Replacing the autogenerated SSL certificate

By default,

BEMS

is remotely accessible using HTTPS only. During installation, a

BEMS

Java

keystore called bems.pfx is created and located in

<drive>\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<version>\etc\keystores\

. If you previously replaced the self-signed certificate, then your existing certificate and certificate password are retained. You can replace the previously self-signed certificate using a SAN certificate or a Wildcard server certificate and assign the certificate to be used by all nodes in a cluster. When you replace the previously self-signed certificate with a SAN or Wildcard server certificate, makes sure that the certificate is trusted by all

BlackBerry Dynamics

apps that communicate with

BEMS

on port 8443.

For instructions, see Assign the BEMS SSL certificate to users.

When you replace the auto-generated SSL certificate, you perform one of the following actions:

Upload and replace the auto-generated SSL certificate and with a SAN or Wildcard certificate and assign the certificate for use by all nodes in the cluster.

Upload and replace the auto-generated SSL certificate with a self-signed certificate for a single node.

Section:

Importing and configuring certificates

Steps to replace the autogenerated SSL certificate with a SAN or wildcard certificate for use by all nodes in a cluster

Steps to replace the autogenerated SSL certificate with a self-signed certificate for one BEMS node

Jetty.xml file reference