Skip Navigation

Create a Personal Certificate for the local computer account for
BEMS

Complete this task on each computer that hosts the
Presence
and/or
Connect
service. You can create one certificate to be used for all
BEMS
instances.
  1. On the computer that hosts
    BEMS
    , open the
    Microsoft
    Management Console.
  2. Click
    Console Root
    .
  3. Click
    File > Add/Remove Snap-in
    .
  4. In the
    Available snap-ins
    column, click
    Certificates
    . Click
    Add
    .
  5. In the
    Certificates snap-in
    wizard, select
    Computer account
    . Click
    Next
    .
  6. On the
    Select Computer
    screen, select
    Local computer
    .
  7. Click
    Finish
    . Click
    OK
    .
  8. In the
    Microsoft
    Management Console, expand
    Certificates (Local Computer)
    .
  9. Right-click
    Personal
    , then click
    All Tasks > Request New Certificate
    .
  10. In the
    Certificate Enrollment wizard
    , click
    Next
    . Click
    Next
    again.
  11. Select an appropriate web server template from the available templates.
    1. Click
      Details
      to verify that the Server Authentication is displayed in the Application Policies section.
    2. In the
      Application policies
      section, verify that
      Server Authentication
      is listed. If Server Authentication is not listed, select a different web server template. Contact your CA administrator for more information about templates.
  12. Click
    More information is required to enroll for this certificate. Click here to configure settings
    .
  13. On the
    Subject
    tab, in the
    Subject name
    section, complete the following actions:
    1. Click the
      Type
      drop-down list. Select
      Common Name
      .
    2. In the
      Value
      field, type a valid FQDN such as a trusted application pool name (for example, CN=bemsapppool.example.com) that was recorded in step 3c of Prepare the initial computer hosting BEMS.
    3. Click
      Add
      .
  14. In the
    Alternative name
    section, add two values by completing the following actions:
    1. Click the
      Type
      drop-down list. Select
      DNS
      .
    2. In the
      Value
      field, type the FQDN of the trusted application pool (for example, bemsapppool.example.com).
    3. Click
      Add
      .
    4. In the
      Value
      field, type the FQDN of a
      BEMS
      instance that the certificate will be used for (for example, bemsserver01.example.com).
    5. Click
      Add
      .
    6. Repeat steps d and e for each
      BEMS
      instance that the certificate will be used for (for example, bemsserver02.example.com, bemserver03.example.com, and so forth).
  15. Optionally, on the
    General
    tab, specify a friendly name for the certificate. The name of the template is often the only way to distinguish its purpose and must be unique. This is important when deploying the final name of the issued certificate, which should always match the designated service name. For more information about using friendly names for certificates in
    Connect
    and
    Presence
    , see "Using friendly names for certificates in BlackBerry Connect" in the Connect configuration content and "Using friendly names for certificates in BlackBerry Presence" in the Presence configuration content.
    1. Click the
      General
      tab.
    2. In the
      Friendly name
      field, enter a name.
  16. On the
    Private Key
    tab, verify that the template allows the certificate to be exported with the private key.
    1. Click the
      Private Key
      tab.
    2. Click the
      Key options
      drop-down list. Select the
      Make private key exportable
      check box.
  17. Click
    Apply
    .
  18. Click
    OK
    .
  19. Click
    Enroll
    .
  20. Click
    Finish
    .