Skip Navigation
  1. BlackBerry Docs
  2. Configuring Office 365 Modern Authentication for BlackBerry Dynamics Apps
  3. Enabling modern authentication for the Mail service in BEMS
  4. Enable modern authentication for the Mail service in BEMS
  5. Import the trusted mutual TLS certificates into the BEMS keystore

Import the trusted mutual TLS certificates into the
BEMS
 keystore

In environments where the metadata endpoint is protected by mutual TLS authentication, you must import the mutual TLS certificate into the
BEMS
 keystore. Adding this certificate allows
BEMS
 respond to mutual TLS verification requests as required. Use DBManager to import the certificates. By default, DBManager is located in the installation folder at  <
drive
>:\GoodEnterpriseMobilityServer\GoodEnterpriseMobilityServer\DBManager. 
Save a copy of the .pfx certificate that you exported from the Certificate Authority to a convenient location on the computer that hosts
BEMS
.
  1. On the computer that hosts the on-premises BEMS, verify that the PATH System variable includes the path to the JAVA directory.
    1. In a command prompt, type
      set | findstr "Path"
      .
    2. Press
      Enter
      .
  2. Import the mutual TLS certificate.
    1. On the computer that hosts
      BEMS
      , in a command prompt run as administrator, navigate to DBManager.
    2. Type,
      tools\dbmanager\target>java -classpath "*" com.good.tools.db.client.Client -dbHost "
      localhost
      " -dbName "
      BEMS_DB_name
      " -dbType sqlserver -action addprivatekey  -keyPassword "password" -p12File "<
      certificate_file-path
      >/<
      file name
      >.pfx" -alias "mutualTLS" -tenantId "default" -integratedAuth true
  3. In the
    Windows
     Service Manager, restart the
    Good Technology Common Services
     service.
  4. Repeat step 4 on each computer that hosts the
    BEMS-Mail
     component.