Category Archives: Uncategorized

How to change the SSL certificate for BlackBerry Enterprise Express Server

Recently I found myself once again face to face with my oldest arch rival….BlackBerry.  Yes, this foe and I have been in disagreement for years now.  Dealing with her secret menu’s, unheard of limitations, lack of technological advancement, and of course, the disregard of dismissing what IT admins need out of this software in order to be succesful.  I have claimed victory and defeat when it comes to BES, but this time I was faced with something new, something different.  Here is some background.

When installing the BES Express software, there are two administration web sites that are created along with the adminstrators web page.  These web sites are created during the install and a self assigned certificate is installed as well in order for the SSL to work.  During the installation, there is a NO information telling you this, nor does it allow you to install your own SSL certificate.  All it gives you is the chance to create a password for your SSL certificate, but it says nothing about that this is the password you are going to use for the KEYSTORE.  Yes, this is not IIS or Java stuff, but this is kind of like TomCat, some Unix type stuff.  It is important that you know this password in order to change the SSL certificate later as I will explain in the step by steps.

 Step 17 installation

So what I have done is created a step by step process on how to remove the self assigned certificate that is installed during the installation.  Changing the SSL certificate is no easy task and I am sure it will be different for everyone, but this is a good start, plus I didn’t find anything on the web explaining how to do this.  I had to figure it out on my own.  Ready?  Here we go.

Backup the Keystore first:

1.  browse to “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore”

2.  copy the file web.keystore

3.  paste it and rename it to web.keystore.OLD

Delete the SSL certificate that was installed with BES Express

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -delete -alias httpssl -keystore “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore”

4.  Enter password for Keystore.

Generate the BlackBerry Admin Service certificate key pair

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -genkey -alias httpssl -keystore “C:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore” -storepass “password” -keyalg RSA -keysize 2048 -dname “cn=FQDN OF SERVER,ou=BES,o=RIM,c=CA”

4.  Enter password for keystore. *Verify that there is no spaces in the -dname switch inside the quotes

Generate a certificate request to the certification authority

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command keytool -certreq -alias httpssl -keystore “c:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\bas\bin\web.keystore” -file cert.req -keyalg RSA -keysize 2048

Request the certificate for your (CA) certificate authority or 3rd party certificate authority

1.  Request the certificate, make sure to save your certificate as CERTIFICATE.CER

2.  Find where the the certificate is located, then double click on the certificate.

3.  Click the tab “DETAILS” then click “COPY TO FILE..” located at the bottom of the window.

Push the Copy to File button

4.  Click NEXT

5.  For the Export file format select:  Crytographic Message Syntax Standard – PKCS #7 Certificates (.P7B) and make sure the check box is checked “Include all certificates in the certification path if possible”.

6.  Choose a file path, make sure to place the file in “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

7.  Click Finish

Import the CA certificate into the BlackBerry Administration Service key store

1.  Open CMD.exe

2.  Change directory to “C:\Program Files (x86)\Java\jre1.6.0_18\bin”

3.  Run this command  keytool -import -alias httpssl -keystore “c:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore” -file filename.p7b

4.  Type YES to accept your certifcate.

Restart the BlackBerry Administration Service

1.  You can either just restart your BES server or just stop the administration service.

That should do it.  If you did all this correctly, then when you browse to the BES websites, the SSL certificate in the browser should show the one you installed instead of the one that reads as an error on all browsers.  you know the kind, the one that says the site is dangrous an tries to scare people away.  I never agreed to that.  BlackBerry’s software is a lot like this kid running down these stairs, just one big FAIL.  Comment if you want, if you dont its okay, its only BES.


MS-TecEd 2011 the aftermath

so i have had a few days to think back and really soak in all that i learned and saw at Tech-Ed.  i know i hae been blogging about Tec-Ed lately but i promise this is the last post directly blogging about MS-TechEd 2011.  So, rather than type away about all the  good and bad things, i have decided to narrow it down to the top 10 things about the conference.  and here we go!

