12-07-2008 04:55 PM
First off we have S/MIME working on a lot Blackberry handhelds, but this is our first Bold.... and I don't have it in my possesion, a traveling VP does.
I am told that device OS v4.5+ does not need the SSP installed (last version of that I see is v4.1 but it works on v4.2 OS).
Controlled his PC nad did the custom install of Deskto Manager, with the Cert Synch option, got their soft keys in cert manager and sync over, with LDAP server, CRL, etc defined. All that went well as we did all steps except installing latest device code, as it has the lastest and I am told these newer OS versions don't have the issue with missing security modules, and on that same line S/MIME support is suppose to be part of the OS in these newer versions so no SSP install.
On the Blackberry he has Certificate Servers (and allservers are correct there), Certificates (and his certs, roots certs, etc are all there). But there is nothing there for S/MIME (were you set your default certs for signing and encryption and other related options). So has this menu moved to another location, or is there another way to set these options? I had him look at a few other places, but I didn't want to send him on a wild goose chase for something that may not even be there. I pulled down the 'UserGuideSupp_SMIME_Support_Package_full_keypad_t
12-08-2008 12:21 AM - edited 12-08-2008 12:22 AM
I just downloaded the Bold User Guide (userguide_bb9000_umts.pdf) and found this:
S/MIME-protected message options
Change your signing or encryption certificate
Your BlackBerry® device uses your encryption certificate to encrypt messages in the sent items folder and includes your encryption
certificate in messages that you send so that recipients can encrypt their reply messages.1. In the device options, click Security Options.
2. Click S/MIME.
3. In the Signing Options section or the Encryption Options section, change the Certificate field.4. Press the Menu key.
5. Click Save.
Yet the user swears there is no 'S/MIME' under 'Security Options'. So is the guide wrong or the user? Looks like I'll never know until I get one in my hands.
12-08-2008 01:39 PM
Ahh I see the post has been moved... The issue is also with the Storm btw. User documention for both devices talks about the S/MIME menu under Security Options... No such thing out of the box. Turns out that S/MIME support is not enabled by default, and you still must install the device firmware via desktop manager and enable/check the S/MIME support option. So having v4.5+ OS only cuts out the 9mb SSP package that we have to install on older devices. You still have to pull down the ~95MB device software though :-)
So RIM's documention leaves a lot to be desired on this issue.
Additionally, of the 3 Bolds and 1 Storm I have tried it on this morning, ALL have had the issue of being able to send encrypted emails, but not open encrypted emails they received (despite everthing looking good on the config). And on all of these, removing from the BES then adding back and activating again has corrected.
So still a lot of work to get encryption going even on newer devices. If this pattern of having to reactivate continues on these new devices, it will actually take longer to setup S/MIME than the units with older firmware.