Configure the BlackBerry MDS Connection Service to connect to the certificate authority
If your
organization's environment includes a
Microsoft® enterprise
certification authority, the certification authority requires
Windows® authentication,
and a certification authority administrator must approve certificate requests,
you must configure the
BlackBerry® MDS Connection Service with the server name of the certification authority
and the certification authority credentials so that the
BlackBerry MDS Connection Service can send certificate requests to the certification
authority.
Before you begin: Create a custom
template on the certification authority that does not permit the subject name
to originate from information in
Microsoft® Active
Directory®.
- In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
- Click MDS Connection Service.
- Click Edit component.
- On the HTTP tab, in the Name field, type the certificate authority name.
- In the Service URL field, type the URL that the BlackBerry MDS Connection Service can use to send certificate requests to the certification authority using the following format: http://<FQDN_of_CA_server>:<port_number>/* (for example, http://myca.mycompany.com:80/*). Use <port_number>/* to make sure that the BlackBerry MDS Connection Service can access all the URLs for the certification authority.
- In the Settings section, in the User name field, type the name of a certification authority administrator account that can approve certificate requests using one of the following formats: domain\username or domain@username.
- In the Password and Confirm password fields, type the password for the certification authority administrator account.
- Click the Add icon.
- Click Save all.
- Write down the URL for the certification authority that you typed in the Service URL field. You must add the <FQDN_of_CA_server> that you configured in step 5 to the Certificate Authority Host IT policy rule, and the <port_number> that you configured in step 5 to the Certificate Authority Port IT policy rule.
- Add the certification authority information to a BlackBerry MDS Connection Service configuration set.
Add communication information to a BlackBerry MDS Connection Service configuration set
A
BlackBerry® MDS Connection Service configuration set is a set of service configurations that the
BlackBerry MDS Connection Service instances in
your organization can use to communicate with a remote file system, an LDAP
server, a DSML server, a CRL server, an OCSP server, or a certification
authority. You must add the communication information that the
BlackBerry MDS Connection Service requires to
communicate with servers to a configuration set so that a
BlackBerry MDS Connection Service instance can
communicate with the servers after you assign the configuration set to the
instance.
- In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
- Click MDS Connection Service.
- Click Edit component.
- On the Configuration sets tab, perform one of the following actions:
- In the Priority Service group drop-down list, click the name of the service that you want to configure the communication method for.
- In the Service (Name : Description) drop-down list, click the name of the communication method that you want to configure.
- Click the Add icon.
- To specify the communication method that the BlackBerry MDS Connection Service should try to connect to the server with first , click the Up and Down arrows. The BlackBerry MDS Connection Service resolves conflicts by applying communication methods in the order that you specify. The order of that you specify for LDAP, DSML, or file communication applies to each communication method separately. The order permits the BlackBerry MDS Connection Service to resolve conflicts between domains if you created multiple communication methods for a specific URL.
- Perform one of the following actions:
- Click Save all.
Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance
You can assign a
BlackBerry® MDS Connection Service configuration set to a
BlackBerry MDS Connection Service instance so
that
BlackBerry device users can access documents on
remote file systems from devices, the
BlackBerry MDS Connection Service can search
for certificates and check for the status of the certificates from LDAP
servers, DSML servers, CRL servers, or OCSP servers, and the
BlackBerry MDS Connection Service can send
certificate requests to a certificate authority.
- In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service.
- Click the instance that you want to change.
- Click Edit instance.
- On the Component configuration sets tab, in the Available component configuration sets section, in the Service configuration sets drop-down list, click the configuration set that you want to assign to the BlackBerry MDS Connection Service instance.
- Click Save all.
- To restart the BlackBerry MDS Connection Service instance, on the Instance information tab, in the Status list, click Restart instance.
- To assign the BlackBerry MDS Connection Service configuration set to another BlackBerry MDS Connection Service instance, repeat steps 3 to 7.
Next topic: Add certificate information to a
Wi-Fi profile
Previous topic: Configure the certificate information using IT policies