How to change the SSL certificate for BlackBerry Enterprise Express Server

Recently I found myself once again face to face with my oldest arch rival….BlackBerry.  Yes, this foe and I have been in disagreement for years now.  Dealing with her secret menu’s, unheard of limitations, lack of technological advancement, and of course, the disregard of dismissing what IT admins need out of this software in order to be succesful.  I have claimed victory and defeat when it comes to BES, but this time I was faced with something new, something different.  Here is some background.

When installing the BES Express software, there are two administration web sites that are created along with the adminstrators web page.  These web sites are created during the install and a self assigned certificate is installed as well in order for the SSL to work.  During the installation, there is a NO information telling you this, nor does it allow you to install your own SSL certificate.  All it gives you is the chance to create a password for your SSL certificate, but it says nothing about that this is the password you are going to use for the KEYSTORE.  Yes, this is not IIS or Java stuff, but this is kind of like TomCat, some Unix type stuff.  It is important that you know this password in order to change the SSL certificate later as I will explain in the step by steps.

 Step 17 installation

So what I have done is created a step by step process on how to remove the self assigned certificate that is installed during the installation.  Changing the SSL certificate is no easy task and I am sure it will be different for everyone, but this is a good start, plus I didn’t find anything on the web explaining how to do this.  I had to figure it out on my own.  Ready?  Here we go.

Backup the Keystore first:

1.  browse to “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore”

2.  copy the file web.keystore

3.  paste it and rename it to web.keystore.OLD

Delete the SSL certificate that was installed with BES Express

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -delete -alias httpssl -keystore “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore”

4.  Enter password for Keystore.

Generate the BlackBerry Admin Service certificate key pair

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -genkey -alias httpssl -keystore “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore” -storepass “password” -keyalg RSA -keysize 2048 -dname “cn=FQDN OF SERVER,ou=BES,o=RIM,c=CA”

4.  Enter password for keystore. *Verify that there is no spaces in the -dname switch inside the quotes

Generate a certificate request to the certification authority

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -certreq -alias httpssl -keystore “c:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore” -file cert.req -keyalg RSA -keysize 2048

Request the certificate for your (CA) certificate authority or 3rd party certificate authority

1.  Request the certificate, make sure to save your certificate as CERTIFICATE.CER

2.  Find where the the certificate is located, then double click on the certificate.

3.  Click the tab “DETAILS” then click “COPY TO FILE..” located at the bottom of the window.

Push the Copy to File button

4.  Click NEXT

5.  For the Export file format select:  Crytographic Message Syntax Standard – PKCS #7 Certificates (.P7B) and make sure the check box is checked “Include all certificates in the certification path if possible”.

6.  Choose a file path, make sure to place the file in “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

7.  Click Finish

Import the CA certificate into the BlackBerry Administration Service key store

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command  keytool -import -alias httpssl -keystore “c:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore” -file filename.p7b

4.  Type YES to accept your certifcate.

Restart the BlackBerry Administration Service

1.  You can either just restart your BES server or just stop the administration service.

That should do it.  If you did all this correctly, then when you browse to the BES websites, the SSL certificate in the browser should show the one you installed instead of the one that reads as an error on all browsers.  you know the kind, the one that says the site is dangrous an tries to scare people away.  I never agreed to that.  BlackBerry’s software is a lot like this kid running down these stairs, just one big FAIL.  Comment if you want, if you dont its okay, its only BES.


Microsoft Surface vs Apple iPad

Microsoft drew the curtain up on their newest project called Surface, which is a tablet computer.  So naturally, a lot of people in the industry and consumers alike are trying to compare it to the iPad.  I wanted to take a few minutes to downplay this and try to explain a few facts on why I believe these two products are very different and can not be compared.

