Blackberry SWD-20120924140022907 Configure the BlackBerry MDS Connection Service to connect to the certificate authority

If you configured the BlackBerry MDS Connection Service to retrieve the status of the certificates using an OCSP server or a

CRL server and pull authorization is turned on, devices may not be able to enroll some certificates over the mobile network.

The devices might not be able to enroll some certificates because, devices that initiate the request to the web addresses

follow pull authorization rules that restrict access to some of the web addresses for OCSP servers and CRL servers.

1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy.

2. Click Manage IT policies.

3. Click an IT policy.

4. Click Edit IT policy.

5. On the Certificate Authority Profile tab, change the appropriate values for the IT policy rules.

6. Click Save All.

If your organization's environment includes a Microsoft enterprise certification authority, the certification authority requires

Windows authentication, and a certification authority administrator must approve certificate requests, you must configure

the BlackBerry MDS Connection Service with the server name of the certification authority and the certification authority

credentials so that the BlackBerry MDS Connection Service can send certificate requests to the certification authority.

Before you begin: Create a custom template on the certification authority that does not permit the subject name to

originate from information in Microsoft Active Directory.

1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution

topology > BlackBerry Domain > Component view.

2. Click MDS Connection Service.