Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.5
  3. BEMS Installation Guide
  4. Prerequisites: Installing and configuring BEMS
  5. Prerequisites: Connect for Microsoft Lync Server and Skype for Business
  6. SSL certificate requirements for Microsoft Lync Server and Skype for Business
  7. Create a CSR for the local computer account for BEMS

Create a CSR for the local computer account for
BEMS

If you want to use an enterprise CA to generate the SSL certificate, you must create a custom request on a computer that hosts
BEMS
.
  1. On the computer that hosts
    BEMS
    , open the
    Microsoft
     Management Console.
  2. Click
    Console Root
    .
  3. Click
    File > Add/Remove Snap-in
    .
  4. In the
    Available snap-ins
     column, click
    Certificates
    . Click
    Add
    .
  5. In the
    Certificates snap-in
     wizard, select
    Computer account
    . Click
    Next
    .
  6. On the
    Select Computer
     screen, select
    Local computer
    .
  7. Click
    Finish
    . Click
    OK
    .
  8. In the
    Microsoft
     Management Console, expand
    Certificates (Local Computer)
    .
  9. Right-click
    Personal
    , then click
    All Tasks > Advanced Operations > Create Custom Request
    .
  10. In the
    Certificate Enrollment wizard
    , click
    Next
    .
  11. Click
    Proceed without enrollment policy
    . Click
    Next
    .
  12. On the
    Custom request
     screen, click
    Next
    .
  13. On the
    Certificate Information
     screen, click the
    Details > Properties
    .
  14. On the
    Subject
     tab, in the
    Subject name
     section, complete the following actions:
    1. Click the
      Type
       drop-down list. Select
      Common Name
      .
    2. In the
      Value
       field, type a valid FQDN such as a trusted application pool name (for example, CN=bemsapppool.example.com) that was recorded in step 3c of Prepare the initial computer hosting BEMS.
    3. Click
      Add
      .
  15. In the
    Alternative name
     section, add two values by completing the following actions:
    1. Click the
      Type
       drop-down list. Select
      DNS
      .
    2. In the
      Value
       field, type the FQDN of the trusted application pool (for example, bemsapppool.example.com).
    3. Click
      Add
      .
    4. In the
      Value
       field, type the FQDN of a
      BEMS
       instance that the certificate will be used for (for example, bemsserver01.example.com).
    5. Click
      Add
      .
    6. Repeat steps d and e for each
      BEMS
       instance that the certificate will be used for (for example, bemsserver02.example.com, bemserver03.example.com, and so forth).
  16. Optionally, on the
    General
     tab, specify a friendly name for the certificate. The name of the template is often the only way to distinguish its purpose and must be unique. This is important when deploying the final name of the issued certificate, which should always match the designated service name. For more information about using friendly names for certificates in
    Connect
     and
    Presence
    , see "Using friendly names for certificates in BlackBerry Connect" in the Connect configuration content and "Using friendly names for certificates in BlackBerry Presence" in the Presence configuration content.
    1. Click the
      General
       tab.
    2. In the
      Friendly name
       field, enter a name.
  17. On the
    Private Key
     tab, verify that the template allows the certificate to be exported with the private key.
    1. Click the
      Private Key
       tab.
    2. Click the
      Key options
       drop-down list. Select the
      Make private key exportable
       check box.
  18. Click
    Apply
    .
  19. Click
    OK
    .
  20. Click
    Next
    .
  21. Save the certificate information to your desktop with a file format of Base 60.
  22. Click
    Finish
    .