1.  Surface primary target is the corporate user.  Yes, the corporate user is now going to get a mobile device that will cater to their professional needs.  This is a very nobel approach Microsoft is taking because they finally listened to their customers when they stated these claims.  For the normal corporate user to a powerful executive, the only true way to be mobile and be connected is either from a mobile device such as a smartphone or from a laptop either big or small.  Nothing in the market is offered inbetween.  Andriod offers a tablet called Galaxy but it has no extensions reaching out to the Microsoft stack, and Apple has the iPad which also does not only do the Microsoft stack but it does little to no good connecting a normal or high end user back to their corporate world other than email or web browsing.  BlackBerry has a tablet as well as the Amazon Kindle, but they both favor their own software and product needs, thus not addressing the corporate user in any way or fashion.  But with Surface, this will be the first tablet engineered to target the corporate user.  Sure the normal consumer can use it an I am sure kids can as well,  but they are not the target. Who is?  If you have a Windows computer as your primary desktop/laptop an you carry around an iPad, then you are the target.

2.  Windows App store.  This is going to be the challenge for Microsoft.  How can they compare to Apple’s app store?  Honestly, it can’t.  Apple’s app store has millions and millions of apps for sale an download.  The Kindle has the Amazon app store as well as millions of ebooks.  Google has an app store for their tablet customers which is building very fast.  Microsoft has an app store that is so young and fresh that a lot of users may not even know it is there.  But Microsoft needs is to convince their 3rd party partners and developers to help build applications so the app store can be big enough to attract an keep customers attached to the Surface just as much as they would any other smart phone or mobile device.

3.  Generating more reasons to move to Windows 8.  Microsoft is rolling out Windows 8 later this year.  What better to attract users to the new operating system by giving them a new way to compute on a new device using Windows 8.  Users will be able to harness an experiance the benefits of Windows 8 on Surface probably before their own desktop gets upgraded.  But that is part of the focus here.  This method works.  Apple has been doing it for years with iOS.  I know iOS and OSX are not the same, but the push to keep users drawn to them comes when Apple makes major operating system releases.  And this method works well.  I am sure Microsoft is going to try it, or else we would of seen Surface pre-loaded with Win7 a year ago.

Keep in mind, Microsoft is tapping into the tablet market in a very creative way.  They are not going to go “heads up” against Apple and challenge the iPad, that would be suicide.  But what they are trying to do is help their already Windows users not only embrace Windows 8, but help them work more seamless using Windows 8 on their desktop and Surface tablet.  It is a huge gamble, Microsoft has already tried to jump into the MP3 player world with Zune, and we all know how that went.  But with this tablet, it is different, it is very ambitious, and in the end may proove to be very succesful.  So in conclusion, in no way do I see that these two products can be compared.  They both have areas where one does what the other one does not do and vice versa.  I would say, by the time the Surface is released, and Windows 8 is released, it will be very clear just how different the iPad and Surface are.

At least Roy and Moss like it 🙂

my newest House mix up on Soundcloud

dj aQue 2012 Summer Kickoff mix

Tracks from Tocadisco, Wolfgang Gartner, Afrojack, Cedric Gervais, Richard Vission and many more. Plus bonus KROQ 80’s classic mix

All put down in one continuous mix with no stop editing by me, dj aQue

Some tracks are old, some are new, this is just what moves


1. Straight Outta Compton (Cazzette’s Ass Sniffin’ Hounds Bootleg) – Cazzette vs N.W.A.
2. Get Down – Richard Vission & Trash Yourself
3. Jello (Quintino Remix) – Far East Movement feat Rye Rye
4. That Miami Track (Bassjackers Remix) – Tocadisco feat. Julian Smith
5. Sorry For Party Rocking (Wolfgang Gartner Remix) – LMFAO
6. Who’s That Chick (Afrojack Dub Remix) – David Guetta feat. Rihanna
7. Papi (Sidney Samson Remix) – Jennifer Lopez
8. Redline (No Body Deluxe Remix) – Wolfgang Gartner
9. Can’t Stop Me (feat. Shermanology)(Tiesto Remix) – Afrojack
10. We Own The Night (Original Mix) – Tiesto & Wolfgang Gartner Feat. Luciana)
11. Feels This Good (Original Mix) – Richard Vission vs Luciana
12. Molly (Original Mix) – Cedric Gervais
13. I like That (Original + Angger Dimas Remix)(arranged by DJ aQue) – Richard Vission & Static Revenger Feat. Luciana
14. Everything Is Beautiful – Static Revenger feat. Taj Bell
15. Let It Go (Laidback Luke Remix) – Dragonette

