Changing the security settings
of the BlackBerry
Administration Service and
BlackBerry Web Desktop
Manager
Import a new SSL certificate for the
BlackBerry Administration Service and
BlackBerry Web Desktop Manager
When you install the BlackBerry Administration Service and BlackBerry Web Desktop Manager, the setup application
generates an SSL certificate to protect the HTTPS connection. You can import a self-signed SSL certificate or a trusted
certificate that a certification authority signs after the installation process completes. If you configure a BlackBerry
Administration Service pool, you must generate an SSL certificate that uses the name of the BlackBerry Administration
Service pool.
For more information about using the keytool, visit
java.sun.com/javase/6/docs/technotes/tools/windows/keytool.html
.
Before you begin:
If you want to use a trusted certificate, copy the root certificate of the certification authority to the
computer that hosts the BlackBerry Administration Service.
1.
On a computer that hosts a BlackBerry Administration Service instance, in
<drive>
:\Program Files\Research In
Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore , back up the
web.keystore
file.
2.
Using the keytool in
<drive>
:\Program Files\Java\
<JRE_version>
\bin , delete the default SSL certificate that the setup
application generated (for example, keytool -delete -alias httpssl -keystore "
<drive>
:\Program Files\Research In
Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore").
3.
Using the keytool and the SSL password that you specified when you installed the BlackBerry Administration Service,
generate a new entry and private key in the web.keystore file (for example, keytool -genkey -alias httpssl -keypass
<password>
-keystore "
<drive>
:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin
22
Administration Guide
Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop
Manager
266