Unable to browse to some HTTPS websites

Article ID: KB27977

Type: Support Content

Last Modified: 02-06-2012

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0 SP3
  • DT 1649532
CollapseOverview

Even though the BlackBerry® MDS Connection Service has been configured to allow access to untrusted HTTPS servers, attempting to browse to some HTTPS websites may result in the following error message:

Your MDS has been configured to deny SSL requests to servers that have certificates which are untrusted or expired.  Try using device side SSL which can be modified in your TLS Options.

When this error is received on the BlackBerry smartphone the following will be printed in the MDAT log:

<2011-06-07 13:19:46.811 EDT>:[213]:<MDS-CS_SERVERNAME_MDS-CS_1>:<DEBUG>:<LAYER = IPPP, Access Denied: Insecure SSL Request>

CollapseCause
The BlackBerry Enterprise Server is unable to process the Service URL RegEx expression on the HTTPS tab of the MDS Connection Service properties within the BlackBerry Administrations Service console.
CollapseResolution
This is a previously reported issue that is being investigated by our development team. No resolution time frame is currently available.
CollapseWorkaround

Configure the following IT policy rules:

  • TLS Disable Invalid Connection = Prompt
  • TLS Disable Weak Ciphers = Prompt
  • TLS Prevent Unmatched Domain Name = Prompt
  • TLS Device Side Only = Yes
  • TLS Disable Weak Digests = Prompt
  • TLS Disable Untrusted Connection = Prompt

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.