How to generate a new web.keystore for the BlackBerry Administration Service

Article ID: KB27980

Type: Support Content

Last Modified: 07-14-2014

 

Product(s) Affected:

  • BlackBerry Enterprise Server 5
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
  • BlackBerry Enterprise Server for Novell GroupWise
  • BlackBerry Enterprise Server Express for Microsoft Exchange
  • BlackBerry Enterprise Server Express for IBM Domino
Jump to: Environment | Overview
CollapseEnvironment
  • BlackBerry Enterprise Server 5.0 to 5.0 SP4
CollapseOverview

To generate a new web.keystore file, complete the following steps:

  1. Log on to the server on which the BlackBerry Administration Service is installed, using the correct BlackBerry service account.
  2. Stop the following BlackBerry Administration Service services:
    • BlackBerry Administration Service - Application Server
    • BlackBerry Administration Service - Native Code Container
  3. Back up the existing web.keystore file located in <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin
  4. Open a registry editor and navigate to the following location:
    • HKEY_CURRENT_USER\Software\Research In Motion\BlackBerry Enterprise Server\Administration Service\Key Store
  5. If a WebKeyStorePassIsEncrypted value doesn't exist, complete the steps outlined below in Steps to complete if password is not encrypted
  6. If a WebKeyStorePassIsEncrypted value exists and is set to 1, complete the steps outlined below in Steps to complete if password is encrypted

Steps to complete if password is not encrypted

  1. Locate the following registry key and note the value:
    • HKEY_CURRENT_USER\Software\Research In Motion\BlackBerry Enterprise Server\Administration Service\Key Store\WebKeyStorePass
  2. If no value exists for the WebKeyStorePass registry entry, choose a password and enter it as the value of the registry key.
  3. Open a command prompt (Run as Administrator) and change the directory to <drive>:Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin
  4. The following commands can be used to recreate the web.keystore file:
    • For a 32-bit Windows operating system: webGenKey.bat "JavaPath" "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS" NewKeyStorePassword FQDN_of_BAS_or_BAS_Pool_Name
    • For a 64-bit Windows operating system: webGenKey.bat "JavaPath" "<drive>:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BAS" NewKeyStorePassword FQDN_of_BAS_or_BAS_Pool_Name

      Note:
      • Replace JavaPath with the installation location of Java.
      • Replace NewKeyStorePassword with the password from step 1 or 2.
      • Replace FQDN_of_BAS_or_BAS_Pool_Name with the fully qualified domain name of either the server on which the BlackBerry Administration Service is installed, or the BlackBerry Administration Service pool name used in the environment.
         
    • Example:
      webGenKey.bat "C:\Program Files\Java\jre1.6.0_18\" "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS" keystorepass fqdn.of.bas.or.bas.pool.name.com 
       
  5. Once the command has been executed, verify that a new or updated web.keystore file now exists in <drive>:Program Files\Research In Motion\ BlackBerry Enterprise Server\BAS\bin (for a 32-bit Windows operating system) or <drive>:Program Files (x86)\Research In Motion\ BlackBerry Enterprise Server\BAS\bin (for a 64-bit Windows operating system).
  6. Start the following BlackBerry Administration Service services:
    • BlackBerry Administration Service - Application Server
    • BlackBerry Administration Service - Native Code Container
  7. Open the BlackBerry Administration Service web console and confirm it is accessible.

Steps to complete if password is encrypted

  1. Open a command prompt (Run as Administrator) and change the directory to <drive>:Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin
  2. The following commands can be used to recreate the web.keystore file:
    • For a 32-bit Windows operating system: webGenKey.bat "JavaPath""<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS" NewKeyStorePassword FQDN_of_BAS_or_BAS_Pool_Name
    • For a 64-bit Windows operating system: webGenKey.bat "JavaPath" "<drive>:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BAS" NewKeyStorePassword FQDN_of_BAS_or_BAS_Pool_Name
      Note:
      • Replace JavaPath with the installation location of Java.
      • Replace NewKeyStorePassword with a new password value.
      • Replace FQDN_of_BAS_or_BAS_Pool_Name with the fully qualified domain name of either the server on which the BlackBerry Administration Service is installed, or the BlackBerry Administration Service pool name used in the environment.
         
    • Example:
      webGenKey.bat"C:\Program Files\Java\jre1.6.0_18\" "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS" keystorepass fqdn.of.bas.or.bas.pool.name.com
       
  3. Once the command has been executed, verify that a new or updated web.keystore file now exists in <drive>:Program Files\Research In Motion\ BlackBerry Enterprise Server\BAS\bin (for a 32-bit Windows operating system) or < drive>:Program Files (x86)\Research In Motion\ BlackBerry Enterprise Server\BAS\bin (for a 64-bit Windows operating system)
  4. Launch the BlackBerry Server Configuration Panel (Note: If using Windows Server 2008, the configuration panel must be run as Administrator).
  5. Click on the Administration Service - Web keystore tab.
  6. In the Old Password field, type the key store password used in Step 2.
  7. Enter, and verify, a new password in the New Password and Confirm New Password field.
  8. Click Apply and then click OK. A message indicating the password was successfully changed should appear.
  9. Start the following BlackBerry Administration Service services:
    • BlackBerry Administration Service - Application Server
    • BlackBerry Administration Service - Native Code Container
  10. Open the BlackBerry Administration Service web console and confirm it is accessible.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.