Administration Guide

Configuring how users access enterprise applications and web content

2.Click MDS Connection Service.

3.Click Edit component.

4.On the TLS tab, in the Name field, type the name of a web server.

5.In the Service URL field, type the regular expression for the web address of the web server.

6.In the Settings section, in the Allow untrusted servers drop-down list, perform one of the following actions:

To permit only trusted TLS connections from the web server, click No.

To permit untrusted TLS connections from the web server, click Yes.

7.Click the Add icon.

8.Repeat steps 4 to 7 for each web server that you want to specify.

9.Click Save all.

After you finish: Restart the BlackBerry MDS Connection Service.

Related information

Add a retrieved certificate for a web server to the key store, 200

Restarting BlackBerry Enterprise Server components, 392

Configuring certificate server information for the BlackBerry MDS Connection Service

The certificate for the BlackBerry MDS Connection Service permits push applications to make HTTPS connection to the BlackBerry MDS Connection Service. You can configure the BlackBerry MDS Connection Service to search for and retrieve certificates and the status of the certificates that external web servers use to make HTTPS connections.

To search for and retrieve certificates from an LDAP server, you can configure the BlackBerry MDS Connection Service to use LDAP or DSML. The BlackBerry MDS Connection Service searches each LDAP server using LDAP or DSML in the order that you specify. If you configure the BlackBerry MDS Connection Service to use both LDAP and DSML to search and retrieve certificates, the BlackBerry MDS Connection Service searches the servers using LDAP and then searches the servers using DSML. After the BlackBerry MDS Connection Service retrieves the certificate, the BlackBerry Enterprise Server sends the certificate to the BlackBerry device, and the BlackBerry device displays the certificate so that the user can accept it. The BlackBerry MDS Connection Service supports DSML version 2.

To search for and retrieve the status of the certificates, you can configure the BlackBerry MDS Connection Service to search the OCSP servers or CRL servers. If you search for the status of the certificates using an OCSP server or a CRL server, which server you choose to search for the status of the certificates first does not matter because each server creates a prioritized list automatically.

For more information about certificates, see the BlackBerry Enterprise Solution Security Technical Overview.

193

Page 193
Image 193
Blackberry SWD-20120924140022907 manual 193