Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

New Contributor
Posts: 7
Registered: ‎01-05-2010
My Device: Not Specified

HTTPS Connections with Blackberry Bwowser

Can someone help me understand what needs to be configured on the BES or Handheld to allow connections https:// URLs. I get a message stating "unable to connect using the current security settings". It does not give me the option to download the certificate either.



Posts: 17
Registered: ‎03-12-2010
My Device: Curve 8530
My Carrier: Telus

Re: HTTPS Connections with Blackberry Bwowser

Hi jason778, I posted a similar issue a few days ago but so far haven't received any replies but on the device itself if you go to Options/Security Options/Advanced Security Options/TLS and set TLS Default to Handheld. I know on the BES side under your MDS properties, there is an option under TLS/HTTPS, Allow Untrusted HTTPS Connections and set to True. I haven't tried this yet to see if this works though.
New Contributor
Posts: 4
Registered: ‎04-08-2010
My Device: 8310
My Carrier: AT&T

Something's Going On Here...

I don't think we're alone in this.


First off, my BES config is as follows:


Single BB Domain - 4 BES

2x - BES 5.0 SP1 MR2 - Running on Win2K8 SP2 x64

2x - BES 4.1.6 - Running on Win2K3 x86


Now the specifics of my problem:


We're having very odd issues with the BES 5.0 MDS Connection component (specifically with HTTPS web servers). Sometimes HTTPS works for some sites, it NEVER works for others, and (weirdly) ALWAYS works for still others.  This comes and goes and I have even gotten errors on simple HTTP (port 80) web browser requests.  I've tested this over and over again (purging HH cache and replicating problem, etc) but can't find a single pattern.  I error that I consistently get is the 'Error 400:  Bad Request" followed in the details by the 'Connection Refused URLNAME.COM: 443


I have an open ticket with T-Support, and one of the techs said that this is a 'known issue' (but didn't elaborate) with how the MDS handles certificates.  I haven't heard back on details or resolution. 


BES Logs have shown an 'Invalid Proxy Server' entry during these failed requests.  We use ISA for our proxy server and have a rule configured to allow all of the BES IP's to anonymously access the internet.  ISA monitoring hasn't been too helpful, as it just shows requests going back/forth between the BES and the ISA during these 'Bad Request' sessions.  Accessing some of the 'problematic' sites from the BES itself via IE is not a problem.


Browser settings are set to use the Blackberry browser

5.0 MDS 'Proxy Configuration

Universal Resource Locator:   .*://.*(:\d*)?(/.*)*(\?.*)?

Proxy Item:  PROXY myproxyserver.mydomain.com:80

Allow Untrusted HTTPS Connections:  YES

This config was reviewed and validated by a RIM tech, as were the 4.1 BES proxy mappings. 


This issue does NOT appear for ANY users on the 4.x BES, and there have NOT been any changes to our ISA/Proxy.  I've sent logs to RIM for review but still no dice.  We're needing to migrate SOON, however, but I just don't know where to look anymore.  Strangely, Google searches yield definite hits, but no common solutions.  ANY help is appreciated on this.


El Kabong

New Contributor
Posts: 2
Registered: ‎10-22-2012
My Device: Blackberry Curve 9360
My Carrier: Vodacom

Re: HTTPS Connections with Blackberry Browser

Hi sneaker99,

I have a Blackberry 9720 and suddenly could not connect to my banking site.

I had to enable "Permit Insecure Renegotiation - and then it worked.

Thank you for pointing me in the right direction!



Super Contributor
Posts: 278
Registered: ‎04-01-2008
My Device: Z30

Re: Something's Going On Here...

BES 5 is a real pain with regards to accessing HTTPS sites. From past experience, I've found that certain SSL sites can pose issues. I've resolved it by importing the certificate from the site into the MDS-CS keystore. Most of the time it was due to the the site having multiple SANS in their certificate.


Try it out and let me know! I have a fair bit of experience dealing with MDS so fire away Smiley Happy

Don't forget to hit like if I resolved your issue! Smiley Happy