BEMS Core service
Steps to configure the BEMS-Core
Importing CA Certificates for BEMS
- Create a trusted connection with Microsoft Exchange and other servers that BEMS must communicate with
  - Upload the SSL certificate to the BEMS database
  - Replace or delete the trusted connection SSL certificates
- Import the CA certificate into the Java certificate store
Importing and configuring certificates
Add dashboard administrators
- Replace or delete the user credential certificates for certificate-based authentication
BEMS-Core database
Configure the BlackBerry Dynamics server in BEMS
Configure a web proxy server
Enabling log file compression
- Enable log file compression
Firebase Push Notifications
Enabling FIPS Mode in BEMS
- Enable FIPS-compliance mode
- Verify that FIPS-compliance is enabled
Configuring BlackBerry Dynamics Launcher
- Configuring Good Enterprise Services in BlackBerry UEM
  - Verify that Good Enterprise Services are available in BlackBerry UEM
  - Add the BEMS instance to the Good Enterprise Services and BlackBerry Work entitlement app
- Setting a customized icon for the BlackBerry Dynamics Launcher
  - Specify a customized icon for the BlackBerry Dynamics Launcher
  - Remove a customized icon for the BlackBerry Dynamics Launcher
Next steps
Appendix: Java Memory Settings
Appendix: Server-side services

Replacing the autogenerated SSL certificate

By default,

BEMS

is remotely accessible using HTTPS only. During installation, a

BEMS

Java

keystore called bems.pfx is created and located in

<drive>\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<version>\etc\keystores\

. If you previously replaced the self-signed certificate, then your existing certificate and certificate password are retained. You can replace the previously self-signed certificate using a SAN certificate or a Wildcard server certificate and assign the certificate to be used by all nodes in a cluster. When you replace the previously self-signed certificate with a SAN or Wildcard server certificate, makes sure that the certificate is trusted by all

BlackBerry Dynamics

apps that communicate with

BEMS

on port 8443.

For instructions, see Assign the BEMS SSL certificate to users.

When you replace the auto-generated SSL certificate, you perform one of the following actions based on your organization's needs:

Environment	Action
One BEMS instance	Upload and replace the auto-generated SSL certificate with a SAN or Wildcard certificate and assign the certificate for use by all nodes in the cluster.
Multiple BEMS instances that share a cluster certificate.	Upload and replace the auto-generated SSL certificate with a SAN or Wildcard certificate and assign the certificate for use by all nodes in the cluster.
Multiple BEMS instances and each instance requires an independent certificate that is issued by a certificate authority.	Upload and replace the auto-generated SSL certificate with a self-signed certificate for a single node.

Section:

Importing and configuring certificates

Steps to replace the autogenerated SSL certificate with a SAN or wildcard certificate for use by all nodes in a cluster

Steps to replace the autogenerated SSL certificate for one BEMS node

Jetty.xml file reference