How to load a personal certificate for EAP-TLS onto a BlackBerry smartphone

Article ID: KB13492

Type: Support Content

Last Modified: 02-15-2012


Product(s) Affected:

  • BlackBerry Desktop Software for Windows
  • BlackBerry® Desktop Manager
  • Wi-Fi® enabled BlackBerry® smartphones

Extensible Authentication Protocol, or EAP, is an authentication framework that is used frequently in wireless networks and Point-to-Point connections.

EAP-Transport Layer Security (EAP-TLS) is a standard wireless LAN EAP authentication protocol that is considered one of the most secure EAP standards available that is universally supported by manufacturers of wireless LAN hardware and software. What makes EAP-TLS authentication strength one of the most secure types of authentication is the requirement for a client side certificate.

These certificates can be implemented in to the BlackBerry Solution by loading them on to BlackBerry handhelds as directed in the steps below:


  1. Download the personal certificate from the certificate authority to the computer.
  2. On the computer, right-click on the personal certificate.
  3. Click Install certificate.
  4. Click Next.
  5. Click Place all certificates in the following store.
  6. Click Browse.
  7. Click Personal.
  8. Click OK.
  9. Click Finish.
  10. In the Security Warning dialog box, click Yes.
  11. Connect a BlackBerry smartphone to BlackBerry Desktop Manager.
  12. In BlackBerry Desktop Manager, double-click Synchronize Certificates.

    Note: If the certificate synchronization tool is not installed on the computer, re-install the BlackBerry® Desktop Software using the custom installation option. During the custom installation, install the certificate synchronization tool.

  13. On the Personal Certificates tab, select the personal certificate to load onto the BlackBerry smartphone.
  14. Click Synchronize to load a certificate on the BlackBerry smartphone.


CollapseAdditional Information

The following are alternative methods of loading personal certificates:

  1. Browser Plugin - If a web page has the appropriate Multipurpose Internet Mail Extension (MIME) type set and the .cer file type is used, click the link to the certificate and import or view the certificate wirelessly.
  2. Email messages - Certificates included as email attachments can also be imported manually when received on the BlackBerry smartphone.
  3. OTACR - Certificates can be enrolled through BlackBerry Enterprise Server 5.0 using Over the air certificate request.  Information on implementing OTACR can be found in the BlackBerry Enterprise Server Administration Guide.


By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.

Visit the BlackBerry Technical Solution Center at