How to import and use a third-party signed certificate with BlackBerry MDS Integration Service

Article ID: KB16159

Type: Support

Last Modified: 12-15-2011

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Novell GroupWise
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Lotus Domino
Jump to: Environment | Overview
CollapseEnvironment
  • BlackBerry® Enterprise Server
  • BlackBerry® Mobile Data System (BlackBerry MDS) Integration Service
CollapseOverview

To import and use a third-party signed certificate with BlackBerry MDS Integration Service, complete the following steps:

  1. Create a backup of the following file: C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key.
  2. Open a command prompt and type cd C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\jre\bin.
  3. Generate a Self-Signed Certificate using the following command. This is the certificate you will authorize with the Certificate Authority.

    Keytool -genkey -v -keyalg RSA -validity 3652 -dname "CN=<host domain name>, OU=<department name>, O=<company name>, L=<city name>, S=<state/province name>, C=<country name>" -alias <key name alias> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -keypass <key password>

  4. Generate a Certificate Signing Request. This file will be used by the Certificate Authority to generate the required signed certificate.

    keytool -certreq -v -alias <key name alias> -file C:\<filename>.csr -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>

  5. Import the signed certificate generated by the Certificate Authority by installing the Issuing Server Certificate into the keystore using the following process.  Be sure to choose Yes when asked whether to trust the certificate.

    keytool -import -v -alias FreeSSL -file C:\freessl.crt -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>

    Owner: CN=UTN-USER<Company Name>, OU=<certificate authority domain>, O=<certificate authority name>, L=<city name>, ST=<state/province code>,C=<country code>

    Issuer: CN=UTN-USER<Company Name>, OU=<certificate authority domain>, O=<certificate authority name>, L=<city name>, ST=<state/province code>, C=<country code>

    Serial number: 000000000000000000000000000000000

    Valid from: Fri Jul 09 14:48:39 EDT 1999 until: Tue Jul 09 14:57:49 EDT 2019

    Certificate fingerprints:

             MD5:  00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

             SHA1: 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

    Trust this certificate? [no]:  yes

    Certificate was added to keystore

    [Storing C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key]

  6. Import the signed SSL Certificate from the Certificate Authority based on the .cer file that you generated in Step 4.

    keytool -import -v -alias <key name alias> -file C:\<filename>.crt -keypass <key password> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>



    Certificate reply was installed in keystore

    [Storing C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key]

  7. Remove the certificates that were installed by default so that they can be replaced by the aliases with the new signed certificate.

    keytool -delete -alias <certificate alias name 1> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>

    keytool -delete -alias <certificate alias name 2> -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password>

  8. Alias the externally signed certificate <key name alias> to <certificate alias name 1> and <certificate alias name 2>.

    keytool -keyclone -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -alias <key name alias> -dest <certificate alias name 1> -keypass <key password> -new <new key password>

    keytool -keyclone -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDSS\config\security\server.key" -storepass <keystore password> -alias <key name alias> -dest <certificate alias name 2> -keypass <key password> -new <new key password>

  9. Restart the BlackBerry MDS Integration Service in the Windows® Services panel, and start BlackBerry Manager.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.