Administration Guide

Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop

 

Manager

\web.keystore"). When the keytool prompts you for the first name and last name, type the pool name of the BlackBerry Administration Service. You can find the pool name in the Administration Service – High Availability tab.

4.If you want to use a trusted certificate, using the keytool, import the root certificate of the certification authority (for example, keytool -import -alias <ca_alias_name> -file <root_certificate_file>.cer -trustcacerts -keystore "<drive>: \Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore").

5.Using the keytool, generate a certificate signing request (for example, keytool -certreq -alias httpssl -file

<certreq_filename>.csr -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin \web.keystore").

6.Send the certificate signing request to a certification authority so that the certification authority can create the certificate.

7.When the certification authority returns the certificate, copy it into a text file and save it with a .cer extension.

8.Using the keytool, import the certificate to the web.keystore file (for example, keytool -import -alias httpssl -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore" -file "<certificate_filename>.cer").

9.In the Windows Services, restart the BlackBerry Administration Service services.

10.Complete the following actions on each computer that hosts a BlackBerry Administration Service instance:

a.Copy the web.keystore file in the <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS \bin folder from the BlackBerry Administration Service that you updated to the other BlackBerry Administration Service instances.

b.In the Windows registry, copy the WebKeyStorePass value in the HKEY_CURRENT_USER\Software\Research In Motion\BlackBerry Enterprise Server\Administration Service\Key Store from the BlackBerry Administration Service that you updated to the other BlackBerry Administration Service instances.

c.In the Windows Services, restart the BlackBerry Administration Service services.

Related information

Restarting BlackBerry Enterprise Server components, 392

Configuring Microsoft Active Directory authentication in an environment that includes a resource forest

If your organization's environment includes a resource forest that is dedicated to running Microsoft Exchange, you can configure the BlackBerry Administration Service to use Microsoft Active Directory authentication to log in BlackBerry device users that have user accounts that are located in trusted account forests. The BlackBerry Administration Service

267

Page 267
Image 267
Blackberry SWD-20120924140022907 manual Related information, 267