Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
New Contributor
cezarq
Posts: 7
Registered: ‎01-08-2013
My Device: none

Cant install Universal Device Service without valid certificate

I am trying to install the Mobile Fusion in my lab to test e present the results to my boss... I dont have a URL domain, because wont have any access from the Internet, so i dont have a certificate too... Its possible to install the Universal Device Service and the Mobile Fusion without the URL domain e a valid certificate?

Please use plain text.
Forums Advisor I
oliwer
Posts: 581
Registered: ‎05-23-2008
My Device: BB10 and WiFi PB

Re: Cant install Universal Device Service without valid certificate

Makes no sense cause you cannot activate a (iOS) device against the server. Maybe Android would work, not sure. Would not recommend that setup, even not for a test.
UDS needs a public available DNS name, the certificate can be created by your CA if you dont want to spend the few bucks for a certificate. But then you have to install your root CA first on the iOS devices.
Please use plain text.
New Contributor
cezarq
Posts: 7
Registered: ‎01-08-2013
My Device: none

Re: Cant install Universal Device Service without valid certificate

I going to use only android phones... But I cant go forward using a self signed certificate...

Please use plain text.
Enterprise SME
-BD-
Posts: 525
Registered: ‎05-15-2008
My Device: Z10

Re: Cant install Universal Device Service without valid certificate

[ Edited ]

All communication with the UDS server is done over SSL.  So whether or not your users are coming in over the internet or not is irrelevent.   Android devices don't care about if the certificate is trusted or not so you can use an internal CA to generate your certificate and then just ignore the warnings when activating.

 

Since you won't have a public DNS for this you would just use the FQDN of the server for the subject/SAN of the cert.

Please use plain text.
New Contributor
cezarq
Posts: 7
Registered: ‎01-08-2013
My Device: none

Re: Cant install Universal Device Service without valid certificate

[ Edited ]

I still can not install the UDS....

I created a CA and installed the root certificate on the machine...

Created and signed the user certificate using the FQDN and exported to .p12 and got the message:

"The setup application cannot validate the SSL certificate that you specified. You must verify the location and password of the SSL certificate."

Please use plain text.
Enterprise SME
-BD-
Posts: 525
Registered: ‎05-15-2008
My Device: Z10

Re: Cant install Universal Device Service without valid certificate

[ Edited ]

What is the subject/SAN of your certificate.  If you didn't choose to make it a webserver cert on the CA the subject will be an email address rather than the FQDN of the server.

Please use plain text.
New Contributor
cezarq
Posts: 7
Registered: ‎01-08-2013
My Device: none

Re: Cant install Universal Device Service without valid certificate

Pls, take a look in the certificate that i'm using:

Certificate

Please use plain text.
Enterprise SME
-BD-
Posts: 525
Registered: ‎05-15-2008
My Device: Z10

Re: Cant install Universal Device Service without valid certificate

I can't view that since it has a password on it.

 

You can view the info in IIS on the computer you completed the CSR on. Open IIS and click on the servername and then select Server Certificates.  Double-click the certficate and go to the details tab.  Both the Subject and the SAN are available here.  One of these must be the intended public DNS of your Communication website

Please use plain text.
New Contributor
cezarq
Posts: 7
Registered: ‎01-08-2013
My Device: none

Re: Cant install Universal Device Service without valid certificate

[ Edited ]

Very Sorry... CPqD12345

 

Thats the problem, I dont have public DNS or external access... I'm using a internal network on my lab for the tests... IP range: 192.168.5.0/24

Please use plain text.
Enterprise SME
-BD-
Posts: 525
Registered: ‎05-15-2008
My Device: Z10

Re: Cant install Universal Device Service without valid certificate

[ Edited ]

The SAN of your cert looks to just be host name of the machine and not the FQDN.

 

DNS Name=WIN2K8R2

DNS Name=192.168.5.3

 

Also was this issued by an enterprise certificate authority?  It looks like a self-signed certiicate because I don't see any root cert attached to it.  If the root certificate isn't trusted it will fail.  When i import it into IE and look at the certfication path it shows:

 

This certificate has an invalid digital signature.

 

I do tend to use my internal FQDN in testing since I don't need public access to test. 

Please use plain text.