01-21-2010 01:26 PM
Can someone help me understand what needs to be configured on the BES or Handheld to allow connections https:// URLs. I get a message stating "unable to connect using the current security settings". It does not give me the option to download the certificate either.
04-05-2010 05:42 PM
04-08-2010 04:22 PM
I don't think we're alone in this.
First off, my BES config is as follows:
Single BB Domain - 4 BES
2x - BES 5.0 SP1 MR2 - Running on Win2K8 SP2 x64
2x - BES 4.1.6 - Running on Win2K3 x86
Now the specifics of my problem:
We're having very odd issues with the BES 5.0 MDS Connection component (specifically with HTTPS web servers). Sometimes HTTPS works for some sites, it NEVER works for others, and (weirdly) ALWAYS works for still others. This comes and goes and I have even gotten errors on simple HTTP (port 80) web browser requests. I've tested this over and over again (purging HH cache and replicating problem, etc) but can't find a single pattern. I error that I consistently get is the 'Error 400: Bad Request" followed in the details by the 'Connection Refused URLNAME.COM: 443
I have an open ticket with T-Support, and one of the techs said that this is a 'known issue' (but didn't elaborate) with how the MDS handles certificates. I haven't heard back on details or resolution.
BES Logs have shown an 'Invalid Proxy Server' entry during these failed requests. We use ISA for our proxy server and have a rule configured to allow all of the BES IP's to anonymously access the internet. ISA monitoring hasn't been too helpful, as it just shows requests going back/forth between the BES and the ISA during these 'Bad Request' sessions. Accessing some of the 'problematic' sites from the BES itself via IE is not a problem.
Browser settings are set to use the Blackberry browser
5.0 MDS 'Proxy Configuration
Universal Resource Locator: .*://.*(:\d*)?(/.*)*(\?.*)?
Proxy Item: PROXY myproxyserver.mydomain.com:80
Allow Untrusted HTTPS Connections: YES
This config was reviewed and validated by a RIM tech, as were the 4.1 BES proxy mappings.
This issue does NOT appear for ANY users on the 4.x BES, and there have NOT been any changes to our ISA/Proxy. I've sent logs to RIM for review but still no dice. We're needing to migrate SOON, however, but I just don't know where to look anymore. Strangely, Google searches yield definite hits, but no common solutions. ANY help is appreciated on this.
07-27-2014 02:51 PM
I have a Blackberry 9720 and suddenly could not connect to my banking site.
I had to enable "Permit Insecure Renegotiation - and then it worked.
Thank you for pointing me in the right direction!
07-27-2014 05:59 PM
BES 5 is a real pain with regards to accessing HTTPS sites. From past experience, I've found that certain SSL sites can pose issues. I've resolved it by importing the certificate from the site into the MDS-CS keystore. Most of the time it was due to the the site having multiple SANS in their certificate.
Try it out and let me know! I have a fair bit of experience dealing with MDS so fire away