Category Archives: Exchange 2010

How to change the SSL certificate for BlackBerry Enterprise Express Server

Recently I found myself once again face to face with my oldest arch rival….BlackBerry.  Yes, this foe and I have been in disagreement for years now.  Dealing with her secret menu’s, unheard of limitations, lack of technological advancement, and of course, the disregard of dismissing what IT admins need out of this software in order to be succesful.  I have claimed victory and defeat when it comes to BES, but this time I was faced with something new, something different.  Here is some background.

When installing the BES Express software, there are two administration web sites that are created along with the adminstrators web page.  These web sites are created during the install and a self assigned certificate is installed as well in order for the SSL to work.  During the installation, there is a NO information telling you this, nor does it allow you to install your own SSL certificate.  All it gives you is the chance to create a password for your SSL certificate, but it says nothing about that this is the password you are going to use for the KEYSTORE.  Yes, this is not IIS or Java stuff, but this is kind of like TomCat, some Unix type stuff.  It is important that you know this password in order to change the SSL certificate later as I will explain in the step by steps.

 Step 17 installation

So what I have done is created a step by step process on how to remove the self assigned certificate that is installed during the installation.  Changing the SSL certificate is no easy task and I am sure it will be different for everyone, but this is a good start, plus I didn’t find anything on the web explaining how to do this.  I had to figure it out on my own.  Ready?  Here we go.

Backup the Keystore first:

1.  browse to “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore”

2.  copy the file web.keystore

3.  paste it and rename it to web.keystore.OLD

Delete the SSL certificate that was installed with BES Express

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -delete -alias httpssl -keystore “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore”

4.  Enter password for Keystore.

Generate the BlackBerry Admin Service certificate key pair

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -genkey -alias httpssl -keystore “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore” -storepass “password” -keyalg RSA -keysize 2048 -dname “cn=FQDN OF SERVER,ou=BES,o=RIM,c=CA”

4.  Enter password for keystore. *Verify that there is no spaces in the -dname switch inside the quotes

Generate a certificate request to the certification authority

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -certreq -alias httpssl -keystore “c:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore” -file cert.req -keyalg RSA -keysize 2048

Request the certificate for your (CA) certificate authority or 3rd party certificate authority

1.  Request the certificate, make sure to save your certificate as CERTIFICATE.CER

2.  Find where the the certificate is located, then double click on the certificate.

3.  Click the tab “DETAILS” then click “COPY TO FILE..” located at the bottom of the window.

Push the Copy to File button

4.  Click NEXT

5.  For the Export file format select:  Crytographic Message Syntax Standard – PKCS #7 Certificates (.P7B) and make sure the check box is checked “Include all certificates in the certification path if possible”.

6.  Choose a file path, make sure to place the file in “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

7.  Click Finish

Import the CA certificate into the BlackBerry Administration Service key store

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command  keytool -import -alias httpssl -keystore “c:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore” -file filename.p7b

4.  Type YES to accept your certifcate.

Restart the BlackBerry Administration Service

1.  You can either just restart your BES server or just stop the administration service.

That should do it.  If you did all this correctly, then when you browse to the BES websites, the SSL certificate in the browser should show the one you installed instead of the one that reads as an error on all browsers.  you know the kind, the one that says the site is dangrous an tries to scare people away.  I never agreed to that.  BlackBerry’s software is a lot like this kid running down these stairs, just one big FAIL.  Comment if you want, if you dont its okay, its only BES.

Microsoft Surface vs Apple iPad

Microsoft drew the curtain up on their newest project called Surface, which is a tablet computer.  So naturally, a lot of people in the industry and consumers alike are trying to compare it to the iPad.  I wanted to take a few minutes to downplay this and try to explain a few facts on why I believe these two products are very different and can not be compared.

