Update the certificate passwords in BEMS Skip Navigation

Update the certificate passwords in
BEMS

For
BEMS
to access your certificate private key, you must include the challenge password in the jetty.xml file. The password must be obfuscated. This can be done with the Jetty Util. For more information on how to obfuscate the
BEMS
certificate password, visit support.blackberry.com/community to read article 41823.
Ensure that you have recorded the SSL certificate private key password. For more information, see Create a new keystore, generate a CSR request, and obtain a signed certificate from a CA or Import a previously issued certificate using a .pfx file.
  1. Update the certificate password in
    BEMS
    . Perform the following actions:
    1. In a command prompt, navigate to the jetty util file. By default, the file is located at
      <
      drive
      >:\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<
      version
      >\system\org\eclipse\jetty\jetty-util\9.<
      version
      >
      .
    2. Type
      java -cp jetty-util-9.<
      version
      >.jar org.eclipse.jetty.util.security.Password "<
      passwordToObfuscate
      >"
      .
      For example, if the certificate private key password is dr*W0prr3!b, type
      java -cp jetty-util-9.4.48.v20220622.jar org.eclipse.jetty.util.security.Password "dr*W0prr3!b"
    3. Copy the
      OBF
      value for later reference. This is the obfuscated password. 
  2. Backup the jetty.xml file. By default the jetty.xml file is located at
    <
    drive
    >:\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<
    version
    >\etc
    .
  3. Update the
    keyStorePassword
    ,
    trustStorePassword
    , and
    keyManagerPassword
    in the jetty.xml file with the obfuscated password with the obfuscated password. For examples, see Jetty.xml file reference. Perform the following actions:
    1. In a text editor, open the jetty.xml file.
    2. Locate the <New class="org.eclipse.jetty.util.ssl.SslContextFactory" id="sslContextFactory"> section.
    3. Locate the following elements and update them with the obfuscated password from the jetty util file text output OBF value in step 1c above.
      • <Set name=”KeyStorePassword”>
      • <Set name=”TrustStorePassword”>
      • <Set name=”KeyManagerPassword”>
  4. Start the
    Good Technology Common Services
    service from the
    Windows
    Service Manager.
  5. Test the new certificate by accessing the
    BEMS
    Dashboard in a browser. Its certificate information now reflects the newly imported certificated.