Create a CSR for the local computer account for BEMS
If you want to use an enterprise CA to generate the SSL certificate, you must create a custom request on a computer that hosts
- On the computer that hostsBEMS, open theMicrosoftManagement Console.
- ClickConsole Root.
- ClickFile > Add/Remove Snap-in.
- In theAvailable snap-inscolumn, clickCertificates. ClickAdd.
- In theCertificates snap-inwizard, selectComputer account. ClickNext.
- On theSelect Computerscreen, selectLocal computer.
- ClickFinish. ClickOK.
- In theMicrosoftManagement Console, expandCertificates (Local Computer).
- Right-clickPersonal, then clickAll Tasks > Advanced Operations > Create Custom Request.
- In theCertificate Enrollment wizard, clickNext.
- ClickProceed without enrollment policy. ClickNext.
- On theCustom requestscreen, clickNext.
- On theCertificate Informationscreen, click theDetails > Properties.
- On theSubjecttab, in theSubject namesection, complete the following actions:
- Click theTypedrop-down list. SelectCommon Name.
- In theValuefield, type a valid FQDN such as a trusted application pool name (for example, CN=bemsapppool.example.com) that was recorded in step 3c of Prepare the initial computer hosting BEMS.
- In theAlternative namesection, add two values by completing the following actions:
- Click theTypedrop-down list. SelectDNS.
- In theValuefield, type the FQDN of the trusted application pool (for example, bemsapppool.example.com).
- In theValuefield, type the FQDN of aBEMSinstance that the certificate will be used for (for example, bemsserver01.example.com).
- Repeat steps d and e for eachBEMSinstance that the certificate will be used for (for example, bemsserver02.example.com, bemserver03.example.com, and so forth).
- Optionally, on theGeneraltab, specify a friendly name for the certificate. The name of the template is often the only way to distinguish its purpose and must be unique. This is important when deploying the final name of the issued certificate, which should always match the designated service name. For more information about using friendly names for certificates inConnectandPresence, see "Using friendly names for certificates in BlackBerry Connect" in the Connect configuration content and "Using friendly names for certificates in BlackBerry Presence" in the Presence configuration content.
- Click theGeneraltab.
- In theFriendly namefield, enter a name.
- On thePrivate Keytab, verify that the template allows the certificate to be exported with the private key.
- Click thePrivate Keytab.
- Click theKey optionsdrop-down list. Select theMake private key exportablecheck box.
- Save the certificate information to your desktop with a file format of Base 60.