1.  Surface primary target is the corporate user.  Yes, the corporate user is now going to get a mobile device that will cater to their professional needs.  This is a very nobel approach Microsoft is taking because they finally listened to their customers when they stated these claims.  For the normal corporate user to a powerful executive, the only true way to be mobile and be connected is either from a mobile device such as a smartphone or from a laptop either big or small.  Nothing in the market is offered inbetween.  Andriod offers a tablet called Galaxy but it has no extensions reaching out to the Microsoft stack, and Apple has the iPad which also does not only do the Microsoft stack but it does little to no good connecting a normal or high end user back to their corporate world other than email or web browsing.  BlackBerry has a tablet as well as the Amazon Kindle, but they both favor their own software and product needs, thus not addressing the corporate user in any way or fashion.  But with Surface, this will be the first tablet engineered to target the corporate user.  Sure the normal consumer can use it an I am sure kids can as well,  but they are not the target. Who is?  If you have a Windows computer as your primary desktop/laptop an you carry around an iPad, then you are the target.

2.  Windows App store.  This is going to be the challenge for Microsoft.  How can they compare to Apple’s app store?  Honestly, it can’t.  Apple’s app store has millions and millions of apps for sale an download.  The Kindle has the Amazon app store as well as millions of ebooks.  Google has an app store for their tablet customers which is building very fast.  Microsoft has an app store that is so young and fresh that a lot of users may not even know it is there.  But Microsoft needs is to convince their 3rd party partners and developers to help build applications so the app store can be big enough to attract an keep customers attached to the Surface just as much as they would any other smart phone or mobile device.

3.  Generating more reasons to move to Windows 8.  Microsoft is rolling out Windows 8 later this year.  What better to attract users to the new operating system by giving them a new way to compute on a new device using Windows 8.  Users will be able to harness an experiance the benefits of Windows 8 on Surface probably before their own desktop gets upgraded.  But that is part of the focus here.  This method works.  Apple has been doing it for years with iOS.  I know iOS and OSX are not the same, but the push to keep users drawn to them comes when Apple makes major operating system releases.  And this method works well.  I am sure Microsoft is going to try it, or else we would of seen Surface pre-loaded with Win7 a year ago.

Keep in mind, Microsoft is tapping into the tablet market in a very creative way.  They are not going to go “heads up” against Apple and challenge the iPad, that would be suicide.  But what they are trying to do is help their already Windows users not only embrace Windows 8, but help them work more seamless using Windows 8 on their desktop and Surface tablet.  It is a huge gamble, Microsoft has already tried to jump into the MP3 player world with Zune, and we all know how that went.  But with this tablet, it is different, it is very ambitious, and in the end may proove to be very succesful.  So in conclusion, in no way do I see that these two products can be compared.  They both have areas where one does what the other one does not do and vice versa.  I would say, by the time the Surface is released, and Windows 8 is released, it will be very clear just how different the iPad and Surface are.

At least Roy and Moss like it 🙂

BlackBerry and the misery of a IT sys admin

Nothing against people who have chosen BlackBerry for their smartphone, what I have to say is against the peeps who make them…RIM software. Now these guys have made a fortune with their isolated phones and software but for the most part the way the iOS is designed is just so “overwhelming”.  Have you ever had a chance to dig into the menus?  It is just one big steamy pile of menu options and choices!  Nothing is simple nor obvious, and that is what the user needs, the owner needs simple choices, simple options, they don’t need to choose what type of security certificate they need when connecting to a wireless network.  Really RIM?  Why torture your users?  Just pointless.  But what is my favorite?  The BES software.  Worst thing ever.  Don’t get me wrong, when it works it works great.  But the phones do not always connect and when they don’t it aint very easy to fix them.  RIM says most the time to just wipe the phone to fix it.  Really RIM..really?  Wiping the phones is not the only option.

Sometimes RIM has secret options for you to do in the phones software.  Like this one.  When your calendar or contacts or emails are all duplicated, how to fix them?  Reset them.  But sadly there is no reset button to find.  RIM has put that in a secret option.  Very Area51’ish.  So what you do is go to your calendar, contacts, or inbox then open the menu and choose OPTIONS.  At the OPTIONS screen you type RSET  Thats it, those 4 letters does a reset but wipes what is there which is the service book.

Then it resyncs the book and boom, no more duplicates!  Now this takes like 15 or 20 minutes to finish but it still works.  Now why couldn’t RIM make that an choice on the screen, why some secret option?  To probably keep the users from reseting their folders right?  Well obviously they want to do that so why not give them the option?  Just silly if you ask me.  Anyways, there are way more things that get me going about BlackBerry devices, but I will save those for another post.

all BB should end up like this