Administration Guide

Local Navigation

Permitting push applications to make trusted connections to a BlackBerry MDS Connection Service

To permit push applications to open trusted connections to a BlackBerry® MDS Connection Service, you must create a key store (the webserver.keystore file) on the computer that hosts the BlackBerry MDS Connection Service. This key store permits the BlackBerry MDS Connection Service to accept HTTPS connections from push applications.

Push applications can use a BlackBerry MDS Connection Service certificate to open HTTPS connections to the BlackBerry MDS Connection Service to push application data and application updates to the BlackBerry devices that are assigned to that BlackBerry MDS Connection Service.

You can use the Java® keytool to create a self-signed certificate for the BlackBerry MDS Connection Service, or you can import a signed certificate from a trusted public certification authority. You can use the Java keytool to export the BlackBerry MDS Connection Service certificate from the key store, and import the certificate to the key stores that the Java push applications use.

For more information about using the Java keytool, visit java.sun.com/javase/6/docs/technotes/tools/windows/keytool.html. For more information about the Apache Tomcat™ requirements, visit tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html.

Create a key store to store certificates for use with HTTPS connections

You must create a key store to store the certificates that permit the BlackBerry® MDS Connection Service to accept HTTPS connections from push applications.
  1. On the computer that hosts the BlackBerry MDS Connection Service, on the taskbar, click Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
  2. On the Mobile Data Service tab, configure the key store information. Only one key store can exist. The file must be named webserver.keystore and it must be located at <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver.
  3. Click Create Keystore File.
  4. If prompted to overwrite a key store, click Yes.
  5. Click OK.
Back To Top

Add a certificate for the BlackBerry MDS Connection Service

To permit server-side push applications to open trusted HTTPS connections to a BlackBerry® MDS Connection Service and push application data and application updates to BlackBerry devices, you must add a certificate for the BlackBerry MDS Connection Service to the webserver.keystore file.
  1. On the computer that hosts the BlackBerry MDS Connection Service, navigate to <drive>:\Program Files\Java\<JRE_version>\bin.
  2. At the command prompt, perform one of the following tasks:
    Task Steps
    Create a self-signed certificate for the BlackBerry MDS Connection Service and add it to the key store.
    1. Type keytool -genkey -alias tomcat -keyalg RSA -keystore webserver.keystore.
    2. Type the required information.
    3. To confirm the information that you typed, type Yes.
    Add a publicly signed certificate to the key store.
    1. Type keytool -import -trustcacerts -alias tomcat -file <trustedserver.cer> -keystore webserver.keystore.
    2. Type the key store password.
    3. When prompted, click Yes.
  3. Copy the key store file to <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver.
After you finish: Export the certificate for the BlackBerry MDS Connection Service to make it available to other applications.
Back To Top

Export the BlackBerry MDS Connection Service certificate to make it available to push applications

You must export the certificate for the BlackBerry® MDS Connection Service so that you can import it to the key store of a server-side push application.
Before you begin: Add a self-signed or publicly signed certificate for the BlackBerry MDS Connection Service to the key store.
  1. On the computer that hosts the BlackBerry MDS Connection Service, navigate to <drive>:\Program Files\Java\<JRE_version>\bin.
  2. At the command prompt, type keytool -export -alias tomcat -file <server.cer> -keystore <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\webserver\webserver.keystore -storepass <password>.
  3. Type the key store password.
After you finish: Import the certificate for the BlackBerry MDS Connection Service to the key store of a push application.
Back To Top

Import the BlackBerry MDS Connection Service certificate to the key store of a push application

To permit a server-side push application to open trusted connections to the BlackBerry® MDS Connection Service, you must add the certificate for the BlackBerry MDS Connection Service to the key store of the push application.
  1. On the computer that hosts the BlackBerry MDS Connection Service, navigate to <drive>:\Program Files\Java\<JRE_version>\bin.
  2. At a command prompt, type keytool -import -trustcacerts -alias <alias> -file <server.cer> -keystore <application_keystore>.
  3. Type the key store password.
  4. To add the certificate to the key store, at the prompt, type Yes.
After you finish: If the certificate does not exist, import the certificate to <drive>:\Program Files\Java\<JRE version>\lib\security\cacerts.
Back To Top

Was this information helpful? Send us your comments.