12-27-2009 06:02 PM
I'm trying to log onto my wildblue account to check my bandwidth. I did this fine many times a few weeks ago. Now the certifcate shows a ? . When I go to the site in my browser I get a window that says
"You are attempting to open a secure conneciton but the servers certificate is not trusted."
Then I get the options of continue, close conneciton, view certifcate, and trust certifcate. It doesn't matter which one I click it loops back to the same window.
If I go into tools, certificates, and try to delete it, it then wants a key store password. I've used 2/10 with my normal passwords. I have never made a password that I know of. Is there a default one?
How do I fix this and could someone explain what a certifcate is and how they work on the phone?
I have a Curve 8330 and on V.188.8.131.52 (I know it's outdated but I'm chicken to update.)
Solved! Go to Solution.
12-28-2009 07:04 PM
talking about certificates is always a hard thing for newbies... let's say that it's like a passport that is edited by a country.
you will certainly accept the identity of someone if that person shows you a US passport, or a GB passport, but maybe not for a passport from Lesotho.
the passport is a certificate. It is quite public data, so any one can see it. It is used by a web server to declare "I am who I say I am". The country that edits the passport is an certificate authority. It's Verisign, Microsoft, Thawte, Cerplus or other trusted authorities.
when you are using your device browser, for some actions you will go to a secure website. there are two main reasons :
the website will show his certificate, and your browser will look at who edited the certificate. If the certificate authority is in the list of trusted CAs, then it's okay.
secondly : there will be a secured tunnel (SSL, the s in https:// ) that will guarantee that no one will be able to see the information you are exchanging with the website. for example is you go to https://www.facebook.com/ (same for BOA website).
that being said, the list of trusted CAs is stored everywhere : there is a list in your installation of Windows, there is a list in your installation of Mozilla Firefox, there is one inside the databases of your BlackBerry device.
what you want to do is reread the error message expalining why the certificate is not trustworthy. If it's because the authority is not trusted, then you can configure your device to accept it.
12-31-2009 12:06 PM
Thank you for the explanation. Now I'd like to learn how to fix it.
When I look at the certificate "?myusage.wildblue.net, VeriSign Class..." I don't see anything wrong with it. It says its explicity trusted. The server for this certifcate is Verisign and when I look at Verisign, it also says explicity trusted under the trust status and it also has a ? in front of it.
I'm missing something important. This site worked for me a few weeks ago and I am using https.
Is there a security setting that I need to raise? or something in the certificate servers that I should do something to? or application permissions?
01-01-2010 11:03 AM
01-03-2010 06:13 AM
01-03-2010 11:37 AM
This is what I've done. I read the sticky on password keeper. I then created a password for the password keeper, did a battery pull, and then used the password for password keeper for the keystore password in the certifcates. It accepted it. I then DELETED the certificate. I then went into the browser and tried to get on the site I've been trying to access and clicked trust. It left me in, but when I go back to certificates it has REPLACED the certificate but still has the ? before the certificate. It seems to be working but I'm not sure why there is a ? before the certifcate but at least now I have a password.
I had tried this same password before and it did not work and I was on attempt #3.
Thanks for your help. grace
08-02-2010 08:21 AM
I am having a similar problem with our Blackberry Tour's. We recently moved our mailserver to an IP off port "444". I can not add a cerificate for that site to the keystore. Anyone having similar issues?
07-06-2012 06:53 PM
07-06-2012 07:45 PM
a box pops up "the certificate could not be added to the trusted key store due to IT policy restrictions". What IT policy? This is a personal BB, not a business using BES. Is there a fix for this?
At some point in your BBs life (I have no way to know how, when, or why), it has been associated with BES...and no one properly removed the IT Policy after removing it from BES. Consequently, you are saddled with the restrictions of that IT Policy. To remove it, you must do this:
Beware of the warnings...it will be completely destructive to everything on your BB -- all apps, data, etc.
Be sure to take a backup first, so that you can restore your data after (you will need to re-acquire your apps, though). When you do the backup/restore, I recommend doing the backup "wholesale" (so that you are sure you have everything), but do not do the restore "wholesale"...if you do, you will simply restore the database that contains the IT Policy, and be right back where you are right now. Instead, do a selective restore of only those databases you need:
If you are already using a Desktop PIM for your contacts, calendar, etc., then you can simply re-configure (e.g., "forget" your BB from the Desktop Software and start over) your synchronization afterwards and continue going (so you can skip those databases during the restore).
Be sure to make backup your BBM Contact List to your Media card so that you can restore that as well afterwards.
If you have trouble, after the ResetToFactory, with email accounts and other BB-data services, then I would suggest the following steps, in order, even if they seem redundant to what you have already tried (steps 1 and 2 each should result in a message coming to your BB...please wait for that before proceeding to the next step):
1) Register HRT
2) Delete and Resend Service Books
3) Batt Pull Reboot
Hopefully that will get things going again for you! If not, then you should try deleting and re-adding your BIS configuration for the affected email accounts.