Get the PDF

Create a Personal Certificate for the local computer account for
BEMS

Complete this task on each computer that hosts the

Presence

and/or

Connect

service. You can create one certificate to be used for all

BEMS

instances.

On the computer that hosts

BEMS

, open the

Microsoft

Management Console.

Click

Console Root

Click

File > Add/Remove Snap-in

In the

Available snap-ins

column, click

Certificates

. Click

Add

In the

Certificates snap-in

wizard, select

Computer account

. Click

On the

Select Computer

screen, select

Local computer

Click

Finish

. Click

In the

Microsoft

Management Console, expand

Certificates (Local Computer)

Right-click

Personal

, then click

All Tasks > Request New Certificate

In the

Certificate Enrollment wizard

, click

. Click

again.

Select an appropriate web server template from the available templates.

Click

Details

to verify that the Server Authentication is displayed in the Application Policies section.

In the

Application policies

section, verify that

Server Authentication

is listed. If Server Authentication is not listed, select a different web server template. Contact your CA administrator for more information about templates.

Click

More information is required to enroll for this certificate. Click here to configure settings

On the

Subject

tab, in the

Subject name

section, complete the following actions:

Click the

Type

drop-down list. Select

Common Name

In the

Value

field, type a valid FQDN such as a trusted application pool name (for example, CN=bemsapppool.example.com) that was recorded in step 3c of Prepare the initial computer hosting BEMS.

Click

Add

In the

Alternative name

section, add two values by completing the following actions:

Click the

Type

drop-down list. Select

DNS

In the

Value

field, type the FQDN of the trusted application pool (for example, bemsapppool.example.com).

Click

Add

In the

Value

field, type the FQDN of a

BEMS

instance that the certificate will be used for (for example, bemsserver01.example.com).

Click

Add

Repeat steps d and e for each

BEMS

instance that the certificate will be used for (for example, bemsserver02.example.com, bemserver03.example.com, and so forth).

Optionally, on the

General

tab, specify a friendly name for the certificate. The name of the template is often the only way to distinguish its purpose and must be unique. This is important when deploying the final name of the issued certificate, which should always match the designated service name. For more information about using friendly names for certificates in

Connect

and

Presence

, see "Using friendly names for certificates in BlackBerry Connect" in the Connect configuration content and "Using friendly names for certificates in BlackBerry Presence" in the Presence configuration content.

Click the

General

tab.

In the

Friendly name

field, enter a name.

On the

Private Key

tab, verify that the template allows the certificate to be exported with the private key.

Click the

Private Key

tab.

Click the

Key options

drop-down list. Select the

Make private key exportable

check box.

Click

Apply

Click

Enroll

Click

Finish

Grant the service account read access to the certificate.

Right-click the certificate, and click

All Tasks > Manage Private Keys

On the

Security

tab, add the service account.

Export the certificate and the private key, then import the certificate to each of the other computers that host a

BEMS

instance. For instructions, see Export the CA-signed certificate and private key from the Microsoft Management Console and Import the CA-signed certificate and private key to additional BEMS instances respectively.

Section:

SSL certificate requirements for Skype for Business

Create a Personal Certificate for the local computer account for BEMS

Create a Personal Certificate for the local computer account for
BEMS