Jetty.xml file reference
The keystore file is referenced in jetty.xml. Its default location of the jetty.xml file is on the computer hosting
BEMS
at <
. You can access this folder using the service account you used to install the BEMS Machine Path
>\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<version
>\etc\BEMS
software or the local system account.The relevant snippet from jetty.xml referencing the location of the keystore file and its associated password would look like the following. If you import the certificate for one node, the CertAlias displays "serverkey". If you update the certificate and select the "Use the uploaded Server SSL Certificate for all nodes in a cluster" in the
BEMS
Dashboard, the CertAlias displays "server_cert".<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"> <Set name="KeyStorePath"> <SystemProperty name="jetty.home" default="."/> /etc/keystores/bems.pfx </Set> <Set name="TrustStorePath"> <SystemProperty name="jetty.home" default="."/> /etc/keystores/bems.pfx </Set> <Set name="KeyStorePassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set> <Set name="KeyManagerPassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set> <Set name="TrustStorePassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set> <Set name="KeyStoreType">PKCS12</Set> <Set name="TrustStoreType">PKCS12</Set> <Set name="wantClientAuth">true</Set> <Set name="CertAlias">server_cert</Set>
The passwords are obfuscated. The KeyStorePassword and the TrustStorePassword are typically identical and represent the keystore password. The KeyManagerPassword is the challenge password for the certificate.
Certificate format
Any certificate used should include the following:
- Be PKCS #12
- The private key must contain a challenge password
- Has the appropriate key chain (for example, the root and intermediate certificate)
- The Subject or Subject Alternative Names properties includes the FQDN of theBEMSnode. This is required forBEMSto be trusted by web browsers andBlackBerry Dynamicsapps.