Skip Navigation

Validate the
BEMS
SSL certificate

You can have the
BlackBerry Dynamics Launcher Library
validate the SSL certificate of any
BlackBerry Enterprise Mobility Server
that is associated with your deployment to secure the communications between the servers.
  • Verify that you have a copy of the
    BEMS
    SSL certificate or the
    BEMS
    SSL certificate chain.
    BEMS
    supports replacing the
    BEMS
    self-signed certificate with one issued by an internal or external certificate authority. If the
    BEMS
    certificate has been replaced, then you should deploy the Root CA and any intermediates or subordinate signing certificates in the chain, not the actual
    BEMS
    certificate. For more information, see Replacing the autogenerated SSL certificate in the
    BEMS
    Configuration content.
  • Verify that you have administrative access to your
    Good Control
    and
    BlackBerry UEM
    server.
  • Verify that you have the entitlement ID:
    com.blackberry.feature.validatebemscertificate
  1. On the
    BEMS
    server, export the SSL certificate.
  2. If you are using a
    Good Control
    server, go to
    Certificates > Trusted Authorities
    tab,
    Upload New Certificate
    to import the
    BEMS
    certificate.
  3. If you are using a
    BlackBerry UEM
    server, go to
    Policies and Profiles
    >
    Certificates
    >
    CA certificate
    to add the certificate and assign it to users. For more information, see Assign the BEMS SSL certificate to users.
  4. Assign the entitlement ID to users. Do one of the following:
    • Assign it to the Everyone user group.
    • Create a user group of only those users you want to assign it to.
    • Assign it to individual users.