— Classic KROQ 80’s mix done with 100% VINYL begins at 01hr 03min 37sec mark 01:03:37 —
1. A Million Miles Away – The Plimsouls (1983)
2. Vacation – The Go-go’s (1982)
3. Shake It Up – The Cars (1981)
4. Sex Dwarf – Soft Cell (1981)
5. Head Over Heels – The Go-go’s (1984)
6. What I Like About You – The Romantics (1980)
7. Mickey – Toni Basil (1981)
8. Chain Gang – The Pretenders (1982)
9. Lovesong – The Cure (1989)
10. In Between Days – The Cure (1985)
12. Suedehead – Morrissey (1988)
13. Message In A Bottle – The Police (1979)
14. Valerie Loves Me – Material Issue (1991)

all comments and feedback are welcome, this is my first post. more to come.


Lync Server 2010 Pre-Install

Sometimes I am asked on what steps an IT admin should do or consider before throwing in the disc and attempting to install Lync Server 2010.  There are more than a few considerations that need to be addressed before the install occurs.  Here are a few that I have noted; and of course why not blog about it.

Taking notes

Taking notes like a boss

First, some questions should be asked and answered.  Based on the answers the next steps will reveal themselves.  Now, by any means, this is no different on how you should approach other Microsoft technology installations.  But it should not be taken lightly, and by this I mean you should not think you can just throw the disc in and install.  If you do, prepare for a onslaught of errors coming your way during the install and most certainly after.

nobody likes errors

Here are some questions that should be asked:

1.  How many users in the domain/forest I wish to install Lync into?  This answer is key to determining how to size your database, and how many server roles you should install, thus how many licenses you should purchase both server and client.

2.  Does the Domain have a SQL 2008 backend?  If yes, can I make Lync it’s own instance or will the DB admin be okay with Lync’s databases being installed into the default path?  The install will create 6 databases.  Again, your answer will determine if you need to buy more SQL licenses or not, and if you do not have SQL 2008 running, then a decision must be made to either purchase and install SQL 2008 or just run the local instance of SQL in Lync Standard edition.

3.  Do you wish to have external access to Lync or just internal?  Your answer here will factor in your design and if you should include an Lync Edge server.  If so then add this to your licensees because it will require one.

4.  What naming convention do you wish to use for all the host names for Lync?  By taking some time out to figure out your Lync server naming convention will come in handy during the install.  And I am not talking about the names of the server, but the names of the hosts for Lync.  You will have one for SIP, A/V service, Web Conferencing, Lync Pool, and Edge Pool as well.  These host names will require DNS entries for host files and service records.  More on this later.

5.  Do you have a certificate authoritative within your domain or do you need to purchase one from a public CA?  Your domain should have a certificate authoritative.  If it does then you can request a certificate from it once you reach this part of the install.  If you do not, you can always use a trusted public one.  Most places have a CA already either via public or internally.  Just use the sites standard CA and this will get you to complete this step successfully.

If you can answer these questions, then you are starting off on the right foot.  What comes next?  Well based on your answers there will be some very clear steps on what to do next.  I will cover those in my next post.  Keep in mind, these next few posts are only written to point out some key findings before you actually click the install button for Lync Server 2010.  You can most certainly will “kick” those errors before creating them.


