Configure the certificate information using IT policies
If you configured the BlackBerry MDS Connection Service to retrieve the status of the certificates using an OCSP server or a CRL server and pull authorization is turned on, devices may not be able to enroll some certificates over the mobile network. The devices might not be able to enroll some certificates because, devices that initiate the request to the web addresses follow pull authorization rules that restrict access to some of the web addresses for OCSP servers and CRL servers.
- In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.
- Click Manage IT policies.
- Click an IT policy.
- Click Edit IT policy.
- On the Certificate Authority Profile tab, change the appropriate values for the IT policy rules.
- Click Save All.