03-20-2013 05:29 PM - edited 03-20-2013 05:30 PM
I have installed custom CA certificate on my phone BB Z10, but I still get warning "Site Identity Not Verifiable" in browser. Could anyone help me with this?
Solved! Go to Solution.
06-01-2014 09:35 AM - edited 06-01-2014 09:41 AM
I have a Z30 and have this problem. But I can not find any "WEB store" area during the import process.
Settings -> Security and Privacy -> Certificate
Find and Select "My Custom CA" (that I already imported)
Certificate Details screen shows: "Certificate is valid", "Certificate is trusted", also "Trusted" is ticked.
When I Import various kinds of certificates, "CA", "Intermediate CA" and "SSL Web Client identification", it places them into the areas (stores) I expect:
CA => Authorities
Intermediate CA => Other
SSL Web Client Identification => My Certificates
These are the areas you can filter the certificate display by when looking at the main "Certificates" screen.
The import process only offers me an option to "Restrict to VPN" and "Restrict to
Now in the BlackBerry 10 browser, I get a Red error marker next to left hand side of URL info.
Inside "Site Info" function, I get a warning dialog about "This site may not be trustworthy" and I have to press "More Info" to proceed.
Then it claims "The certificate to identify blahblah.mydomain.com has not been verified by a trusted source".
I then click "View Certificate".
I get the complete certificate chain as I expect. The toplevel "My Custom CA" has inside the "General" tab the information: "This certificate is not trusted", "This certificate is a root certificate", "This certificate can: ...6 things listed".
I have verified the complete certificate chain and they are all the correct certificates needed to be a correct chain.
I am able to access the website without any certificate chain errors or warnings from a different general purpose browser.
So how do I enable "My Custom CA" to be available to a certificate to the BlackBerry browser ?
Please describe where in this process a Z10 is different, since I don't have a Z10 to check myself.
NOTE here is another thread I started 6 months ago with no answer, http://supportforums.blackberry.com/t5/BlackBerry-
06-01-2014 02:18 PM
After some hours of experimentation and reissuing, deleting, reconfiguration of webserver, installing certificates.
It seems the BB10 does not support a custom intermediate certificate when the CA is installed by the user. It only seems to support preloaded CA+Intermediates.
The webserver does respond with all 3 certificates in the chain, the "CA", the "Intermediate" and the "website". This certificate chain works and validates on Windows using a desktop browser.
But if the Intermediate is removed frmo the chain, so it is a "CA" and a "website cert" the BB10 based mobile works as expected, with no warning or errors.