Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Desktop Software

Reply
New Member
alabb
Posts: 1
Registered: ‎01-29-2009
My Device: Not Specified

Untrusted Certificate Chain

Keep receiving Msg "you are attempting to open a secure connection, but the server's cert is not trusted".  If I try to trust certificate it requires that I enter my key store password. I have no idea what that is.  If I View the Certificate it says the program is "rcp.na.blackberry.com" with an untrusted cert chain - stale chain status - x 509.  It stops popping up when I disconnect from my wifi, otherwise it keeps popping up at different times.
Please use plain text.
Guru I
Xandrex
Posts: 18,401
Registered: ‎07-29-2008
My Device: Z30, Playbook, 9320BES
My Carrier: B&You _ SFR

Re: Untrusted Certificate Chain

hello,

have you heard of "secured transaction" or "electronic signature" or "e-signing" or "SSL" ?

to make things short : when you browse the web, anyone can "do something" and be able to sniff what you send and what you receive.
When you log on the present forum, you do it with HTTP.
If your neighbor knows how, he/she can get the password you use to connect.

that is why people have created SSL. when you go to a secured website, like your bank website, or paypal, or amazon, you go to a page which URL starts with HTTPS:// instead of HTTP://

if your browser is up-to-date, something should change in the address bar : a color, a sign, a lock that is closed (even on your blackberry Browser).
HTTPS stands for HTTP over SSL. basically, SSL is a security tunnel.
when you use that SSL, nobody can get the information that you exchange with the webserver.

but the SSL protocol is something open : anyone can create an SSL key and say "hey, come and see me, my tunnel is secure". So you have to know who that person is. It is also done by something like SSL. It's called electronic certificates. Codename : X.509.
so a X.509 is a certificate that says "I am AAA and I can do BBB !".

how can you trust that certificate
? Because it is certified by a higher authority (a private one, not necessarily government). You know these authorities. They appear on the bottom of your bank websites :
  • Verisign
  • Thawte
  • Certicom (cough cough cough)
  • CertPlus
  • RSA (the SecurID !)
  • VISA (the credit card !)
  • and so on...

these are very valuable Certificate Authorities (CA) that you can trust. But how can you, since you may have never heard of them ?
well, RIM does that for you, just like any browser system does.

When you look at your Windows system, you will see all those CA in the list, as well as others like AOL or Dell or Microsoft.
On your BlackBerry system, it's the same : RIM has put trust in those CAs.
Those CAs are stored somewhere on your device, in a place called the KeyStore.

The problem comes when you log on to a website, that uses HTTPS, and whose X.509 certificate is certified by a CA that is not present on your device.
therefore, the certificate is valid, but not trusted by your browser.



you are saying the CA is rcp.na.blackberry.com : that is quite strange actually. What website are you trying to log on ?



The search box on top-right of this page is your true friend, and the public Knowledge Base too:
Please use plain text.
New Contributor
kasia
Posts: 2
Registered: ‎07-21-2009
My Device: Not Specified

Re: Untrusted Certificate Chain

[ Edited ]

Hello,

I am experiencing the same problem when trying to activate a piece of software using BIS on my Bold.  The certificate is a VeriSign EV SSL certificate.  Is there a way to update the root certificates on my device so that I stop getting this "untrusted" prompt from an obviously trusted authority?

Thanks!

Message Edited by kasia on 07-21-2009 03:18 PM
Please use plain text.
New Contributor
marvinw4
Posts: 2
Registered: ‎04-16-2012
My Device: curve 9300
My Carrier: cell c

Re: Untrusted Certificate Chain

Hi I'm having the same problem aswell, in my certificates list I normally have a right tick before the certificate NW I have a question mark.the only one with a tick is Olympia.please help
Please use plain text.