Thank you for visiting the BlackBerry Support Community Forums.
BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)
BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.
"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."
- Kevin Michaluk, Founder, CrackBerry.com
Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.
03-06-2013 05:17 PM - edited 03-06-2013 05:19 PM
We have a custom content filtering application that we have deployed to regular computers without any problems, but that seems to be having issues working with Blackberry devices. We have enabled the MDS service in order to redirect all the browser traffic through the BES (5.0.4), and have installed our application on the server.
The users can get access, and the filtering works properly, with the following caveat: HTTPS access shows errors for all websites. This is because our application intercepts HTTPS traffic and changes the certificate to one based on our own custom root CA certificate.
What we have tried:
Installed the root certificate into the server's keystore
Installed the root certificate into the Java keystore
Installed the root certificate into a device's keystore manually (by emailing it to the device)
Error messages we are recieving:
The server certificate chain is not valid before <current date>
Stale Chain Status
Unknown Chain Status
Apparently, we aren't allowed to contact support without laying out $20k for a whole year, instead of paying upfront for one support call. Can any of you help me figure out why this error is happening, despite the fact that the root certificate has been installed on the server and the device, and HTTPS access works as expected on the server's browser?
Our software grabs traffic using a Windows LSP (Layered Service Provider), instead of acting as a normal HTTP/HTTPS proxy. Certificates for each HTTPS website are created on the fly and cached for a while, and have an expiration date at least one year in the future. The "Valid From" date is the same moment that the certificate is created. Perhaps the blackberry browser would prefer that the "Valid From" date be farther into the past? No other browser has ever had any problems, though.
Solved! Go to Solution.
03-28-2013 01:12 PM
I thought I'd write in to tell everyone how we solved this problem.
We modified our custom internet filting application to generate a certificate with a VALID FROM date that is 10 days in the past, instead of being the the same date and time as when it was generated. This seems to have stopped the errors on our test devices.
We still really wish we had a way to push out a root cerificate without requiring the users to muddle around with an email attached certificate or clicking a link in a webpage.