find it a hassle and would rather use either a 3rd party signed certificate or a certificate signed by another trusted root (perhaps an internal CA).
Taken from KB12887 - How to import a non-default SSL certificate after the installation of BAS ... here it is:
Task 1 - Reset the BlackBerry Administration Service key store password
- Click Start > All Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
- Click the Administration Service - Cacerts keystore tab.
- Type a key store password in New Password and Confirm New Password.
- Open a command prompt.
- Change the directory to the bin folder for the appropriate version of the Java Runtime Environment (JRE). For example:
C:\Program Files\Java\jre1.6.0_07\bin - Type keytool -certreq -alias httpssl -keystore "C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore" -file "C:\certreq.csr"
- When prompted, enter the key store password that you created in Task 1.
Note: The steps in this task are based on the steps required to request a certificate from a Microsoft® Windows® Certificate Authority.
- Browse to the organization's certificate server using Microsoft® Internet Explorer®.
- Click Request a certificate.
- Click Advanced certificate request.
- Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file.
- Paste the full contents of the certreq.csr file into the Saved Request field.
- Choose Web Server from the Certificate Template drop-down list.
- Click Submit.
- Click Download certificate.
- Save the file to c:\bascert.cer when prompted.
- Browse to the organization's certificate server using Microsoft Internet Explorer.
- Click Download a CA Certificate, certificate chain, or CRL.
- Click Download CA Certificate.
- Save the file to c:\CAcert.cer when prompted.
- In the command prompt window used in Task 2, type keytool -import -alias cacert -keystore "C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore" -file "C:\CAcert.cer"
- Enter the key store password, and then press y when asked to trust this certificate.
In the command prompt window used in Task 5, type keytool -import -alias httpssl -keystore "C:\Program Files\Research in Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore" -file "C:\bascert.cer"
Task 7 - Restart the BlackBerry Administration Service
Total Comments 0