Lakers season over, my review

now that the Lakers season is over, as a loyal fan I can only write a few thoughts on our starting 5.

the dude from spain

the dude from spain

Pau Gasol – Gotta love the guy, we were so desperate to bring someone in to help Kobe and as soon as he arrived he hit the ground running. Working with a great coaching staff, Pau helped us get to the finals 3 times in his first 3 years, and we won twice with him. But now it is different. He may have peaked yes, but it seems playing alongside Andrew, Pau can not shine no more, and Andrew is by far our main big guy. So as life in the NBA goes, I think we have seen Pau’s last game in a Laker uniform. But what could we get for him? Who knows, and for all I know, he might be right back with us next season, but hopefully he takes what happened this year to improve his skills instead of passing up wide open jumpers with the seconds ticking away with the game on the line.

the dude who use to be Ron Artest

the dude who use to be Ron Artest

Metta World Peace – Defensive juggernaut, but only if he gets the help. Those high pick and roll screens KILLED US. But at times, MWP displayed some Dennis Rodman like defensive skills on our opposing teams main offensive threats. He was asked a huge job, to lock down such star players as Durant, Duncan, Griffin, etc.. and he did so effectively and most of the time flawlessly. Then he elbows a dude in the head and as much as I believe that Harden purposely put himself right in MWP’s path during his celebration, I still feel MWP could have calmed down and just ran back down court. But, in the end, MWP defense can be mirrored by anyone else in the league. Do we keep him? Yes, but only cause with no salary cap space, we have no choice unless he gets packaged up in a deal with Gasol to go some place else.

the dude that replaced our legendary Derrick Fisher aka Fishy

the dude that replaced our legendary Derrick Fisher aka Fishy

Ramon Sessions – Since we grabbed Ramon during midseason the question has been if he was worth the trade for Fisher. The answer is YES. Sessions was more than 80% effective on guarding the fast speedy guards that would always destroy us.  Fisher couldn’t keep up with the much quicker pick and roll speeds. Now of course Ramon has a lot of work to do this offseason to learn more about coaches offense and defensive sets and I feel he will show his true value next season. We got something good with him, I am very happy about him as our PG.

the dude who finally didn't hurt his knee this year

the dude who finally didn’t hurt his knee this year

Andrew Bynum – Talk about bi-polar. If Andrew would have gave us the all-star effort he had given during the season, I really think we would have exposed the Thunder to their true weakness and probably been a 4 games to 1 series in favor of the Lakers. Andrew’s size and strength was unmatched by OKC. But did we use or more or less did HE USE it? NO. He passed the ball or got down on himself when double teamed or when he missed open shots. He did not apply himself enough to give more of an effort. Maybe he is stubborn? Maybe he is just not mature enough for the spotlight? Hard to say. All I know is that we CAN NOT LOOSE HIM. There is an epidemic of shortage of big men in the league, and Andrew needs to stay. I think it is more the coaches fault than his. Lets just hope next season he goes strong and the coaches have better sets for him especially against superior teams and close games.

the dude we call "the black mamba"

the dude we call “the black mamba”

Kobe Bryant – Few things come to mind about Kobe. First off is the knee surgery he had during the off-season. I think that procedure has added like 3 to 4 more years to Kobe’s career in LA. He is much quicker and much stronger than he has been. This is important to Lakers front office as they are going to have to decide to either look to the future without Kobe now or later and make another run at the title while we still got a healthy Kobe. Secondly, Kobe’s leadership. It has vastly improved. I feel that Kobe has embraced that he needs his team to follow him collectively or else they will never get to the finals again. But at the same time, when Kobe goes into the mode where he shoots the ball 40 times, well that’s when I feel the blame is not all on him but on his team mates an coaches. They need to see that is sending a message to them to “step it up” and work harder. Most the time the team does not follow, they just stand still and watch. And of course we lose. Kobe is arguably one of the best players we have in the league. He is not going anywhere and as much as he misses Phil, Kobe must embrace that in order to get that impossible 6th championship he must find a more unique way to win, other than what he knows now how to do. Whats the answer? I don’t know, I just know that he needs great players around him at all times. Surround him with lower than average talent and he will not be very effective come game time against the better teams.

