How to configure BlackBerry MDS Connection Service to perform certificate searches using LDAPS

Article ID: KB20197

Type: Support Content

Last Modified: 12-14-2011

 

Product(s) Affected:

  • S/MIME Support Package for BlackBerry smartphones
  • BlackBerry Enterprise Server for Microsoft Exchange
CollapseEnvironment
  • BlackBerry® Enterprise Server 4.1 to 5.0 SP3
  • BlackBerry® Mobile Data System
CollapseOverview
The Mobile Data Service - Connection Service (MDS-CS) can be configured to allow LDAP (Lightweight Directory Access Protocol) certificate search by performing the tasks listed below.
CollapseResolution

Task 1 - Configure the MDS Connection Service


BlackBerry Enterprise Server 4.1

  1. Enter the LDAP certificate server host name.
  2. Enter the LDAP certificate server port configured on the LDAP certificate server. Note: The default port is 636.
  3. Enter the Microsoft® Active Directory® account and password that has permission to query the LDAP certificate server.
  4. Enter a default base query.
  5. Amend the query limit and data compression settings if necessary.

BlackBerry Enterprise Server version 5.0

  1. Launch the BlackBerry Administration Service.
  2. Navigate to BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > LDAP.
  3. Enter the LDAP certificate server host name and port in the Service URL field using the following format:
    • Hostname:Port
  4. Set Secure connection enabled to Yes.
  5. Click Save All.
  6. Navigate to BlackBerry Solution topology > BlackBerry Domain > Component view > Edit (MDS Connection Service) > Configuration sets.
  7. Add the LDAP configuration to a new or existing configuration set.
  8. Click Save all.
  9. Navigate to each BlackBerry MDS Connection Service instance in BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service > Edit (Servername_MDS-CS_x) > Component Configuration Sets and specify the configuration set that a BlackBerry MDS Connection Service instance will use.
  10. Click Save all.

Task 2 - Amend rimpublic.property file

  1. Within C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\<SERVER_NAME>\config, open rimpublic.property.
  2. Add application.handler.ldap.DEFAULT_USE_SSL_TLS=true
  3. Save the file.

Task 3 - Restart the BlackBerry MDS Connection Service to allow the changes to MDS_CS and rimpublic.property to apply.

Task 4 - Import company root certificate to the MDS keystore.

Refer to KB11623 - How to add a certificate for the web server to the BlackBerry MDS or BlackBerry MDS Keystore - and add the root certificate to the BlackBerry MDS keystore.

If the root certificate does not contain a CRL distribution point entry it will be necessary to add Intermediate certificates to the BlackBerry MDS keystore.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.