10.  with the attendance up near 10k, it was nice to see our industry thriving again and proving to be very strong on all fronts (system administration and programing)

9.  the availability of the MVP’s and Microsoft engineers at The Learning Center this year.  Last year it was not difficult but some of the better engineers were not around much but this year there were plenty to go around.  validating my MS Lync 2010 design and talking shop about Exchange 2010 was a hue bonus for me at the event.

8.  the vendor floor was strong but it was nice to see that more serious vendors at the conference this year, and they showed their dedication and allegiance to Microsoft products.

7.  great foods.  even thou this topic deserves some attention, i wont boast about the food to much because i am not a food expert like my friends are.  she always trips me out about things she tastes and sees in foods that i dont.  i am sure at this event, the food was a decent 5 outta 10 stars, but the vendor party had GREAT food, i don’t know what happened for the rest of the week.  me and “harlems finest” had to foot patrol it out of the event on the last day to get some southern cooking food. it was totally worth it.

6.  reuniting with the UMD OIT crew.  it was awesome to see these fella’s again.  we got to talk shop, validate rumors and i had to confirm that i am not coming back to UMD.  but other than that it was great catching up with the following: Rob “big sexy” Williams; Patrick “im always looking for a job even thou i wont leave umd” Nemil; Steve “one time almost former employee of wintel” Tender; Steve “machine gunz” Gunzburg;  Gus “harlems finest” Sam

5.  the after party events.  wow, they are difficult to get invited to but if you get in, the foods and open bars are off the hook!  much love to the Unified Communication Round Table i attended on Wednesday.  The 3 mac and cheese and open bar was awesome

4.  Marriott Marquis in downtown Atlanta.  one word, NICE.  i enjoyed my stay, and the building was by far really impressive.  i had a blast at the restaurants and bars in there and the staff there was great.

3.  powershell.  powershell. powershell.  get it?  the future of the industry and my career is really clear now.  i really need to get better at doing some fancy powershell stuff.  i give it about another few years but it will soon be a requirement for my job to have high level powershell skills.  i need to keep reading, practicing and using powershell on a daily basis.  if i really try and make an effort for 4 weeks to use powershell a lot i think it will set th path for my success.

2.  the merge of lync, sharepoint, and exchange.   i see it coming and it wont be far ahead when microsoft merges these 3 technologies together.  as an exchange admin i know and see exchange is a dying horse.  i need to adapt to sharepoint and lync so that i can secure my place in the upcoming unified communication foundation.

1.  the after party!  i mean come on!  does Microsoft know how to party or what?  the entire Georgia aquarium, the coca cola museum and plus open bars and great food everywhere, they really take care of us.  there was not one disappointed member of the Microsoft army that night cause the band that performed was awesome as well.  i had a great time and it was by far one of the best tech-eds ever.


so i have been at Microsoft’s tech-ed conference for the last 4 days.  on this last day of tech-ed, i have tried to begin to sum up my experiences that i have learned and witnessed here.  so here are some personal highlights.

  • powershell is not a front-runner as it should be but most speakers are pushing it very much to the front, another year or two, powershell will dominate the side of Microsoft engineering that i am involved in.
  • lync 2010 server is really becoming the new “exchange” for Microsoft
  • soon i believe that Microsoft will have to merge exchange, lync, and sharepoint all into one product for unified communications software
  • windows phone new update that is going to be released this fall is gonna make a huge impact on the enterprise.  they might even surpass blackberry hold on the market.
  • explaining the “private” and “public” cloud using Microsoft products is exciting but also a glimpse of what is in store for us veteran engineers future if we stick with a heavy investment in all these Microsoft products.

so among all the hoop-la and all the give-aways, free stuff, and other various prize things, i am thinking that this year tech-ed has been not only more fun than last year but it has been a huge learning step for me to get me motivated and excited to use this stuff back in the work place.  last year i was taking a lot of tests trying to get certified and everything (which i did) and not having to do that this year has left me to enjoy all that tech-ed has to offer.

i hope i get to come back next year in Orlando, should be a good one.

