- About this guide
- What is BEMS?
- Preinstallation checklists
- Installation and upgrade
- Prerequisites: Installing and configuring BEMS
- Core requirements
- Configure the Java Runtime Environment
- Prerequisites: Connect for Skype for Business
- Preparing the computer that hosts BEMS for use with Skype for Business
- BlackBerry Connect service database requirements
- Preparing the Skype for Business topology for BEMS
- Prepare the initial computer hosting BEMS
- Prepare additional computers hosting BEMS
- Creating an additional trusted application pool
- Removing provisioning of the BEMS as a trusted application and trusted application pool
- Remove provisioning of the BEMS as a trusted application and trusted application pool
- SSL certificate requirements for Skype for Business
- Mutual TLS (MTLS) certificates
- Steps to create a CA-signed certificate for the local computer account using a CSR for BEMS
- Steps to create a CA-signed for the local computer account using automatic enrollment for BEMS
- Create a CSR for the local computer account for BEMS
- Obtain a CA-signed certificate from the CA server
- Import the CA-signed certificate on the CSR requesting BEMS
- Create a Personal Certificate for the local computer account for BEMS
- Export the CA-signed certificate and private key from the Microsoft Management Console
- Import the CA-signed certificate and private key to additional BEMS instances
- Presence prerequisites: Skype for Business
- Prerequisites: BlackBerry Push Notifications service
- Prerequisites: Cisco Unified Communications Manager IM and Presence Service requirements for Presence
- Prerequisites: Docs service
- Prerequisites: BlackBerry Directory Lookup, BlackBerry Follow-Me, and BlackBerry Certificate Lookup services
- Installing or upgrading the BEMS software
- Removing the BEMS software
- Troubleshooting BEMS installation or upgrade
- Appendices
- Appendix: AlwaysOn Availability support for SQL Server
- Steps to setup SQL Server for AlwaysOn availability
- Configure the BEMS services databases for AlwaysOn availability
- Enabling AlwaysOn availability group failover to subnets for the BEMS-Core and Mail services
- Enabling AlwaysOn availability group failover to subnets for the Connect service
- Enabling AlwaysOn availability group failover to subnets for the Docs service
- Architecture: BEMS notification flow using the Microsoft Graph API
- Architecture: BEMS
- Appendix: AlwaysOn Availability support for SQL Server
- BlackBerry Docs
- BlackBerry Enterprise Mobility Server 3.7
- BEMS Installation Guide
- Prerequisites: Installing and configuring BEMS
- Prerequisites: Connect for Skype for Business
- SSL certificate requirements for Skype for Business
SSL certificate requirements for Skype for Business
Skype for Business
If your enterprise doesn’t already have one, or one designated for use by
BEMS
, you must obtain and install a digital certificate.Your enterprise can sign its own digital certificates, acting as its own certificate authority (CA), or you can submit a certificate request to a well-known, third-party CA. Although you can preinstall the root authority for your own CA on each user’s device, it makes sense to get an independent CA-validated certificate.
Note
: In the following sections, references to SSL, CA-signed, and personal certificates refer to the digital certificate.Section:
Prerequisites: Connect for Skype for Business
Mutual TLS (MTLS) certificates
Steps to create a CA-signed certificate for the local computer account using a CSR for BEMS
Steps to create a CA-signed for the local computer account using automatic enrollment for BEMS
Create a CSR for the local computer account for BEMS
Obtain a CA-signed certificate from the CA server
Import the CA-signed certificate on the CSR requesting BEMS
Create a Personal Certificate for the local computer account for BEMS
Export the CA-signed certificate and private key from the Microsoft Management Console
Import the CA-signed certificate and private key to additional BEMS instances