Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
Posts: 12
Registered: ‎06-26-2013
My Device: Q10
My Carrier: Telus

Re: E-Mail Authentication with certificate successful solved?

Don't waste your time with BB Support trying to get this going. We have Advantage TSupport and after 2 weeks of trying to solve the SCEP and iOS issue, the tech then pointed me to that KB (which was published 2 weeks prior at that point). Very disappointed with the UDS.

 

Prior to me working on the iOS, getting an Android up and running using certs was very convulated but at least you can use the SWS. Similar experience with BB Support, 2 weeks of sending in logs, etc and then they said "SCEP is not supported on the Android". I'm not sure how other MDM providers say they support SCEP but we have started to look at other MDM offerings.

 

So to make a long story short, I found a way to manually create the cert, export it to .pfx, create an individual user cert profile on UDS and then assign it to the specific user. It turned out to be a 30 page admin doc for setting up a user. Also, no idea on what happens once the cert expires but I'm sure there is probably no automatic renewal and you would have to repeat the same process. Maybe ok for a handful of users but not sustainable for a large number to provision and maintain.

 

I didn't even bother trying this same process for the iOS after they told me we have to use the MDM controls (and not SWS) for SCEP to work. Very frustrating experience.

 

Using SCEP for blackberries (BDS) works like a charm if you had set it up correctly. However, they have a long way to go with respect to iOS and Android though.

Regular Contributor
Posts: 53
Registered: ‎05-22-2013
My Device: Blackberry Z10
My Carrier: EE

Re: E-Mail Authentication with certificate successful solved?

Hi

 

Yes, agreed it's not great in UDS

 

However, we came from MobileIron - SCEP isn't working there either for iOS and Android!

New Contributor
Posts: 6
Registered: ‎07-15-2014
My Device: Z10
My Carrier: Bell

Re: E-Mail Authentication with certificate successful solved?

Thanks for that guys, luckily i don't have any androids to support, BB and iOS is enough.

that was my conclusion last night was that it would need another CAS, however another issue is that I have a few users that have a Blackberry and an iPad.

Any ideas how that might work? i can't see how i could get each device to go through a different cas for the same mailbox?

 

thanks for your input

 

Regular Contributor
Posts: 53
Registered: ‎05-22-2013
My Device: Blackberry Z10
My Carrier: EE

Re: E-Mail Authentication with certificate successful solved?

Hi

 

Sorry i can't help you.

 

All i know is that we have separate Mailbox and CAS servers in our cetnral location - other locations have mailbox and CAS on teh same box. These users are knackered unless we build a separate CAS in each locatin, but centrally, we have 3 CAS servers - 2 using certificate auth and 1 basic working fine.

 

Chas

Regular Contributor
Posts: 53
Registered: ‎05-22-2013
My Device: Blackberry Z10
My Carrier: EE

Re: E-Mail Authentication with certificate successful solved?

Oh, and users (me) have iphone / ipad and blacberry and all working fine. BB is SCEP'd on the secure CAS the other 2 are not.

Chas

New Contributor
Posts: 6
Registered: ‎07-15-2014
My Device: Z10
My Carrier: Bell

Re: E-Mail Authentication with certificate successful solved?

great to hear - not sure how it works but as long its possible i'll figure it out. Thanks
Regular Contributor
Posts: 53
Registered: ‎05-22-2013
My Device: Blackberry Z10
My Carrier: EE

Re: E-Mail Authentication with certificate successful solved?

Yeah, sorry i'm not an exchagne guy - our exchange team sorted that. Maybe it's to do with subnets or something - if its in the same subnet then you can use any?

Contributor
Posts: 12
Registered: ‎06-26-2013
My Device: Q10
My Carrier: Telus

Re: E-Mail Authentication with certificate successful solved?

I believe you just have to publish another activesync virtual directory on the same CAS servers. However, this would mean an additional IP Address, another alias to the Exchange cert, etc. You then set that virtual dir for basic auth.

 

There is a section in this link which talks about it.

http://www.msexchange.org/articles-tutorials/exchange-server-2010/mobility-client-access/configuring...

BlackBerry Employee
Posts: 750
Registered: ‎05-15-2008
My Device: Z10
My Carrier: Rogers

Re: E-Mail Authentication with certificate successful solved?

You can setup a CAS to accept both basic authentication and certfiicates.  My test environment has a mixture of users using both.  You just need to have basic auth enabled and certficates set to accepted rather than required.

New Contributor
Posts: 6
Registered: ‎07-15-2014
My Device: Z10
My Carrier: Bell

Re: E-Mail Authentication with certificate successful solved?

Did you create a second activesync virtual directory or is that the settings on the default virtual directory? I didn't think it was possible to run both certificates and basic authentication through one activesync virtual directory