PowerShelling for kids

So I have been doing some  powershelling lately, found this one line that is helping me out.  It is from Eric Woodford and the focus of the line is to gather the mounted disks for a windows server.  Basically it is like this, I have an Exchange 2007 server using a CCR cluster and the server uses DAS so the LUNS carved out for this are 15 disks for logs and 15 disks for databases.  Now the disks are volume mounted disks so they don’t show up as E drives or D drives.  But they do show up in the disk manager on the server.  So in order to monitor space on all 30 mounted volumes I could either use the disk manager or find a way to get all the disk information and export it out to view and analyze in excel.  This script is perfect.  It gathers all mounted volumes and then reports them onto a html file which I open in excel.  Now the powershell that gathers this info is called GetMountPointInfo.  It returns a lot of great info like freespace and Percentage Free, but the freespace data numbers it gives is in BYTES and not KB or GB.  So since my boss needs to know how many GB we use and are available then I had to do some excel formula’s to convert the BYTES into GB’s.  Not a biggie but it works.  Thanks to Eric for posting this like 3 years ago.

#Get-MountPointInfo.PS1 Script
#Eric Woodford
#Nov 11, 2008
#Discover and detail volume mount points on a specified Windows server.

function Get-MountPointInfo($ServerName) {
        $Summary = @()
        $objFSO = New-Object -com Scripting.FileSystemObject
        $MountPoints = gwmi -class “win32_mountpoint” -namespace “root\cimv2” -computername $ServerName
        $Volumes = gwmi -class “win32_volume” -namespace “root/cimv2” -ComputerName $ServerName| select name, freespace
        foreach ($MP in $Mountpoints) {
                $ = $“\\”,”\“)       
                foreach ($v in $Volumes) {
                        $vshort = $,$ )
                        $vshort = “””$vshort””” #Make it look like format in $MP (line 11).
                        if ($$vshort)) { #only queries mountpoints that exist as drive volumes no system
                                $Record = new-Object -typename System.Object
                                $DestFolder = “\\”+$ServerName + “\”+ $,$ ).Replace(“:”,”$”)
                                #$destFolder #troubleshooting string to verify building dest folder correctly.
                                $colItems = (Get-ChildItem $destfolder |  where{$_.length -ne $null} |Measure-Object -property length -sum)
                                #to clean up errors when folder contains no files.
                                #does not take into account subfolders.
                                if($colItems.sum -eq $null) {
                                        $fsize = 0
                                } else {
                                        $fsize = $colItems.sum
                                $TotFolderSize = $fsize + $v.freespace
                                $percFree = “{0:P0}” -f ( $v.freespace/$TotFolderSize)
                                $Record | add-Member -memberType noteProperty -name Name -Value $
                                $Record | add-Member -memberType noteProperty -name FileSize -Value $fsize
                                $Record | add-Member -memberType noteProperty -name FreeSpace -Value $v.freespace
                                $Record | add-Member -memberType noteProperty -name PercFree -Value $percFree
                                $Summary += $Record
        return $Summary

$ServerName = “YourServerNameHere”
Get-MountPointInfo($ServerName) | convertto-html -title $ServerName > c:\Report-DriveSpace_for_$ServerName.html

andys Blog

So I started to write a blog on my MSN spaces site and there was a link saying that my Spaces blog stuff is being migrated to this site.  It is all integrated but I am not sure just how much traffic or public my blog may get.  But I will try anyways.  First I am going to post powershell lines that I use for Exchange 2007 and I am not going to try to educate the general population, I just want to put them out there and share them because that is pretty much how I obtained them.  I grabbed them from other admin blogs and mutated them to fit my needs.  I will give credit to the authors as I can remember them and that is it.  I will also blog about music, sports and other random IT stuff because I am a IT guy.  Okay, that is it for now.  Tomorrow I will post some new stuff.

Oh yea, I am gonna blog bout relationships and comic book hero’s .  Standard geek stuff.