BES10 logo
BlackBerry Enterprise Service 10 version 10.2
 

Retrieve public keys over the wireless network from LDAP-enabled servers

For devices running BlackBerry 10 OS version 10.2.1 or later, you can use the BlackBerry Device Service to configure LDAP-enabled server settings and send them to devices so that devices can search for and retrieve S/MIME certificates from LDAP-enabled servers.

Before you begin: If you use a secure connection, you must add the certificates to the Enterprise trusted certificate store folder on the shared drive.
  1. In the BlackBerry Administration Service, on the Devices menu, expand Device settings.
  2. Click Certificate retrieval settings.
  3. Click Edit settings.
  4. On the LDAP tab, type a name and description for the LDAP certificate retrieval setting.
  5. In the Service URL field, type the web address for the server using the following format LDAP://<FQDN>:<port> (for example, LDAP://server01.blackberry.com:123).
  6. In the Default server base query field, type the query that you would like to use for the LDAP-enabled server.
  7. Optionally, in the User search scope drop-down list, perform one of the following actions:
    • To search the base object, click Base. This is the default setting.
    • To search the base object and one level below it, click One level.
    • To search the base object and all levels below it, click Subtree.
    • To search for a particular object, click Children.
  8. In the Secure connection turned on drop-down list, perform one of the following actions:
    • Click Yes if you want to use a secure connection.
    • Click No if you do not want to use a secure connection.
  9. Perform one of the following actions:
    Option Step

    Use no authentication when connecting to the LDAP-enabled server.

    In the Authentication type drop-down list, click None.

    Use simple authentication when connecting to the LDAP-enabled server.
    1. In the Authentication type drop-down list, click Simple.
    2. In the LDAP user ID field, type the username for authentication
    3. In the LDAP password and Confirm LDAP password fields, type the password for authentication.

    Use Kerberos authentication when connecting to the LDAP-enabled server.

    In the Authentication type drop-down list, click Kerberos.
  10. In the Connection timeout field, type the time in seconds that the device waits for the LDAP-enabled server response.
  11. Click Save all.
After you finish:
For devices running a version of BlackBerry 10 OS that is later than 10.2.1, do one of the following to verify the status of S/MIME certificates:
  • Configure the OCSP server settings and send them to BlackBerry devices.
  • Configure the Enterprise Management Web Service to search for the status of S/MIME certificates using HTTP, HTTPS, or LDAP.
Last updated: 2015-02-23
©2015 BlackBerry. All Rights Reserved. | Glossary