Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

New Developer
Posts: 8
Registered: ‎02-17-2009
My Device: Not Specified

How To: Enable SSL for inbound MDS-CS Push requests

I found a very quick and easy way to get SSL working for inbound SSL requests to the MDS-CS Push server.  The drawback is that you need to take the generated public certificate and add it to the Trusted Root of every calling application (or webserver).


Part 1: Configure the BES server

  1. Open the Blackberry Server Configuration applet
  2. Click on Mobile Data Service
  3. Create a password for the keystore.  A common password is "changeit"
  4. Set the usename for "Keystore Generation Information". 
    note: The username here is mislabled.  It really should be called machine name.  For the most flexibility, I sugguest making a wildcard certificate such as *.company.com
  5. Click Create Keystore File
  6. Open Blackberry Manager 4.6 (or similar version)
  7. Select the server (named ServerName_MDS-CS_#)
  8. Click Properties
  9. Click Access Control
  10. Change Push Encryption to True
  11. Press OK
  12. Click restart service

Part 2: Configure the client

  1. Navigate to the server using a web browser https://server:8443
  2. Use the browser-specific method to view and export the certificate as a .CER file
  3. Add this .CER file to the Trusted Roots of every server/process that needs to do Blackberry MDS CS Pushes


If you continue to have issues, search this forum for my sample application that assists in troubleshooting inbound MDS-CS pushes.