Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry Push Development

Perform a browser push over SSL

by Retired ‎02-17-2010 02:11 PM - edited ‎02-18-2010 05:03 PM (4,181 Views)


This article applies to BlackBerry® wireless devices based on Java™.


When performing a browser push, it is possible to send the push content from your application to the BlackBerry Mobile Data Service over Secure Sockets Layer (SSL). When using SSL, the browser push is accomplished in a similar manner as a non-SSL browser push. The only difference is the port to which the push application sends the push on the Mobile Data Service. The default SSL listen port on the Mobile Data Service is 8443.

Prior to sending a push over SSL, configure Mobile Data Service to allow for SSL push connections.

The default SSL push listen port (8443) will not bind on the Mobile Data Service Server unless the following occur:

  1. The Mobile Data Service Server has its keystore enabled.
  2. A certificate has been imported into the keystore created in step one.
  3. Push Encryption is enabled on the Mobile Data Service Access Control tab.

Note: For more information about enabling Mobile Data Service to accept push content over SSL, see the BlackBerry Enterprise Server Administration Guide: version 4.0.

Browser Push Message Flow Over an SSL Connection

  1. The browser push application requests an SSL page from a web server.
  2. The browser push application server connects to the Mobile Data Service SSL push server listen port (8443). It then authenticates with the certificate Mobile Data Service that has been imported into its keystore, and pushes the data to Mobile Data Service securely over SSL.
  3. Mobile Data Service validates the push application to have access to push content via the settings on the Access Control tab.
  4. Mobile Data Service determines the user's host Mobile Data Service server and, if required, sends the content to that Mobile Data Service server via port 81.
  5. The user's host Mobile Data Service server pushes the SSL encrypted web page to the device.
    • If server-side SSL is configured (configurable on the device under Options > TLS/SSL), Mobile Data Service decrypts the page first using the SSL certificate from its keystore and then pushes it to the device using triple Data Encryption Standard (DES) or Advanced Encryption Standard (AES) encryption.
    • If device-side SSL is configured, Mobile Data Service first pushes the SSL and triple DES or AES encrypted page to the device. Then, the device decrypts it using triple DES or AES, then SSL.

      Note: The device will be prompted to accept the web page certificate at this point unless it is already stored (configured on the device under Options > TLS/SSL).

  6. If the device is not in coverage or is turned off, the following three things can happen:
    • If a Password Authentication Protocol (PAP) push was utilized, the content is cached in Mobile Data Service for the duration specified in the PAP settings. Rebooting the server will not cause this content to be lost.
    • If "X-Rim-Push-Reliability-Mode" was specified, the push will be stored in RAM on the BlackBerry Enterprise Server™ for the specified duration. If the Mobile Data Service server is rebooted or the service restarted, the push is lost.
    • If no reliability methods were used, the push is stored in RAM until the Flow Control Timeout duration is reached (set in Mobile Data Service, on the General Tab of Mobile Data Service (the default is 10 minutes)), at which time the push is discarded.

Additional Information

For more information on creating a browser push application, see the BlackBerry Wireless Handheld Browser 4.0 Content Developer Guide.

Users Online
Currently online: 22 members 2,191 guests
Please welcome our newest community members: