Unable to access HTTPS sites with untrusted SSL certificates

Article ID: KB27716

Type: Support Content

Last Modified: 06-28-2013


Product(s) Affected:

  • BlackBerry 7 OS and earlier
  • BES5
  • BlackBerry Enterprise Server 5.0 SP3
  • BlackBerry Enterprise Server 5.0 SP2
  • BlackBerry smartphones
  • DT 1649532

After configuring the BlackBerry Enterprise Server to allow access to HTTPS sites with untrusted certificates, the following error is displayed when attempting to browse to an HTTPS site with an untrusted certificate:

Access Denied:  Insecure SSL Request

Your MDS has been configured to deny SSL requests to servers that have certificates which are untrusted or expired.  Try using device side SSL which can be modified in your TLS Options.


The BlackBerry Enterprise Server is unable to properly process the Service URL value.

This is a previously reported issue that is being investigated by our development team. A resolution is currently unavailable.

Configure the following IT policy rules to implement a server-side workaround:

  • TLS Disable Invalid Connection = Prompt
  • TLS Disable Weak Ciphers = Prompt
  • TLS Prevent Unmatched Domain Name = Prompt
  • TLS Device Side Only = Yes
  • TLS Disable Weak Digests = Prompt
  • TLS Disable Untrusted Connection = Prompt
CollapseAdditional Information
The HTTPS tab of the MDS Connection Service properties within the BlackBerry Administration Service allows a Service URL to be configured.  The Service URL field accepts a RegEx value that is used to pattern-match against URLs BlackBerry smartphones are trying to browse to.


By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.

Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.