Update the certificate passwords in BEMS
BEMS
For
BEMS
to access your certificate private key, you must include the challenge password in the jetty.xml file. The password must be obfuscated. This can be done with the Jetty Util. For more information, see KB 41823.Ensure that you have recorded the SSL certificate private key password. For more information, see Create a new keystore, generate a CSR request, and obtain a signed certificate from a CA or Import a previously issued certificate using a .pfx file.
- Update the certificate password inBEMS. Perform the following actions:
- In a command prompt, navigate to the jetty util file. By default, the file is located at<.drive>:\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<version>\system\org\eclipse\jetty\jetty-util\9.<version>
- Typejava -cp jetty-util-9.<.version>.jar org.eclipse.jetty.util.security.Password "<passwordToObfuscate>"For example, if the certificate private key password is dr*W0prr3!b, typejava -cp jetty-util-9.4.48.v20220622.jar org.eclipse.jetty.util.security.Password "dr*W0prr3!b"
- Copy theOBFvalue for later reference. This is the obfuscated password.
- Backup the jetty.xml file. By default the jetty.xml file is located at<.drive>:\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<version>\etc
- Update thekeyStorePassword,trustStorePassword, andkeyManagerPasswordin the jetty.xml file with the obfuscated password with the obfuscated password. For examples, see Jetty.xml file reference. Perform the following actions:
- In a text editor, open the jetty.xml file.
- Locate the <New class="org.eclipse.jetty.util.ssl.SslContextFactory" id="sslContextFactory"> section.
- Locate the following elements and update them with the obfuscated password from the jetty util file text output OBF value in step 1c above.
- <Set name=”KeyStorePassword”>
- <Set name=”TrustStorePassword”>
- <Set name=”KeyManagerPassword”>
- Start theGood Technology Common Servicesservice from theWindowsService Manager.
- Test the new certificate by accessing theBEMSDashboard in a browser. Its certificate information now reflects the newly imported certificated.