Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry Push Development

Reply
Highlighted
Contributor
Posts: 15
Registered: ‎05-05-2014
My Device: Bold 9900
My Carrier: ATT
Accepted Solution

SSL cert expired for BlackBerry Push endpoints last thursday!

There is a wildcard cert used for the BlackBerry Push Eval endpoints that expired last thursday.  My push service integration code does proper cert validation and can no longer send.  I checked several cpNNNN.pushapi.eval.blackberry.com endpoints and they all share the same expired SSL server cert (not surprising that they are shared, surprising that it is expired).

 

To test:

 

openssl s_client  -connect cp4714.pushapi.eval.blackberry.com:443

 

Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : RC4-SHA
Session-ID:
Session-ID-ctx:
Master-Key: E6D069A6416C5672A99B5D7FA4482190D03E9E14985FE2EB33AF51C580151200490CB06874412C62DAA945A35EA2BE22
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1402341727
Timeout : 300 (sec)
Verify return code: 10 (certificate has expired)

 

From the server cert returned:

 

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:49:cb:40:09:a7:d3:fb:72:f2:ee:4b:97:39:28:47
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thawte, Inc., CN=Thawte SSL CA
Validity
Not Before: Jun 5 00:00:00 2013 GMT
Not After : Jun 5 23:59:59 2014 GMT
Subject: C=CA, ST=Ontario, L=Waterloo, O=Research In Motion Limited, OU=IT, CN=*.pushapi.eval.blackberry.com

 

Any ETA on when a new server cert will be installed on the pushapi.eval.blackberry.com endpoints?

 

Contributor
Posts: 15
Registered: ‎05-05-2014
My Device: Bold 9900
My Carrier: ATT

Re: SSL cert expired for BlackBerry Push endpoints last thursday!

Looks fixed now.  New certs from June 11 00:00:00 2014 GMT through Jun 11 23:59:59 2015 GMT are in place.