Security Technical Overview

Local Navigation

Permitting TLS connections to websites that use invalid certificates

If a BlackBerry® device user visits a website that presents an invalid certificate, the BlackBerry device displays a warning message to indicate that the security of the connection cannot be verified. The warning dialog box provides the user with the following options:

  • Continue: the user should select this option if the user trusts the website. If the user selects Continue, the device adds the website to the Server Exceptions list in the TLS settings on the device. The device does not display a warning message for that web site again. The user can view or delete entries in the Server Exceptions list.
  • Stop: the user should select this option if the user does not trust the website. If the user selects Stop, the device closes the connection between the device and the website.
  • Details: the user should select this option if the user is not sure about whether to trust the website. If the user selects Details, the device shows information about the invalid certificate and permits the user to view the certificate.

When a website certificate changes

If the certificate for a website changes, the website is removed from the Server Exceptions list in the TLS settings on the BlackBerry® device. A device does not display a notification that the website was removed from the Server Exceptions list. The next time that the BlackBerry device user visits the website after the website was removed from the list, if the new certificate that the website presents is invalid, the device displays a warning message indicating that the security of the connection cannot be verified. If the user trusts the website, the user must add the website to the Server Exceptions list again.

Back To Top

When IT policy rule changes affect TLS settings

If you change the values for any IT policy rules in the TLS Application policy group that affect TLS settings, any websites in the Server Exceptions list that are affected by the change remain in the Server Exceptions list. If a BlackBerry® device user connects to a website and encounters a TLS warning that is restricted by an IT policy rule, the website is removed from the Server Exceptions list and the BlackBerry device displays a warning message indicating that the security of the connection cannot be verified. The warning dialog box presents the user with the following options:

  • Stop: the user should select this option if the user wants to close the connection between the device and the website.
  • Details: the user should select this option if the user wants to see more information about why the certificate is invalid. When the user selects Details, the device shows information about the invalid certificate and indicates that the policy does not permit the connection.

For more information about IT policy rules, see the BlackBerry Enterprise Server Policy Reference Guide.

Back To Top

Was this information helpful? Send us your comments.