BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-28-2009, 05:00 AM   #1 (permalink)
New Member
 
Join Date: Jul 2008
Model: 8330
PIN: N/A
Carrier: Verizon
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default BES 5.0 : How to allow untrusted HTTPS/TLS connection?

Please Login to Remove!

In BES4.1.6, from Blackberry MDSConnection Service -> Properties -> TLS/HTTPS , I can change
Allow Untrusted HTTPS connections = true
Allow Untrusted TLS connections = true
to make MDS set up connection to untrusted server.

In BES5.0, Select "Blackberry solution topology-> Blackberry Domain -> MDS Connection Service" from the left panel, and click "Edit componect" in the right panel, Select HTTPS or TLS page, There are no similiar setting as BES 4.1.6.

Instead, I must create a item for each Service URL. I Create one item both in HTTPS&TLS page like:
------- Name : my.compony.com
------- Frienddly description: enable untrusted tls to my.compony.com
------- Service URL: my.compony.com
And set "Allow untrusted servers" to "Yes", But after restart mds instance, My BB still get connection error from MDS something like "invalid SSL connection" while My software on BB try to connect my.compony.com by SSLConnection.

Does any one know how to allow untrusted https/tls connection in BES5.0?
Offline  
Old 08-30-2009, 09:19 PM   #2 (permalink)
New Member
 
Join Date: Jul 2008
Model: 8330
PIN: N/A
Carrier: Verizon
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default The screenshot of BB when the issue happens

In fact, the error message pops up on Blackberry is :
"The server returned the following error:"Access Denied: Insecure SSL request".

When click "More Info" , BB pops message:
"Your MDS has been configured to deny SSL requests to servers that have certificates which are untrusted or expired. Try using Device Side SSL which can be modified in your TLS Options. Contact your system administrators with any questions. "


The problem is I have configured BES5.0 mds to allow untrusted tls/https, but seems mds still deny my BB's request.
Attached Images
File Type: bmp accessdenied-insecuresslrequest.bmp (300.1 KB, 74 views)
File Type: bmp accessdenied-details.bmp (300.1 KB, 52 views)
Offline  
Old 09-01-2009, 10:21 AM   #3 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

By design, you now have to define each website. I have personally submitted a feature change request to have this changed back to the behavior found in BES 4.x.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 09-01-2009, 11:55 AM   #4 (permalink)
New Member
 
Join Date: Feb 2009
Location: WI
Model: 9000
PIN: N/A
Carrier: AT&T
Posts: 14
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

So to enable access to an internal server via port 4060, I would need to enter the following into the HTTPS tab on the MDS Connection Service:

https://<Servername>:4060 and set "allow untrusted servers" to yes

Is that correct? This does not seem to be working, even after restarting services. Any help would be appreciated. We use this to remotely access and reboot our servers in a pinch.
Offline  
Old 10-06-2009, 03:50 PM   #5 (permalink)
rmp
New Member
 
Join Date: Apr 2005
Model: 8700c
Carrier: Cingular
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Has anyone figured this out?
Offline  
Old 02-04-2010, 05:45 PM   #6 (permalink)
Thumbs Must Hurt
 
Join Date: Jan 2008
Model: 8830
PIN: N/A
Carrier: verizon
Posts: 82
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

If you specify the following regex pattern as the URL, and specify this to be trusted, this should allow all websites.

.*://.*(:\d*)?(/.*)*(\?.*)?
Offline  
Old 05-04-2010, 09:58 AM   #7 (permalink)
New Member
 
K_NAPP's Avatar
 
Join Date: Feb 2007
Location: Louisville
Model: 9700
Carrier: AT&T
Posts: 11
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

The error I was getting was "The server returned the following error: Access Denied: Insecure SSL Reuest." <Click on More Info> "Your mds has been configured to deny ssl requests to servers that have certificates which are untrusted or expired. Try using Device Side SSL which can be modified in yout TLS options. Contact your system administrator with any questions."

I am getting this when trying to browse to an internal HTTPS site.

I just called RIM about this issue. I am running 5.0 SP1 now and this is a known problem. There is no ETA on when it will be fixed and there is not a way to manage from the BES at this time. Here is a link to the work around...

blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB20 833

Last edited by K_NAPP : 05-04-2010 at 10:07 AM. Reason: Link didn't work.
Offline  
Old 05-04-2010, 10:14 AM   #8 (permalink)
New Member
 
K_NAPP's Avatar
 
Join Date: Feb 2007
Location: Louisville
Model: 9700
Carrier: AT&T
Posts: 11
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Sorry, had to have 10 posts to add the link properly. Here is the link now.

View Document
Offline  
Old 05-18-2010, 03:15 AM   #9 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Aug 2006
Location: South Africa
Model: 8310i
Carrier: Vodafone
Posts: 202
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Peeps,

I am trying to viw this page and am getting error " The selected server returned an error when trying attempting to fulfil your request"

https://m.chalknetwork.com/chalk/sig...rdownload.aspx

Any idea?
Offline  
Old 09-07-2010, 08:05 AM   #10 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Feb 2007
Location: Toronto
Model: 9800
Carrier: Rogers
Posts: 319
Post Thanks: 2
Thanked 5 Times in 5 Posts
Default

try this for BES 5.0.1
KB22536-BlackBerry Browser returns "Access Denied: Insecure SSL Request" error message when browsing the trusted HTTPS sites

and for BES 4.1.7 KB20833-Unable to browse to HTTPS websites from the BlackBerry smartphone that use a certificate containing "Subject Alternative Name" 0 776462501
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.