Administration Guide

Local Navigation

Managing the BlackBerry MDS Integration Service certificate

By default, the BlackBerry® MDS Integration Service instances generate a self-signed certificate when they start after the installation process completes or when they cannot find a certificate in the BlackBerry MDS Integration Service key store. BlackBerry MDS Integration Service instances can use the certificate to secure communication with BlackBerry MDS Integration Service clients, such as the BlackBerry Administration Service, BlackBerry® MDS Runtime Applications, and BlackBerry MDS Application Console. The self-signed certificate uses the 1024-bit RSA algorithm. All BlackBerry MDS Integration Service instances share the certificate which is stored in the BlackBerry MDS Integration Service key store.

You can replace the self-signed certificate with a trusted certificate that a certificate authority signed. You can also generate another self-signed certificate if the certificate expires or if you suspect that the existing self-signed certificate is compromised. The self-signed certificate expires after 620 days.

Configuring the BlackBerry MDS Integration Service instances to use a trusted certificate

Create a CSR file for the BlackBerry MDS Integration Service trusted certificate

  1. In the BlackBerry® Administration Service, on the Servers and components menu, click BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Integration Service.
  2. Click a BlackBerry MDS Integration Service instance.
  3. Click Export certificate signature request.
  4. In the Server certificate data section, type the information that the certificate authority requires to issue a trusted certificate.
  5. Click Export request.
  6. Click Download file to save the CSR file.
After you finish: Use the CSR file to request a trusted certificate from the certificate authority.

Import the trusted certificate into the BlackBerry MDS Integration Service key store

Before you begin: Obtain the trusted certificate from the certificate authority. The certificate file must use the PKCS #7 format.
  1. In the BlackBerry® Administration Service, on the Servers and components menu, click BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Integration Service.
  2. Click a BlackBerry MDS Integration Service instance.
  3. Click Import server certificate chain.
  4. Browse to the certificate file.
  5. Click Add certificate.
  6. Restart all of the BlackBerry MDS Integration Service instances.

Generate a self-signed certificate for the BlackBerry MDS Integration Service

  1. In the BlackBerry® Administration Service, on the Servers and components menu, click BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Integration Service.
  2. Click a BlackBerry MDS Integration Service instance.
  3. Click Generate server key pair.
  4. In the Server certificate data section, type the information required to generate the certificate.
  5. Click Generate server key pair.
  6. Restart all of the BlackBerry MDS Integration Service instances.

Was this information helpful? Send us your comments.