I searched for a solution to the thread below when I ran into the same issue today. As you can see no one answered him before the thread was closed. Also, I couldn't find the solution anywhere online. TLS Proxy & Trusted Hosts Settings through BES Solution:
In the BAS web console expand Policy.
Manage Policy (or create a new one for testing)
Choose the policy to manage
Click "View complete IT Policy"
Under the TLS Application tab Click "edit It Policy"
Change "TLS Device Side Only" to "YES"
Resend the IT policy to the user and then they are good.
This will allow you to change the setting on just a few users that need to get to an internal site that is giving them the error here: KB15117-"Access Denied: Insecure SSL Request" appears when using the browser on the BlackBerry smartphone
You can also change your MDS settings to allow untrusted TLS/HTTPS for the enterprise instead, but I didn't want to do that.
If you need to do this with BES 4, I have one setup still (not for long) and I can attempt to find the same setting on there, just let me know.