Appendix A: Retrieve certificate information
You can retrieve certificate information using the following two methods:
- Use the test page in the management system
- Use a sample certificate
Use the test page in the management system
For
BlackBerry AtHoc
release 6.1.8.88 and later releases, the test page is located at:https://<server>/client/smartcard/info
For BlackBerry AtHoc release 6.1.8.87 and earlier releases, the test page is located at:
https://<server>/client/auth/ccd
If this test URL does not work, enable verbose logging and search the
BlackBerry AtHoc
event log for the certificate details. Search for the AuthController module, or the GetCACMID member. Turn off verbose logging after finding the certificate details.For
BlackBerry AtHoc
release 6.1.8.84 and earlier releases, check the servervars.asp
file at:https://<server>servervars.asp
Use a sample certificate
Have the customer provide a sample of the certificate to determine if the regular expression can parse the MID. You may need to request several samples for comparison.
To open a customer’s certificate, complete the following steps:
- From theStart Menu, typeMMCin the search area and pressEnter.
- Once the MMC is open, clickFILEand selectAdd / Remove Snap-in.
- Select the Certificates Snap-in on the left hand side and clickAdd.
- When prompted, selectMy user account.
- ClickFinish.
- ClickOKto close the menu and return to the main console page.
- Find the user’s certificate and open it.
- On theCertificatewindow, click theDetailstab.
- EnsureShow:is set to<All>.
- Scroll down and selectSubject. The MID is displayed in the field below. It is displayed beside the value for CN.
- Copy the details or clickCopy to File.... The information in CN is used to determine the proper regular expression to use, which will overwrite the existing value in glb_config_tab.
Some customers with OnPrem systems use more than one type of smart card and will already use one of the regular expressions successfully. In this case, it is necessary to coordinate with the customer on which regex to update (CAC_REGEX or ALT_HTTP_CAC_REGEX) when you have a solution for the CAC/PIV with the issue.
Try to obtain three or four user certificates and compare them.