Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.7
  3. Configuring the BlackBerry Connect service
  4. Configure the Connect service to receive SSL communications for a new installation
  5. Configure BEMS-Connect to use a secure connection using your own SSL certificate
  6. Create a CSR request

Create a CSR request

  1. Log in to the computer hosting
    BEMS
     with the service account.
  2. Open the
    Microsoft
     Management Console (MMC).
  3. Click
    Console Root
    .
  4. Click
    File > Add/Remove Snap-in
  5. In the
    Available snap-ins
     column, click
    Certificates > Add
    .
  6. In the
    Certificates snap-in wizard
    , select
    Computer account
    . Click
    Next
    .
  7. On the
    Computer > Select Computer
     screen, select
    Local Computer
    . Click
    Finish
    .
  8. Click
    OK
    .
  9. In the
    Microsoft
     Management Console, expand
    Certificates (Local Computer)
    .
  10. Right-click
    Personal
     and click
    All Tasks > Advanced Operations > Create Custom Request
    .
  11. In the
    Certificate Enrollment
     wizard, click
    Next
    .
  12. On the
    Select Certificate Enrollment Policy
     screen, select
    Proceed without enrollment policy
    . Click
    Next
    .
  13. On the
    Custom request
     screen, select the following settings:
    • In the
      Template
       field, select
      (No template) Legacy key
    • In the
      Request format
       option, select
      PKCS #10
  14. Click
    Next
    .
  15. On the
    Certificate Information
     screen, expand
    Details
     for the custom request.
  16. Click
    Properties
    .
  17. Click the
    Subject
     tab.
  18. On the
    Subject
     tab, in the
    Subject name
     section, complete the following actions:
    1. In the
      Type
       drop-down list, select
      Common Name
      .
    2. In the
      Value
       field, type the <
      BEMSFQDN
      > of the computer that hosts the
      Connect
       service (for example, BEMSHost.mycompany.com).
    3. Click
      Add
      .
  19. In the
    Alternative name
     section, add two values by completing the following actions:
    1. In the
      Type
       drop-down list, select
      DNS
      .
    2. In the
      Value
       field, type the <
      BEMSFQDN
      > of the computer that hosts the
      Connect
       service (for example, BEMSHost.mycompany.com).
    3. Click
      Add
      .
  20. On the
    Extensions
     tab, complete the following actions:
    1. In the
      Extended Key Usage (application policies)
       drop-down list, in the
      Available options
       column, click
      Server Authentication
      .
    2. Click
      Add
      .
  21. On the
    Private Key
     tab, complete the following actions:
    1. In the
      Cryptographic Service Provider
       drop-down list, in the
      Select cryptographic service provider(CSP)
       section, clear all the check boxes.
    2. Select the
      Microsoft RSA SChannel Crytographic Provider (Encryption)
       check box.
    3. In the
      Key size
       field, type
      2048
      .
    4. In the
      Key options
       drop-down list, in the
      Key type
       drop-down list, select
      Exchange
      .
  22. Click
    Apply
    .
  23. Click
    OK
    .
  24. Click
    Next
    .
  25. Enter a name for the certificate request and save it to your desktop.
  26. In the
    File format
     section, select
    Base 64
    .
  27. Click
    Finish
    .
  1. Submit the certificate request that you created to the certificate authority to obtain a certificate.