Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
Posts: 49
Registered: ‎05-30-2008
My Device: Not Specified

Replacing expiring server cert on our Comm Server

The public facing certificate that we use to activate iphones on our BES10 Comm server is expiring soon.  It is easy enough to renew from verisign and place into our server and to configure the BES10 box to recognize.  New activations go smoothly and reflect the new certificate expiration.  The problem is that we are within the 14 day period of the old certificate expiring and devices previously provisioned with that certificate do not update.  We have tried tapping the BES10 icon which should be all that is necessary but nothing happens other than reflecting the device is compliant with our corporate policy.  Given the large number of users we have we do not want to have them uninstall the BES10 from their device and go through the exercise of downloading it again from the apple app store and installing it again.  However, that is all that seems to work.  Is there a better way?  This is silly if you can only update the cert by uninstalling the product.  If anyone has a suggestion I am all ears.  Thanks!

New Contributor
Posts: 2
Registered: ‎03-16-2011
My Device: Not Specified

Re: Replacing expiring server cert on our Comm Server

I'd like to know, too, if anyone has any ideas.  It took me several months, but I finally realized that most of our devices stopped communicating with our UDS server right around the time that I renewed our Apple certificate.  The renewal went just fine, but clearly I have absolutely no idea what I'm supposed to do next.  It says something about importing the pfx file and there's a link to learn more, but it leads to a useless page and now I have no idea what to do.

Contributor
Posts: 49
Registered: ‎05-30-2008
My Device: Not Specified

Re: Replacing expiring server cert on our Comm Server

You need to import the certificate via the MMC into the certificate store.

New Contributor
Posts: 2
Registered: ‎03-16-2011
My Device: Not Specified

Re: Replacing expiring server cert on our Comm Server

Thanks for the reply!  How do I get the certificate in order to import it?

Contributor
Posts: 49
Registered: ‎05-30-2008
My Device: Not Specified

Re: Replacing expiring server cert on our Comm Server

1) you need to hit renew on you UDS on the apple cert. It will download a file.  Save it to a seperate folder so you know where it is.  It is a .SCSR file.

2) go to the apple portal where your apn was originally downloaded.

3) "Renew" the one you are using.  During that process you will upload the file you downloaded in step 1 above.

4) Once that is done download the APN from the apple portal you just renewed.  It will be a .PEM file.

5) Within the UDS upload the .PEM  from within the admin console you are using in #1 above. You will need to put in a password.  The process will also result in you downloadeding a .PFX file.

6) import the .PFX file in the certificate store with the MMC on your UDS.