Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.5
  3. Configuring BEMS-Core
  4. Importing and configuring certificates
  5. Replacing the autogenerated SSL certificate
  6. Jetty.xml file reference

Jetty.xml file reference

The keystore file is referenced in jetty.xml. Its default location of the jetty.xml file is on the computer hosting
BEMS
 at
<
BEMS Machine Path
>\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<
version
>\etc\
. You can access this folder using the service account you used to install the
BEMS
 software or the local system account.
The relevant snippet from jetty.xml referencing the location of the keystore file and its associated password would look like the following. If you import the certificate for one node, the CertAlias displays "serverkey". If you update the certificate and select the "Use the uploaded Server SSL Certificate for all nodes in a cluster" in the
BEMS
 Dashboard, the CertAlias displays "server_cert".
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
  <Set name="KeyStorePath">
    <SystemProperty name="jetty.home" default="."/>
    /etc/keystores/bems.pfx
    </Set>
  <Set name="TrustStorePath">
    <SystemProperty name="jetty.home" default="."/>
    /etc/keystores/bems.pfx
  </Set>
  <Set name="KeyStorePassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set>
  <Set name="KeyManagerPassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set>
  <Set name="TrustStorePassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set>
  <Set name="KeyStoreType">PKCS12</Set>
  <Set name="TrustStoreType">PKCS12</Set>
  <Set name="wantClientAuth">true</Set>
  <Set name="CertAlias">server_cert</Set>
The passwords are obfuscated. The KeyStorePassword and the TrustStorePassword are typically identical and represent the keystore password. The KeyManagerPassword is the challenge password for the certificate.

Certificate format

Any certificate used should include the following:
  • Be PKCS #12
  • The private key must contain a challenge password
  • Has the appropriate key chain (for example, the root and intermediate certificate)
  • The Subject or Subject Alternative Names properties includes the FQDN of the
    BEMS
     node. This is required for
    BEMS
     to be trusted by web browsers and
    BlackBerry Dynamics
     apps.