Unable to access HTTPS sites with untrusted SSL certificates

Article ID: KB27716

Type: Support Content

Last Modified: 06-28-2013

 

Product(s) Affected:

  • BlackBerry 7 OS and earlier
  • BlackBerry Enterprise Server
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0 SP3
  • BlackBerry Enterprise Server 5.0 SP2
  • BlackBerry smartphones
  • DT 1649532
CollapseOverview

After configuring the BlackBerry Enterprise Server to allow access to HTTPS sites with untrusted certificates, the following error is displayed when attempting to browse to an HTTPS site with an untrusted certificate:

Access Denied:  Insecure SSL Request

Your MDS has been configured to deny SSL requests to servers that have certificates which are untrusted or expired.  Try using device side SSL which can be modified in your TLS Options.

CollapseCause

The BlackBerry Enterprise Server is unable to properly process the Service URL value.

CollapseResolution
This is a previously reported issue that is being investigated by our development team. No resolution time frame is currently available.
CollapseWorkaround

Configure the following IT policy rules to implement a server-side workaround:

  • TLS Disable Invalid Connection = Prompt
  • TLS Disable Weak Ciphers = Prompt
  • TLS Prevent Unmatched Domain Name = Prompt
  • TLS Device Side Only = Yes
  • TLS Disable Weak Digests = Prompt
  • TLS Disable Untrusted Connection = Prompt
CollapseAdditional Information
The HTTPS tab of the MDS Connection Service properties within the BlackBerry Administration Service allows a Service URL to be configured.  The Service URL field accepts a RegEx value that is used to pattern-match against URLs BlackBerry smartphones are trying to browse to.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.