Configuring a messaging environment
Generate the trusted application key and configuration file
If there are multiple BlackBerry Enterprise Server instances in your organization's environment, you can use the same trusted application key for each BlackBerry Enterprise Server. If you choose to generate multiple trusted application keys, each trusted application key and configuration file must have a unique name. You can choose to create multiple trusted application keys if the BlackBerry Enterprise Server instances run in different domains and you do not want to permit one BlackBerry Enterprise Server to access another using the trusted application path.
- Using a Novell GroupWise administrator account with permission to access the domain database, log in to the computer that Novell® NetWare® is installed on.
- In the BlackBerry Enterprise Server installation files, copy the Key Generator Application folder and its contents to the local drive.
- In Novell® ConsoleOne®, locate the UNC path that specifies the wpdomain.db file for the domain that you are generating the trusted application key for.
- On the local drive, navigate to the Key Generator Application folder.
- Double-click Generate_GW_Trusted_App.exe.
- In the GroupWise Domain Path field, type the file path for the wpdomain.db file.
- In the Name field, type a name for the trusted application key.
- In the Description field, type a description for the trusted application key.
- Click Generate.
- Click Yes.
- To create a configuration file that contains the trusted application key, click Yes.
- Save the configuration file.
- If the Key Generator Application prompts you to overwrite an existing configuration file, verify that you are overwriting the correct file.
- Click Yes.
Confirm that the trusted application key generated successfully
- Log in to the computer that Novell® NetWare® is installed on.
- In Novell® ConsoleOne®, in the left pane, click GroupWise System.
- On the Tools menu, click GroupWise System Operations > Trusted Applications.
- In the Configure Trusted Applications window, verify that the name that you specified for the trusted application key appears.
Protecting the communication between the BlackBerry Enterprise Server and the Novell GroupWise POAs
To encrypt communication between the BlackBerry® Enterprise Server and the Novell® GroupWise® POAs, you can configure the Novell GroupWise POAs to use SSL.
If the Novell GroupWise POAs are configured to use self-signed certificates, you must install the certification authority's self-signed certificate on the BlackBerry Enterprise Server. This will permit the BlackBerry Enterprise Server to connect to the Novell GroupWise POAs without generating errors that are caused because the certificate is issued by an unknown or invalid certification authority.
If the Novell GroupWise POAs are using a certificate that the Organizational CA found in the Novell eDirectory signed, you can copy the Organizational CA’s self-signed certificate from the Novell eDirectory to the computer that hosts the BlackBerry Enterprise Server. For more information, visit: www.novell.com/documentation/edir88/edir88/?page=/documentation/edir88/edir88/data/a7elxuq.html to read Exporting an Organizational CA's Self-Signed Certificate.
If the Novell GroupWise POAs are using a certificate that another certification authority signed, follow the instructions provided by the vendor to export a root certificate to verify the identity and the validity of a certificate.
Import the certificate that the certification authority signed
- Log in to the computer that hosts the BlackBerry Enterprise Server using the Windows® account that you created and that has correct permissions.
- Click Start > Run.
- Type certmgr.msc. The Certificate Manager opens.
- Double-click the Trusted Root Certification Authorities folder.
- Right-click the Certificates folder and click All Tasks > Import. The Certificate Import Wizard opens.
- Complete the instructions in the Certificate Import Wizard. When the wizard prompts you, navigate to the location where you saved the certification authority's self-signed certificate.
- In the Certificates folder, verify that the certification authority is in the Issued To list .
- Close Certificate Manager.
- Restart the BlackBerry Enterprise Server.