Blackberry SWD-20120924140022907

\web.keystore"). When the keytool prompts you for the first name and last name, type the pool name of the

BlackBerry Administration Service. You can find the pool name in the Administration Service – High Availability tab.

4. If you want to use a trusted certificate, using the keytool, import the root certificate of the certification authority (for

example, keytool -import -alias <ca_alias_name> -file <root_certificate_file>.cer -trustcacerts -keystore "<drive>:

\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore").

5. Using the keytool, generate a certificate signing request (for example, keytool -certreq -alias httpssl -file

<certreq_filename>.csr -keystore "<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin

\web.keystore").

6. Send the certificate signing request to a certification authority so that the certification authority can create the

certificate.

7. When the certification authority returns the certificate, copy it into a text file and save it with a .cer extension.

8. Using the keytool, import the certificate to the web.keystore file (for example, keytool -import -alias httpssl -keystore

"<drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore" -file

"<certificate_filename>.cer").

9. In the Windows Services, restart the BlackBerry Administration Service services.

10. Complete the following actions on each computer that hosts a BlackBerry Administration Service instance:

a. Copy the web.keystore file in the <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS

\bin folder from the BlackBerry Administration Service that you updated to the other BlackBerry Administration

Service instances.

b. In the Windows registry, copy the WebKeyStorePass value in the HKEY_CURRENT_USER\Software\Research In

Motion\BlackBerry Enterprise Server\Administration Service\Key Store from the BlackBerry Administration

Service that you updated to the other BlackBerry Administration Service instances.

c. In the Windows Services, restart the BlackBerry Administration Service services.

Related information

Restarting BlackBerry Enterprise Server components, 392

Configuring Microsoft Active Directoryauthentication in an environment thatincludes a resource forest

If your organization's environment includes a resource forest that is dedicated to running Microsoft Exchange, you can

configure the BlackBerry Administration Service to use Microsoft Active Directory authentication to log in BlackBerry

device users that have user accounts that are located in trusted account forests. The BlackBerry Administration Service

Administration Guide Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop

Manager

267