Configuring certificate server information for the BlackBerry MDS Connection Service

The certificate for the BlackBerry MDS Connection Service permits push applications to make HTTPS connection to the BlackBerry MDS Connection Service. You can configure the BlackBerry MDS Connection Service to search for and retrieve certificates and the status of the certificates that external web servers use to make HTTPS connections.

To search for and retrieve certificates from an LDAP server, you can configure the BlackBerry MDS Connection Service to use LDAP or DSML. The BlackBerry MDS Connection Service searches each LDAP server using LDAP or DSML in the order that you specify. If you configure the BlackBerry MDS Connection Service to use both LDAP and DSML to search and retrieve certificates, the BlackBerry MDS Connection Service searches the servers using LDAP and then searches the servers using DSML. After the BlackBerry MDS Connection Service retrieves the certificate, the BlackBerry Enterprise Server sends the certificate to the BlackBerry device, and the BlackBerry device displays the certificate so that the user can accept it. The BlackBerry MDS Connection Service supports DSML version 2.

To search for and retrieve the status of the certificates, you can configure the BlackBerry MDS Connection Service to search the OCSP servers or CRL servers. If you search for the status of the certificates using an OCSP server or a CRL server, which server you choose to search for the status of the certificates first does not matter because each server creates a prioritized list automatically.

For more information about certificates, see the BlackBerry Enterprise Solution Security Technical Overview.