Hello,
We have a custom content filtering application that we have deployed to regular computers without any problems, but that seems to be having issues working with Blackberry devices. We have enabled the MDS service in order to redirect all the browser traffic through the BES (5.0.4), and have installed our application on the server.
The users can get access, and the filtering works properly, with the following caveat: HTTPS access shows errors for all websites. This is because our application intercepts HTTPS traffic and changes the certificate to one based on our own custom root CA certificate.
What we have tried:
Installed the root certificate into the server's keystore
Installed the root certificate into the Java keystore
Installed the root certificate into a device's keystore manually (by emailing it to the device)
Error messages we are recieving:
The server certificate chain is not valid before <current date>
Stale Chain Status
Unknown Chain Status
Apparently, we aren't allowed to contact support without laying out $20k for a whole year, instead of paying upfront for one support call. Can any of you help me figure out why this error is happening, despite the fact that the root certificate has been installed on the server and the device, and HTTPS access works as expected on the server's browser?
Additional detail:
Our software grabs traffic using a Windows LSP (Layered Service Provider), instead of acting as a normal HTTP/HTTPS proxy. Certificates for each HTTPS website are created on the fly and cached for a while, and have an expiration date at least one year in the future. The "Valid From" date is the same moment that the certificate is created. Perhaps the blackberry browser would prefer that the "Valid From" date be farther into the past? No other browser has ever had any problems, though.
