Import a new SSL certificate for the BlackBerry Monitoring Service

When you install the BlackBerry® Monitoring Service, the setup application generates an SSL certificate to make sure that all communication on the HTTPS connection is secure. After the installation process completes, you can choose to import a self-signed SSL certificate or a trusted certificate using the Java® keytool.

For more information about the Java® key and certificate management utility called keytool, visit java.sun.com/javase/6/docs/technotes/tools/windows/keytool.html.

Before you begin: If you want to use a trusted certificate, copy the root certificate of the certification authority to the computer that hosts the BlackBerry Monitoring Service.
  1. On a computer that hosts the BlackBerry Monitoring Service, in <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\Monitoring Service\bin\web.keystore, back up the web.keystore file.
  2. Open a command prompt window.
  3. Use the Java keytool in <drive>:\Program Files\Java\<JRE_version>\bin to generate a new web.keystore file and private key by typing keytool -genkeypair -alias <alias_name> -keypass <password> -storepass <keystore password> -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\Monitoring Service\bin\web.keystore" where <alias_name> is a name that you select, <password> is a password that you create, and <keystore password>is the SSL password that you specified when you installed the BlackBerry Monitoring Service. When the Java keytool prompts you for the first name and last name, type the FQDN of the computer that hosts the BlackBerry Monitoring Service.
  4. If you want to use a trusted certificate, use the Java keytool to import the root certificate of the certificate authority by typing keytool -importcert -alias <alias_name> -file <root_certificate_file>.cer -trustcacerts -storepass <keystore password> -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\Monitoring Service\bin\web.keystore" where <alias_name> is a name that you select.
  5. Use the Java keytool to generate a certificate signing request by typing keytool -certreq -alias <alias_name> -file <certreq_filename>.csr -keypass <password> -storepass <keystore password> -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\Monitoring Service\bin\web.keystore" where <alias_name> is the alias that you created in step 3.
  6. Send the certificate signing request to a certificate authority so that the certificate authority can create the certificate.
  7. When the certificate authority returns the certificate, copy it into a text file and save it with a .cer file extension.
  8. Use the Java keytool to import the certificate to the web.keystore file by typing keytool -importcert -alias <alias_name> -keypass <password> -storepass <keystore password> -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\Monitoring Service\bin\web.keystore" -file "<certificate_filename>.cer" where <alias_name> is the alias that you created in step 3.
  9. Use keytool to delete the default SSL certificate that the setup application generated by typing keytool -delete -alias httpssl -storepass <keystore password> -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\Monitoring Service\bin\web.keystore".

Was this information helpful? Send us your comments.