Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Z10

Reply
New Contributor
Ground
Posts: 2
Registered: ‎03-20-2013
My Device: BB Z10
Accepted Solution

Installed custom CA certificate but not trusted by browser

[ Edited ]

I have installed custom CA certificate on my phone BB Z10, but I still get warning "Site Identity Not Verifiable" in browser. Could anyone help me with this?

 

New Contributor
Ground
Posts: 2
Registered: ‎03-20-2013
My Device: BB Z10

Re: Installed custom CA certificate but not trusted by browser

I had to import it into WEB store. It is working

Contributor
dlmiles
Posts: 20
Registered: ‎02-12-2013
My Device: Z30

Re: Installed custom CA certificate but not trusted by browser

[ Edited ]

I have a Z30 and have this problem.  But I can not find any "WEB store" area during the import process.

 

Settings -> Security and Privacy -> Certificate

 Find and Select "My Custom CA" (that I already imported)

 Certificate Details screen shows: "Certificate is valid", "Certificate is trusted", also "Trusted" is ticked.

 

 

When I Import various kinds of certificates, "CA", "Intermediate CA" and "SSL Web Client identification", it places them into the areas (stores) I expect:

 

CA => Authorities

Intermediate CA => Other

SSL Web Client Identification => My Certificates

 

These are the areas you can filter the certificate display by when looking at the main "Certificates" screen.

 

 

The import process only offers me an option to "Restrict to VPN" and "Restrict to

 

 

Now in the BlackBerry 10 browser, I get a Red error marker next to left hand side of URL info.

Inside "Site Info" function, I get a warning dialog about "This site may not be trustworthy" and I have to press "More Info" to proceed.

Then it claims "The certificate to identify blahblah.mydomain.com has not been verified by a trusted source".

I then click "View Certificate".

I get the complete certificate chain as I expect.  The toplevel "My Custom CA" has inside the "General" tab the information:  "This certificate is not trusted", "This certificate is a root certificate", "This certificate can: ...6 things listed".

 

I have verified the complete certificate chain and they are all the correct certificates needed to be a correct chain.

I am able to access the website without any certificate chain errors or warnings from a different general purpose browser.

 

So how do I enable "My Custom CA" to be available to a certificate to the BlackBerry browser ?

 

Please describe where in this process a Z10 is different, since I don't have a Z10 to check myself.

 

NOTE here is another thread I started 6 months ago with no answer, http://supportforums.blackberry.com/t5/BlackBerry-10-Smartphone/BB10-Browser-custom-CA-custom-Interm...

 

Thanks

Contributor
dlmiles
Posts: 20
Registered: ‎02-12-2013
My Device: Z30

Re: Installed custom CA certificate but not trusted by browser

After some hours of experimentation and reissuing, deleting, reconfiguration of webserver, installing certificates.

 

It seems the BB10 does not support a custom intermediate certificate when the CA is installed by the user.  It only seems to support preloaded CA+Intermediates.

 

The webserver does respond with all 3 certificates in the chain, the "CA", the "Intermediate" and the "website".  This certificate chain works and validates on Windows using a desktop browser.

 

But if the Intermediate is removed frmo the chain, so it is a "CA" and a "website cert" the BB10 based mobile works as expected, with no warning or errors.