Configure certificate synchronization settings for users

If you want to configure the certificate synchronization settings in the BlackBerry Desktop Software, you can send the following registry settings to BlackBerry device users' computers.
  1. Create the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Research In Motion\BlackBerry Desktop\CertSync.
  2. Add the following values, as necessary:

Registry Key

Parameter

Value

SyncTime

DWORD

Sets the time to resynchronize the certificates.

Enable = 0 to 24

Disable = (-1)

Every connection (decimal) = 0

AutomaticallySeedDeviceRNG

DWORD

Specifies if you want to use the Random Number Generation for a user's device.

Enable (Yes) = 0x00000001

Disable (No) = 0x00000000

CRLUpdateTime

DWORD

Sets a time to regularly update your CRL servers.

Enable = 0 to 24

Disable = (-1)

Every connection (decimal) = 0

CRLUpdateWarning

DWORD

Provides a status message if a CRL server can't be updated.

Enable (Yes) = 0x00000001

Disable (No) = 0x00000000

SignSecurityDefault

DWORD

Sets the default security level for signing keys.

Low = 0x00000001

High = 0x00000002

Medium = 0x00000003

EnableCertSync

DWORD

Automatically enables certificate synchronization the first time you open the BlackBerry Desktop Software.

Enable (Yes) = 1

Disable (No) = 0

EncryptSecurityDefault

DWORD

Sets the default security level for decryption keys.

Low = 0x00000001

High = 0x00000002

Medium = 0x00000003

CertificateTabFilter

DWORD

Sets whether you want to view only personal certificates or all certificates.

Personal certificates only = 0x00000001

All certificates=0xFFFFFFFE

CertificateUsageFilter

DWORD

Sets whether you want to view certificates for signed or encrypted messages, client authentication, other purposes, or a combination of the options.

Secure/encrypted messages = 0x00000001

Client authentication = 0x00000002

Other purposes = 0xFFFFFFFC

Secure/encrypted messages and client authentication = 0x00000003

Secure/encrypted messages and other purposes = 0xFFFFFFFD

Client authentication and other purposes = 0xFFFFFFFE

DownloadAddressBook

DWORD

Downloads your organization's address book for an LDAP search.

Enable (Yes) = 0x00000001

Disable (No) = 0x00000000

OCSPUsage

DWORD

If you're using an OCSP server:

Use certificate extensions = 0x00000001

Use specified servers = 0x00000002

Use both = 0x00000003

CRLUsage

DWORD

If you're using a CRL server:

Use certificate extensions = 0x00000001

Use specified servers = 0x00000002

Use both = 0x00000003

CertServersFilePath

STRING

The file path to the pre-populated CertServers.dat file to use for the default certificate server values.

To create this file, do the following:

  1. Start the BlackBerry Desktop Software and connect a previously connected smartphone.
  2. Navigate to ~\Application Data\Research In Motion\BlackBerry Desktop\Devices\<device pin>
  3. Copy the CertServers.dat file to the shared location, which should be used as the value of the CertServersFilePath key.
Next topic: Legal notice

Was this information helpful? Send us your comments.