Skip Navigation

Create a CSR for the local computer account for
BEMS

If you want to use an enterprise CA to generate the SSL certificate, you must create a custom request on a computer that hosts
BEMS
.
  1. On the computer that hosts
    BEMS
    , open the
    Microsoft
    Management Console.
  2. Click
    Console Root
    .
  3. Click
    File > Add/Remove Snap-in
    .
  4. In the
    Available snap-ins
    column, click
    Certificates
    . Click
    Add
    .
  5. In the
    Certificates snap-in
    wizard, select
    Computer account
    . Click
    Next
    .
  6. On the
    Select Computer
    screen, select
    Local computer
    .
  7. Click
    Finish
    . Click
    OK
    .
  8. In the
    Microsoft
    Management Console, expand
    Certificates (Local Computer)
    .
  9. Right-click
    Personal
    , then click
    All Tasks > Advanced Operations > Create Custom Request
    .
  10. In the
    Certificate Enrollment wizard
    , click
    Next
    .
  11. Click
    Proceed without enrollment policy
    . Click
    Next
    .
  12. On the
    Custom request
    screen, click
    Next
    .
  13. On the
    Certificate Information
    screen, click the
    Details > Properties
    .
  14. On the
    Subject
    tab, in the
    Subject name
    section, complete the following actions:
    1. Click the
      Type
      drop-down list. Select
      Common Name
      .
    2. In the
      Value
      field, type a valid FQDN such as a trusted application pool name (for example, CN=bemsapppool.example.com) that was recorded in step 3c of Prepare the initial computer hosting BEMS.
    3. Click
      Add
      .
  15. In the
    Alternative name
    section, add two values by completing the following actions:
    1. Click the
      Type
      drop-down list. Select
      DNS
      .
    2. In the
      Value
      field, type the FQDN of the trusted application pool (for example, bemsapppool.example.com).
    3. Click
      Add
      .
    4. In the
      Value
      field, type the FQDN of a
      BEMS
      instance that the certificate will be used for (for example, bemsserver01.example.com).
    5. Click
      Add
      .
    6. Repeat steps d and e for each
      BEMS
      instance that the certificate will be used for (for example, bemsserver02.example.com, bemserver03.example.com, and so forth).
  16. Optionally, on the
    General
    tab, specify a friendly name for the certificate. The name of the template is often the only way to distinguish its purpose and must be unique. This is important when deploying the final name of the issued certificate, which should always match the designated service name. For more information about using friendly names for certificates in
    Connect
    and
    Presence
    , see "Using friendly names for certificates in BlackBerry Connect" in the Connect configuration content and "Using friendly names for certificates in BlackBerry Presence" in the Presence configuration content.
    1. Click the
      General
      tab.
    2. In the
      Friendly name
      field, enter a name.
  17. On the
    Private Key
    tab, verify that the template allows the certificate to be exported with the private key.
    1. Click the
      Private Key
      tab.
    2. Click the
      Key options
      drop-down list. Select the
      Make private key exportable
      check box.
  18. Click
    Apply
    .
  19. Click
    OK
    .
  20. Click
    Next
    .
  21. Save the certificate information to your desktop with a file format of Base 60.
  22. Click
    Finish
    .