Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.8
  3. BEMS Installation Guide
  4. Preinstallation and preupgrade requirements for on-premises BEMS
  5. Connect prerequisites: Skype for Business
  6. SSL certificate requirements for Skype for Business
  7. Create a CSR for the local computer account for BEMS

Create a CSR for the local computer account for
BEMS

If you want to use an enterprise CA to generate the SSL certificate, you must create a custom request on a computer that hosts
BEMS
.
  1. On the computer that hosts
    BEMS
    , open the
    Microsoft
     Management Console.
  2. Click
    Console Root
    .
  3. Click
    File > Add/Remove Snap-in
    .
  4. In the
    Available snap-ins
     column, click
    Certificates
    . Click
    Add
    .
  5. In the
    Certificates snap-in
     wizard, select
    Computer account
    . Click
    Next
    .
  6. On the
    Select Computer
     screen, select
    Local computer
    .
  7. Click
    Finish
    . Click
    OK
    .
  8. In the
    Microsoft
     Management Console, expand
    Certificates (Local Computer)
    .
  9. Right-click
    Personal
    , then click
    All Tasks > Advanced Operations > Create Custom Request
    .
  10. In the
    Certificate Enrollment wizard
    , click
    Next
    .
  11. Click
    Proceed without enrollment policy
    . Click
    Next
    .
  12. On the
    Custom request
     screen, click
    Next
    .
  13. On the
    Certificate Information
     screen, click the
    Details > Properties
    .
  14. On the
    Subject
     tab, in the
    Subject name
     section, complete the following actions:
    1. In the
      Type
       drop-down list, click
      Common Name
      .
    2. In the
      Value
       field, type a valid FQDN such as a trusted application pool name (for example, CN=bemsapppool.example.com) that was recorded in step 3c of Prepare the initial computer hosting BEMS.
    3. Click
      Add
      .
  15. In the
    Alternative name
     section, add the following values:
    1. In the
      Type
       drop-down list, click
      DNS
      .
    2. In the
      Value
       field, type the FQDN of the trusted application pool (for example, bemsapppool.example.com).
    3. Click
      Add
      .
    4. In the
      Value
       field, type the FQDN of a
      BEMS
       instance that the certificate will be used for (for example, bemsserver01.example.com).
    5. Click
      Add
      .
    6. Repeat steps d and e for each
      BEMS
       instance that the certificate will be used for (for example, bemsserver02.example.com, bemserver03.example.com, and so forth).
  16. Optionally, on the
    General
     tab, specify a friendly name for the certificate. The name of the template is often the only way to distinguish its purpose and must be unique. This is important when deploying the final name of the issued certificate, which should always match the designated service name. For more information about using friendly names for certificates in
    Connect
     and
    Presence
    , see "Using friendly names for certificates in BlackBerry Connect" in the Connect configuration content and "Using friendly names for certificates in BlackBerry Presence" in the Presence configuration content.
  17. On the
    Private Key
     tab, in the
    Key options
    , verify that
    Make private key exportable
     is selected.
  18. Click
    Apply
    .
  19. Click
    OK
    .
  20. Click
    Next
    .
  21. Save the certificate information to your desktop with a file format of Base 60.
  22. Click
    Finish
    .