BlackBerry Forums Support Community

Closed Thread
LinkBack Thread Tools
Old 07-19-2006, 09:05 AM   #1 (permalink)
New Member
Join Date: Jul 2006
Model: 7100T
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Adding untrusted X.509 cert chain to cacerts file

Please Login to Remove!

Good morning,

I have been unsuccessful in my attempt to correctly add an untrusted certificate chain to my BES so that applications which talk to the BES have a trusted SSL link. The Admin Guide is not very helpful (vague).

Specifically, our enterprise uses certs from DST, and DST certs are not loaded into the cacerts file by default (34 other certs are, however).

This certificate chain has a root, a sub-CA, a second sub-CA and the server cert.

I have tried using keytool and importing all three CA certs individually (as a .cer file) into the cacerts file and the import process does work. There are now 37 certs in the cacerts file.

What else needs to be done? Does the server certificate need to be stored somewhere else on the BES? Is there a truststore file or keystore file in addition to the cacerts file that the BES uses?

Is the cacerts file stored in memory and thus the does the BES need to be restarted for the new certs to be seen?

The error message seen on the BB is "Access denied Insecure SSL request"

Any help or guidance is appreciated!


Last edited by jlareau : 07-19-2006 at 09:34 AM.
Closed Thread

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

APPLE 630-0895-B  VRAM 128K X 8 BOARD CARD VINTAGE pictureAPPLE 820-0522-A 630-0895-B LITE VRAM 128K X 8 BOARD >
APPLE 820-0522-A 630-0895-B LITE VRAM 128K X 8 BOARD > picture

Copyright 2004-2016
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.