Configure the BlackBerry MDS Connection Service to connect to the certificate authority

Help Center

Search This Document

Download PDF

If your organization's environment includes a Microsoft® enterprise certification authority, the certification authority requires Windows® authentication, and a certification authority administrator must approve certificate requests, you must configure the BlackBerry® MDS Connection Service with the server name of the certification authority and the certification authority credentials so that the BlackBerry MDS Connection Service can send certificate requests to the certification authority.

Before you begin: Create a custom template on the certification authority that does not permit the subject name to originate from information in Microsoft® Active Directory®.

In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
Click MDS Connection Service.
Click Edit component.
On the HTTP tab, in the Name field, type the certificate authority name.
In the Service URL field, type the URL that the BlackBerry MDS Connection Service can use to send certificate requests to the certification authority using the following format: http://<FQDN_of_CA_server>:<port_number>/* (for example, http://myca.mycompany.com:80/*). Use <port_number>/* to make sure that the BlackBerry MDS Connection Service can access all the URLs for the certification authority.
In the Settings section, in the Username field, type the name of a certification authority administrator account that can approve certificate requests using one of the following formats: domain\username or domain@username.
In the Password and Confirm Password fields, type the password for the certification authority administrator account.
Click the Add icon.
Click Save all.

After you finish:

Write down the URL for the certification authority that you typed in the Service URL field. You must add the <FQDN_of_CA_server> that you configured in step 5 to the Certificate Authority Host IT policy rule, and the <port_number> that you configured in step 5 to the Certificate Authority Port IT policy rule.
Add the certification authority information to a BlackBerry MDS Connection Service configuration set.

Add communication information to a BlackBerry MDS Connection Service configuration set

A BlackBerry® MDS Connection Service configuration set is a collection of service configurations that the BlackBerry MDS Connection Service instances in your organization can use to communicate with a remote file system, LDAP server, CRL server, OCSP server, or certificate authority. You must add the communication information that the BlackBerry MDS Connection Service requires to communicate with servers to a configuration set so that a BlackBerry MDS Connection Service instance can communicate with the servers after you assign the configuration set to the instance.

In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
Click MDS Connection Service.
Click Edit component.
On the Configuration sets tab, perform one of the following actions:
- To create a configuration set, in the Configuration set name section, type a name and description for the configuration set.
- To change an existing configuration set, click the Edit icon.
In the Priority Service group drop-down list, click the name of the service that you want configure the communication method for.
In the Service (Name : Description) drop-down list, click the name of the communication method that you want to configure.
Click the Add icon.
To specify the communication method that the BlackBerry MDS Connection Service should try first to connect to the server, click the Up and Down icons. The order of communication methods that you configure applies to LDAP, OCSP, and file communication methods individually. The order permits the BlackBerry MDS Connection Service to resolve conflicts between domains if you created multiple communication methods for a specific URL.
Perform one of the following actions:
- To add a new configuration set, click the Add icon.
- To update an existing configuration set, click the Update icon.
Click Save all.

After you finish:

To confirm your changes, click the View icon.
Assign the configuration set to a BlackBerry MDS Connection Service.

Assign a BlackBerry MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance

You can assign a BlackBerry® MDS Connection Service configuration set to a BlackBerry MDS Connection Service instance so that users can access documents on remote file systems from the BlackBerry® devices, the BlackBerry MDS Connection Service can check certificates and certificate status from LDAP servers, CRL servers, or OCSP servers, or the BlackBerry MDS Connection Service can send certificate requests to a certificate authority.

In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
Click MDS Connection Service.
Click the instance that you want to change.
Click Edit instance.
On the Component configuration sets tab, in the Available component configuration sets section, in the Service configuration sets drop-down list, click the configuration set that you want to assign to the BlackBerry MDS Connection Service instance.
Click Save all.
To restart the BlackBerry MDS Connection Service instance, on the Instance information tab, in the Status list, click Restart instance.
To assign the BlackBerry MDS Connection Service configuration set to another BlackBerry MDS Connection Service instance, complete steps 3 to 7.

Next topic: Add a retrieved certificate for a web server to the key store

Previous topic: Configuring BlackBerry devices to enroll certificates over the wireless network

Was this information helpful? Send us your comments.

Global Navigation

Help Center

Local Navigation