03-08-2010 03:01 PM
I'm connecting to an ASP.NET webservice via a HTTPS connection. The certificate is not issued by a trusted authority, but if I click accept certificate in the Blackberry simulator, it trusts the certificate.
But when I move to an actual device (A personal device), it says something like - Certificate cannot be trusted due to domain rule violation. I could go into Options > Security > Certificate and then explicitly tell Blackberry to trust it, but I can't expect my users to do the same.
Any ideas on why this is happening?
03-08-2010 04:37 PM
This is probably because it's not just that you certificate's chain of trust can't be verified, but also that the CN field of the certificate doesn't match the hostname to which you are connecting. A fix would be to generate a certificate with a CN matching the hostname, or to connecting using the hostname matching the CN of the existing certificate.
P.S. Keep in mind that, if I'm not mistaken, it's possible to enforce the verification of chain of trust via IT Policy, meaning that on those devices where it's enforced, your certificate will be rejected unconditionally.