the dude who use to coach Lebron James

the dude who use to coach Lebron James

Coach Brown – I am not sure how I really feel about coach this season. I feel that a lot of the late game collapses are solely on his shoulders for not adjusting the correct personal into the game or just failing to realize how to stop the collapse by altering his strategy. But at the same time I know coach was ill prepared for this season. No off-season, new offense, new roster of players, no experience with any of these players plus no practice to get your over all blueprint strategy perfected before starting the season so that he could adjust it as the season went on. Ya, because of the strike this was not his fault. He did the best he could with the compressed completely suicidal schedule, plus with the injuries and roster changes, I mean the deck was stacked against him. Other teams had the same rosters, same coaches, and had experience together more than us. Coach must come into this season that this last season was a trial run. We made it to the second round, yes success. We lost to the Thunder which was clearly the more focused and hungrier team but with an empty gas tank he gave it the best effort.  Coach knew that this season will be viewed as a rough draft for next season. He comes back next season, corrects his mistakes, motivates his players better, establishes better leadership and strategy in late game situations and hopefully we will be in the finals next year.

In conclusion, we are clearly one of the top 5 teams in the league this year. Overall, I say we are one of the top 3. We just need to correct a few personal issues, our attitudes, and our ability to play together and I think we are back in this thing deep next year. I just hope the coaching staff and the Lakers front office personal do enough this offseason to correct our mistakes. I am not proposing nothing drastic, just enough to smooth out the rough edges. If we can then we might just see this happen again.

kobe and his impossible 6th championship trophy


Benefits of using Lync 2010

Being in the position I am in at my current job, I have had the time and most certainly the motivation along with management approval to deploy Lync 2010 for presence and conferencing. But before I received the approval, I was asked by management and a few select others the same question “Andy, what is Lync?” It is a valid question, and after trying to explain some of the obvious points that Lync can give you, I compiled a document that gives some of the benefits of Lync from a client perspective, and a server perspective. So why not make for a good post, right?


What is Lync?

Microsoft Lync is a single, unified communications platform that integrates seamlessly with Microsoft Office® and other existing tools and systems, and can enhance or replace your existing IP PBX system. This can lead to improved productivity, increased mobility, and faster responses for customers, partners, and employees. Other benefits may include smoother deployment, easier management, and lower cost of ownership.

Lync Info

Does the Lync client work with Office 2010?

Lync client has a 32bit and a 64bit version for Mac and Windows. Lync for windows comes with a few more benefits than the version for Mac but thus does not make it superior by any means. Both versions have the ability to use all the features and benefits that Lync has to offer to your organization.

Can we use Lync to instant message to my other non work related contacts?

Since Lync works over the internet, Lync has the ability to federate with public servers to enable Public IM Connectivity. Public IM Connectivity allows Lync to connect with public IM service providers such as Microsoft Windows Live, AOL, and Yahoo messenger. Lync users from one organization can add users at another to contact lists, send them instant messages, and see their presence information.

Can we use Lync with our mobile devices?

Yes, Lync makes communicating easier and more engaging by delivering a consistent experience across computers, browsers, telephones and mobile phones. Windows Phone, Apple iPad and iPhone, Google Android phones and other such devices such as Nokia and BlackBerry all have the Lync 2010 client mobility client that gives the user full ability to do all they can do from their desktop Lync client.

This posting does not show all the benefits that Lync can do, but just some of the ones i get asked about usually. I just wanted to post to share with my small but yet vocal followers.

on a side note, good luck to the Thunder and Spurs in the west finals.  lets just hope someone high fives this dude when he shoots his free throws.


Avengers FaceBook Timeline

I have been posting lots of Lync 2010 stuff, so I thought some laughter is good for a change of pace.