Help Center

Local Navigation

BlackBerry Manuals & Help   Administrator Documentation   BlackBerry Enterprise Server 5   BlackBerry Enterprise Server for Microsoft Exchange   Administration Guide BlackBerry Enterprise Server for Microsoft Exchange - 5.0

Import a new SSL certificate for the BlackBerry Administration Service and BlackBerry Web Desktop Manager

When you install the BlackBerry® Administration Service and BlackBerry® Web Desktop Manager, the setup application generates an SSL certificate to open the HTTPS connection. You can import a self-signed SSL certificate or a trusted certificate that a certificate authority signs after the installation process completes.

For more information about using the keytool, visit java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html.

Before you begin: If you want to use a trusted certificate, copy the root certificate of the certificate authority to the computer that hosts the BlackBerry Administration Service.
  1. On the computer that hosts the BlackBerry Administration Service, in <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore, back up the web.keystore file.
  2. Update the key store password by performing the following actions:
    1. Click Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
    2. On the Administration Service - Cacerts keystore tab, type and confirm the new password for the key store.
    3. Click Apply.
    4. Click OK.
  3. Using the keytool in <drive>:\Program Files\Java\<JRE_version>\bin and the password that you updated in step 2, generate a new web.keystore file and private key (for example, keytool -genkey -alias <alias_name> -keypass <password> -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore"). When the key tool prompts you for the first name and last name, type the FQDN of the computer that hosts the BlackBerry Administration Service.
  4. If you want to use a trusted certificate, using the keytool, import the root certificate of the certificate authority (for example, keytool -import -alias <alias_name> -file <root_certificate_file>.cer -trustcacerts -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore").
  5. Using the keytool, generate a certificate signing request (for example, keytool -certreq -alias <alias_name> -file <certreq_filename>.csr -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore").
  6. Send the certificate signing request to a certificate authority so that the certificate authority can create the certificate.
  7. When the certificate authority returns the certificate, copy it into a text file and save it with a .cer extension.
  8. Using the keytool, import the certificate to the web.keystore file (for example, keytool -import -alias <alias_name> -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore" -file "<certificate_filename>.cer").
  9. Using the keytool, delete the default SSL certificate that the setup application generated (for example, keytool -delete -alias httpssl -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore").
  10. In the Windows® Services, restart the BlackBerry Administration Service services.
Related concepts
Next topic: Change the key store password for the certificate that the BlackBerry Administration Service and BlackBerry Web Desktop Manager use
Previous topic: Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager

Was this information helpful? Send us your comments.