Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.7
  3. Configuring BEMS-Core
  4. Importing and configuring certificates
  5. Replacing the autogenerated SSL certificate
  6. Steps to replace the autogenerated SSL certificate with a self-signed certificate for one BEMS node
  7. Update the certificate passwords in BEMS

Update the certificate passwords in
BEMS

For
BEMS
 to access your certificate private key, you must include the challenge password in the jetty.xml file. The password must be obfuscated. This can be done with the Jetty Util. For more information on how to obfuscate the
BEMS
 certificate password, visit support.blackberry.com/community to read article 41823.
Ensure that you have recorded the SSL certificate private key password. For more information, see Create a new keystore, generate a CSR request, and obtain a signed certificate from a CA or Import a previously issued certificate using a .pfx file.
  1. Update the certificate password in
    BEMS
    . Perform the following actions:
    1. In a command prompt, navigate to the jetty util file. By default, the file is located at
      <
      drive
      >:\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<
      version
      >\system\org\eclipse\jetty\jetty-util\9.<
      version
      >
      .
    2. Type
      java -cp jetty-util-9.<
      version
      >.jar org.eclipse.jetty.util.security.Password "<
      passwordToObfuscate
      >"
      .
      For example, if the certificate private key password is dr*W0prr3!b, type
      java -cp jetty-util-9.4.48.v20220622.jar org.eclipse.jetty.util.security.Password "dr*W0prr3!b"
    3. Copy the
      OBF
       value for later reference. This is the obfuscated password. 
  2. Backup the jetty.xml file. By default the jetty.xml file is located at
    <
    drive
    >:\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<
    version
    >\etc
    .
  3. Update the
    keyStorePassword
    ,
    trustStorePassword
    , and
    keyManagerPassword
     in the jetty.xml file with the obfuscated password with the obfuscated password. For examples, see Jetty.xml file reference. Perform the following actions:
    1. In a text editor, open the jetty.xml file.
    2. Locate the <New class="org.eclipse.jetty.util.ssl.SslContextFactory" id="sslContextFactory"> section.
    3. Locate the following elements and update them with the obfuscated password from the jetty util file text output OBF value in step 1c above.
      • <Set name=”KeyStorePassword”>
      • <Set name=”TrustStorePassword”>
      • <Set name=”KeyManagerPassword”>
  4. Start the
    Good Technology Common Services
     service from the
    Windows
     Service Manager.
  5. Test the new certificate by accessing the
    BEMS
     Dashboard in a browser. Its certificate information now reflects the newly imported certificated.