Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Highlighted
Trusted Contributor
Posts: 146
Registered: ‎08-18-2010
My Device: Z10
My Carrier: Vodafone.de
Accepted Solution

NDES SCEP does not work anymore cause RA-Certificate expired. I am unable to renew the certificate

Hello together,

 

First, happy new year to all.

 

Hope someone can help me out.

About six months ago we have configured SCEP for BB10 successfully.

 

This was working since the RA-Certificates on the CA were vaild.

 

Since middle of december 2013 SCEP is not working anymore because the RA-Certificates on the CA are expired.

And I am unable to renew these.

It gives me an error that I have not permissions to use the templates like: "You do not have permissions on the certificate template..."

 

When I check the Security Tab of the Certificate Template I do have the read, write and enroll rights.

 

These certifcates must be created during the installation (enabling) of the NDES feature on the CA automatically.

 

The questions is how can I renew these certificates.

Do I need to uninstall the NDES Feature and install it again?

Or is there any other way how to renew these certificates?

 

You can find these certificates on the Personal Store on your CA(or where NDES is running).

 

Thanks in advance,

 

hape

 

 

 

 

Trusted Contributor
Posts: 146
Registered: ‎08-18-2010
My Device: Z10
My Carrier: Vodafone.de

Re: NDES SCEP does not work anymore cause RA-Certificate expired. I am unable to renew the certificate

We could solve the issue:

 

http://www.networksteve.com/forum/topic.php/Network_Device_Enrollment_Service_-_Renewing_service_cer...

 

to request and install CEP Encryption Certificate and Exchange Enrollment CertificateLog on NDES-Service-Account, visit http://<servername>/certsrv, choose Request a certificate, click advanced certificate request, click Create and submit a request to this CA.Choose Exchange Enrollment Certificate, type some basic information, click Submit. Continue and install the certificate.Repeat to request and install CEP Encryption Certificate.Open MMC. Click File menu, click Add/Remove Snap-in button, click Certificate, click Add, choose Local Computer, click Add again, choose current User, click OK.Open Personal certificates of Current User, move new Exchange Enrollment Certificate and CEP Encryption Certificate to Personal certificate of Local Computer.Run " iisreset" to reset IIS. Try to visit http://<servername>/certsrv/mscep_admin and http://<servername>/certsrv/mscep.

 

or see chapter:Renewing Service Certificates

 

http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-nd...

 

regards,

hape