View Single Post
Old 04-23-2013, 04:05 PM   #1 (permalink)
BlackBerry Extraordinaire
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,376
Post Thanks: 11
Thanked 72 Times in 69 Posts
Default BES10: Z10, VPN w. x509cert, SCEP

Please Login to Remove!

I try to setup the VPN connection for a test-Z10 with certificates (currently it works ok with preshared key):
I have an M$ enterprise root-CA, and have most likely setup the mscep service correct. Also configured the service to have a permanent password.

I created an SCEP profile in the BES10/BDS, created a new VPN profile, similar to the existing preshared key already working, but changed authentication from PSK to PKI.

Tried out on the Z10, but get an unspecified error.

I then thought, I manually create the profile on the Z10. When I do this, I am asked to choose the root-CA for the Certificate, but my private enterprise root CA does not show up here (the pulldown says "all CAs").
However, when I go back to the certificate management of the device, I can see, that my root-CA is present under the category "Enterprise Web" (I delivered it to the Z10 using the shared folder in the server).

How can I find my CA to create a VPN profile ?
Also: when I create the VPN profile on the BES server, there is no option to choose a root CA for the certificate authentication, which I do not understand. My best guess is, since I associated the SCEP profile to the VPN profile the BES server will use some kind of magic to automatically select the correct root-CA. This is possible but a little unlikely, because in the locked VPN profile I can see on the device, there is just nothing in the pulldown.

The BDS manual just tells "add the SCEP profile to the VPN profile".

Anyone here who also tried this out with sucess ?
Offline   Reply With Quote