Configure support for notification messages over HTTPS for BlackBerry MDS Runtime Applications on BlackBerry devices

Administration Guide

Overview: BlackBerry Enterprise Server
Log in to the BlackBerry Administration Service for the first time
Creating administrator accounts
Using an IT policy to manage BlackBerry Enterprise Solution security
Configuring security options
- Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other
- Controlling BlackBerry device access to the BlackBerry Enterprise Server
- Extending messaging security to a BlackBerry device
  - Extending messaging security using S/MIME encryption
    - Configure the BlackBerry Enterprise Solution to support S/MIME encryption
    - Configure encryption options for S/MIME-protected messages
- Enforcing secure messaging using classifications
- Generating organization-specific encryption keys for PIN message encryption
  - Generate a PIN encryption key
- Turn off BlackBerry services that the BlackBerry MDS Connection Service, BlackBerry Collaboration Service, and BlackBerry MVS provide
- When a BlackBerry device overwrites data in the BlackBerry device memory
  - Changing when a BlackBerry device cleans the BlackBerry device memory
  - Best practice: Configuring additional memory cleaner settings for BlackBerry devices
- Managing the BlackBerry MDS Integration Service certificate
  - Configuring the BlackBerry MDS Integration Service instances to use a trusted certificate
    - Create a CSR file for the BlackBerry MDS Integration Service trusted certificate
    - Import the trusted certificate into the BlackBerry MDS Integration Service key store
  - Generate a self-signed certificate for the BlackBerry MDS Integration Service
- Permit client authentication between the BlackBerry MDS Integration Service and web services that use self-signed certificates
- Configure support for notification messages over HTTPS for BlackBerry MDS Runtime Applications on BlackBerry devices
  - Import the X.509 certificate for the web service into the trust store of the BlackBerry MDS Integration Service
  - Import the X.509 certificate for the BlackBerry MDS Integration Service into the trust store of the JVM that runs the notification client
Configuring the BlackBerry Enterprise Server environment
Configuring user accounts
Assigning BlackBerry devices to users
Configuring BlackBerry Enterprise Server high availability
Configuring high availability for BlackBerry Enterprise Server components
Configuring BlackBerry Configuration Database high availability
Sending software and BlackBerry Java Applications to BlackBerry devices
Alternative methods for installing BlackBerry Java Applications on BlackBerry devices
Making BlackBerry MDS Runtime Applications and BlackBerry Browser Applications available to users
Configuring how users access enterprise applications and web content
Setting up the messaging environment
Configuring BlackBerry devices to enroll certificates over the wireless network
Making the BlackBerry Web Desktop Manager available to users
Configuring the BlackBerry Web Desktop Manager
Creating and configuring Wi-Fi profiles, VPN profiles, and VoIP profiles
Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices
Configuring software tokens for BlackBerry devices
Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager
Managing administrator accounts
Managing groups and user accounts
Using IT administration commands to protect a lost or stolen BlackBerry device
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices
Managing BlackBerry MDS Runtime Applications and BlackBerry Browser Applications
Managing how users access enterprise applications and web content
Managing organizer data synchronization
Managing your organization's messaging environment and attachment support
Managing instant messaging
Managing a BlackBerry Domain
BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring
BlackBerry Enterprise Server log files
BlackBerry Enterprise Solution connection types and port numbers
Troubleshooting
Glossary
Provide feedback
Legal notice

Search This Document

Download PDF

Developers can use the BlackBerry® Mobile Data System development tools to create BlackBerry® MDS Runtime Applications that can receive notification messages from a web service over HTTPS. To permit notification messages over HTTPS, the BlackBerry MDS Runtime Application must subscribe to the web service over HTTPS. If the subscription to the web service is done over HTTP, the notification messages are received over HTTP.

If you install BlackBerry MDS Runtime Applications that support notification messages over HTTPS on BlackBerry devices in your organization's environment, you must configure the BlackBerry MDS Integration Service and the notification client to support notification messages over HTTPS.

To configure support for notification messages over HTTPS, you must import the X.509 security certificate for the notification web service into the trust store of the BlackBerry MDS Integration Service. You must then import the X.509 security certificate for the BlackBerry MDS Integration Service into the trust store of the JVM that runs the notification client. The X.509 security certificate for the notification web service is used to complete an SSL handshake between the BlackBerry MDS Integration Service and the notification web service. The X.509 security certificate for the BlackBerry MDS Integration Service is used to complete an SSL handshake between the notification client and the BlackBerry MDS Integration Service.

By default, the BlackBerry MDS Integration Service uses port 7092 for incoming notification messages over HTTPS.

Import the X.509 certificate for the web service into the trust store of the BlackBerry MDS Integration Service

Before you begin: Export the X.509 security certificate for the notification web service in .der file format and save the X.509 security certificate in the local file system.

In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Integration Service.
Click the instance that you want to change.
In the Certificates list, click Add new certificates.
In the Alias name field, type a name for the certificate.
In the Data source file section, click Browse.
Navigate to the X.509 security certificate that you want to add.
Click Add certificate.

After you finish: Permit BlackBerry MDS Runtime Applications to access web services using HTTPS.

Import the X.509 certificate for the BlackBerry MDS Integration Service into the trust store of the JVM that runs the notification client

Using a web browser, browse to https://<BlackBerry_MDS_Integration_Service_cluster_name>:7443 By default, 7443 is the communications port that is used for HTTPS. If you changed this port when you installed the BlackBerry® MDS Integration Service, use the port number that you specified.
Export the X.509 security certificate for the BlackBerry MDS Integration Service and store the certificate on your local file system.
At the command prompt, type cd <drive>:\<JRE_install_location>\jre\lib\security, where <JRE_install_location> is the location of the JRE™ that you use to run the web service notification client.
Press the Enter key.
At the command prompt, type keytool -import -alias -mdsis_notifications -keystore ./cacerts -trustcacerts -file <location_of_BlackBerry_MDS_Integration_Service_certificate>, where <location_of_BlackBerry_MDS_Integration_Service_certificate> is the location of the X.509 security certificate for the BlackBerry MDS Integration Service.
Press the Enter key.

After you finish: Restart the web service notification client.

Next topic: Configuring the BlackBerry Enterprise Server environment

Previous topic: Permit client authentication between the BlackBerry MDS Integration Service and web services that use self-signed certificates

Was this information helpful? Send us your comments.

Global Navigation

Administration Guide

Local Navigation