BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 02-27-2008, 01:15 PM   #1 (permalink)
Thumbs Must Hurt
 
Join Date: Apr 2006
Location: Boston
Model: 8900
Carrier: AT&T
Posts: 98
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Trusting Certificates Using HTTPS

Please Login to Remove!

Hi!

I've got a BlackBerry application that is trying to make an https connection to an SSL-protected web service (a sample server I control). The service uses a self-signed certificate for SSL. Here's what happens:

1. the first attempt to open an https connection launches a succession of dialog boxes courtesy of the RIM device OS. The first is "This application is trying to make an https connection" - I respond with "Continue". The second is "The cert that is being presented is <blah>" - I respond with "Trust Certificate". The last is "This application is trying to access the Handheld keystore, please provide the password" - I respond with the correct password.

2. After executing the above, the connection never occurs. I'm left with a blank screen (my application doesn't provide feedback to the user). The event log shows the connection attempt (which kicked off the above dialog flow) but nothing else.

3. I exit the application and check the Settings --> Options --> Security Options --> Certificates. In there I find the certificate associated with the server I tried to connect to via https. The cert is marked with a big red 'X'. I select the cert, and select "Trust" from the menu, I watch the red 'X' turn into a yellow '?', and exit back to the device applications from where I now re-launch my application.

4. I initiate an https connection once more to the same service, and everything works as planned.

So, to make a long post even longer: why does the RIM OS ask me if I trust the certificate (during the moments when I try to connect via https the very first time), but then install the certificate into the keystore as "Not trusted"? My assumption is that the reason the first https connection fails (or rather, does not fully succeed) is because the cert is installed in the keystore as "untrusted", which is why there's a big red 'X' next to it.

5. Performing the same operations on a simulator, even with the MDS simulator set to not automatically trust anyone, the operation works exactly like it's supposed to - I get asked to trust the certificate, I trust it (because it's brother is married to my sister), and when I check the certificate store, it has a yellow '?' instead of a red 'X'.

Thoughts, hints, suggestions? Outright answers?

Cheers,

karl

PS More info: the device is NOT associated with a BES, so BES policies don't come into play!
__________________
Karl G. Kowalski
---------------
Owns a RAZR
Develops for BlackBerry
So next phone will be........an iPhone 3G!

Last edited by holy3daps : 02-27-2008 at 01:17 PM. Reason: Heading Off An Easy Response
Offline  
Old 05-17-2008, 03:00 AM   #2 (permalink)
Thumbs Must Hurt
 
Join Date: Feb 2008
Model: 8800
PIN: N/A
Carrier: ATT
Posts: 65
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by holy3daps View Post
Hi!

I've got a BlackBerry application that is trying to make an https connection to an SSL-protected web service (a sample server I control). The service uses a self-signed certificate for SSL. Here's what happens:

1. the first attempt to open an https connection launches a succession of dialog boxes courtesy of the RIM device OS. The first is "This application is trying to make an https connection" - I respond with "Continue". The second is "The cert that is being presented is <blah>" - I respond with "Trust Certificate". The last is "This application is trying to access the Handheld keystore, please provide the password" - I respond with the correct password.

2. After executing the above, the connection never occurs. I'm left with a blank screen (my application doesn't provide feedback to the user). The event log shows the connection attempt (which kicked off the above dialog flow) but nothing else.

3. I exit the application and check the Settings --> Options --> Security Options --> Certificates. In there I find the certificate associated with the server I tried to connect to via https. The cert is marked with a big red 'X'. I select the cert, and select "Trust" from the menu, I watch the red 'X' turn into a yellow '?', and exit back to the device applications from where I now re-launch my application.

4. I initiate an https connection once more to the same service, and everything works as planned.

So, to make a long post even longer: why does the RIM OS ask me if I trust the certificate (during the moments when I try to connect via https the very first time), but then install the certificate into the keystore as "Not trusted"? My assumption is that the reason the first https connection fails (or rather, does not fully succeed) is because the cert is installed in the keystore as "untrusted", which is why there's a big red 'X' next to it.

5. Performing the same operations on a simulator, even with the MDS simulator set to not automatically trust anyone, the operation works exactly like it's supposed to - I get asked to trust the certificate, I trust it (because it's brother is married to my sister), and when I check the certificate store, it has a yellow '?' instead of a red 'X'.

Thoughts, hints, suggestions? Outright answers?

Cheers,

karl

PS More info: the device is NOT associated with a BES, so BES policies don't come into play!
Hi all,
can anyone please tell me how to install the certificate on the BlackBerry Simulator.
I am trying to access the https site for web service call but not able to connect to it, I am having the certificate with me, but I dont know how to install it on simulator.
Can anyone please help me out..
I am badly stuck here...
Thanks waiting for your replys....
Offline  
Old 05-18-2008, 01:12 PM   #3 (permalink)
BlackBerry Extraordinaire
 
Join Date: Jan 2006
Model: LEZ10
OS: 10.0.10
Carrier: Rogers CA
Posts: 1,704
Post Thanks: 20
Thanked 77 Times in 68 Posts
Default

I haven't done this, but if you install the Certificate Manager portion of the desktop software, you can attach the simulator to it just like a real blackberry. Simulate->USB Cable Connected
Then add the cert to your PC certificate store (I think accepting it from a website will do this, or you can download the cert from your web server and install it.

The other way is to have your blackberries download and trust the Root CA that signed your server certificate. If you are using self signed certificates, you might want to think about using an Open CA Certificate provider. I use CACert.org but there are others.

Last edited by hrbuckley : 05-18-2008 at 01:17 PM.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.