Trusting Certificates Using HTTPS - BlackBerryForums.com : Your Number One BlackBerry Community

holy3daps · 12:17 PM

Hi!

I've got a BlackBerry application that is trying to make an https connection to an SSL-protected web service (a sample server I control). The service uses a self-signed certificate for SSL. Here's what happens:

1. the first attempt to open an https connection launches a succession of dialog boxes courtesy of the RIM device OS. The first is "This application is trying to make an https connection" - I respond with "Continue". The second is "The cert that is being presented is <blah>" - I respond with "Trust Certificate". The last is "This application is trying to access the Handheld keystore, please provide the password" - I respond with the correct password.

2. After executing the above, the connection never occurs. I'm left with a blank screen (my application doesn't provide feedback to the user). The event log shows the connection attempt (which kicked off the above dialog flow) but nothing else.

3. I exit the application and check the Settings --> Options --> Security Options --> Certificates. In there I find the certificate associated with the server I tried to connect to via https. The cert is marked with a big red 'X'. I select the cert, and select "Trust" from the menu, I watch the red 'X' turn into a yellow '?', and exit back to the device applications from where I now re-launch my application.

4. I initiate an https connection once more to the same service, and everything works as planned.

So, to make a long post even longer: why does the RIM OS ask me if I trust the certificate (during the moments when I try to connect via https the very first time), but then install the certificate into the keystore as "Not trusted"? My assumption is that the reason the first https connection fails (or rather, does not fully succeed) is because the cert is installed in the keystore as "untrusted", which is why there's a big red 'X' next to it.

5. Performing the same operations on a simulator, even with the MDS simulator set to not automatically trust anyone, the operation works exactly like it's supposed to - I get asked to trust the certificate, I trust it (because it's brother is married to my sister), and when I check the certificate store, it has a yellow '?' instead of a red 'X'.

Thoughts, hints, suggestions? Outright answers?

Cheers,

karl

PS More info: the device is NOT associated with a BES, so BES policies don't come into play!

hemant.bobade · 05-17-2008, 02:00 AM

Quote:

Originally Posted by holy3daps

Hi!

I've got a BlackBerry application that is trying to make an https connection to an SSL-protected web service (a sample server I control). The service uses a self-signed certificate for SSL. Here's what happens:

1. the first attempt to open an https connection launches a succession of dialog boxes courtesy of the RIM device OS. The first is "This application is trying to make an https connection" - I respond with "Continue". The second is "The cert that is being presented is <blah>" - I respond with "Trust Certificate". The last is "This application is trying to access the Handheld keystore, please provide the password" - I respond with the correct password.

2. After executing the above, the connection never occurs. I'm left with a blank screen (my application doesn't provide feedback to the user). The event log shows the connection attempt (which kicked off the above dialog flow) but nothing else.

3. I exit the application and check the Settings --> Options --> Security Options --> Certificates. In there I find the certificate associated with the server I tried to connect to via https. The cert is marked with a big red 'X'. I select the cert, and select "Trust" from the menu, I watch the red 'X' turn into a yellow '?', and exit back to the device applications from where I now re-launch my application.

4. I initiate an https connection once more to the same service, and everything works as planned.

So, to make a long post even longer: why does the RIM OS ask me if I trust the certificate (during the moments when I try to connect via https the very first time), but then install the certificate into the keystore as "Not trusted"? My assumption is that the reason the first https connection fails (or rather, does not fully succeed) is because the cert is installed in the keystore as "untrusted", which is why there's a big red 'X' next to it.

5. Performing the same operations on a simulator, even with the MDS simulator set to not automatically trust anyone, the operation works exactly like it's supposed to - I get asked to trust the certificate, I trust it (because it's brother is married to my sister), and when I check the certificate store, it has a yellow '?' instead of a red 'X'.

Thoughts, hints, suggestions? Outright answers?

Cheers,

karl

PS More info: the device is NOT associated with a BES, so BES policies don't come into play!

Hi all,
can anyone please tell me how to install the certificate on the BlackBerry Simulator.
I am trying to access the https site for web service call but not able to connect to it, I am having the certificate with me, but I dont know how to install it on simulator.
Can anyone please help me out..
I am badly stuck here...
Thanks waiting for your replys....

hrbuckley · 12:17 PM

I haven't done this, but if you install the Certificate Manager portion of the desktop software, you can attach the simulator to it just like a real blackberry. Simulate->USB Cable Connected
Then add the cert to your PC certificate store (I think accepting it from a website will do this, or you can download the cert from your web server and install it.

The other way is to have your blackberries download and trust the Root CA that signed your server certificate. If you are using self signed certificates, you might want to think about using an Open CA Certificate provider. I use CACert.org but there are others.