BES 5.0 : How to allow untrusted HTTPS/TLS connection?
Please Login to Remove!
In BES4.1.6, from Blackberry MDSConnection Service -> Properties -> TLS/HTTPS , I can change
Allow Untrusted HTTPS connections = true
Allow Untrusted TLS connections = true
to make MDS set up connection to untrusted server.
In BES5.0, Select "Blackberry solution topology-> Blackberry Domain -> MDS Connection Service" from the left panel, and click "Edit componect" in the right panel, Select HTTPS or TLS page, There are no similiar setting as BES 4.1.6.
Instead, I must create a item for each Service URL. I Create one item both in HTTPS&TLS page like:
------- Name : my.compony.com
------- Frienddly description: enable untrusted tls to my.compony.com
------- Service URL: my.compony.com
And set "Allow untrusted servers" to "Yes", But after restart mds instance, My BB still get connection error from MDS something like "invalid SSL connection" while My software on BB try to connect my.compony.com by SSLConnection.
Does any one know how to allow untrusted https/tls connection in BES5.0?
In fact, the error message pops up on Blackberry is :
"The server returned the following error:"Access Denied: Insecure SSL request".
When click "More Info" , BB pops message:
"Your MDS has been configured to deny SSL requests to servers that have certificates which are untrusted or expired. Try using Device Side SSL which can be modified in your TLS Options. Contact your system administrators with any questions. "
The problem is I have configured BES5.0 mds to allow untrusted tls/https, but seems mds still deny my BB's request.
By design, you now have to define each website. I have personally submitted a feature change request to have this changed back to the behavior found in BES 4.x.
__________________ In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
So to enable access to an internal server via port 4060, I would need to enter the following into the HTTPS tab on the MDS Connection Service:
https://<Servername>:4060 and set "allow untrusted servers" to yes
Is that correct? This does not seem to be working, even after restarting services. Any help would be appreciated. We use this to remotely access and reboot our servers in a pinch.
The error I was getting was "The server returned the following error: Access Denied: Insecure SSL Reuest." <Click on More Info> "Your mds has been configured to deny ssl requests to servers that have certificates which are untrusted or expired. Try using Device Side SSL which can be modified in yout TLS options. Contact your system administrator with any questions."
I am getting this when trying to browse to an internal HTTPS site.
I just called RIM about this issue. I am running 5.0 SP1 now and this is a known problem. There is no ETA on when it will be fixed and there is not a way to manage from the BES at this time. Here is a link to the work around...