Blackberry Pearl 8100 Series User Manual

Loading...
Blackberry Pearl 8100 Series User Manual

User Guide Supplement

S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

SWD-292878-0324093908-001

Contents

 

Certificates..............................................................................................................................................................................................................................................

3

Certificate basics...............................................................................................................................................................................................................................................

3

Certificate status...............................................................................................................................................................................................................................................

5

Certificate options.............................................................................................................................................................................................................................................

7

Certificate shortcuts.........................................................................................................................................................................................................................................

8

Certificate troubleshooting.............................................................................................................................................................................................................................

9

Certificate servers.................................................................................................................................................................................................................................

11

Add a certificate server....................................................................................................................................................................................................................................

11

Change connection information for a certificate server............................................................................................................................................................................

11

Connection options for LDAP certificate servers.........................................................................................................................................................................................

11

Connection options for OCSP and CRL servers..........................................................................................................................................................................................

12

Send connection information for a certificate server ...............................................................................................................................................................................

12

Delete a certificate server..............................................................................................................................................................................................................................

12

Key stores...............................................................................................................................................................................................................................................

13

About the key store.........................................................................................................................................................................................................................................

13

Change the key store password....................................................................................................................................................................................................................

13

Change when your device deletes the key store password......................................................................................................................................................................

13

Add contacts to your address book automatically when you add items to the key store....................................................................................................................

13

Change the service that your device uses to download certificates.......................................................................................................................................................

14

Turn off automatic backup of key store data..............................................................................................................................................................................................

14

Change the refresh rate for certificate revocation lists............................................................................................................................................................................

14

Reject certificate revocation lists from unverified CRL servers................................................................................................................................................................

14

S/MIME-protected messages.............................................................................................................................................................................................................

17

S/MIME-protected message basics..............................................................................................................................................................................................................

17

S/MIME-protected message status..............................................................................................................................................................................................................

19

S/MIME-protected message options...........................................................................................................................................................................................................

20

S/MIME-protected message troubleshooting............................................................................................................................................................................................

22

Smart cards...........................................................................................................................................................................................................................................

23

About using a smart card with your device.................................................................................................................................................................................................

23

Import a certificate from a smart card ........................................................................................................................................................................................................

23

2

Certificates

Certificate basics

Download a certificate from an LDAP certificate server

1.In the device options, click Security Options.

2.Click Certificates.

3.Press the Menu key.

4.Click Fetch Certificates.

5.Specify the search criteria.

6.Press the Menu key.

7.Click Search.

8.Click a certificate.

9.Click Add Certificate to Key Store.

View properties for a certificate

1.In the device options, click Security Options.

2.Click Certificates.

3.Click a certificate.

Certificate properties

Revocation Status:

This field displays the revocation status of the certificate at a specified date and time.

Trust Status:

This field displays the trust status of the certificate chain. A certificate can be explicitly trusted (the certificate itself is trusted), implicitly trusted (the root certificate in the certificate chain is trusted on your BlackBerry® device), or not trusted (the certificate is not explicitly trusted and the root certificate in the certificate chain is not trusted or does not exist on your device).

Expiration Date:

This field displays the date that the certificate issuer specified as the expiration date of the certificate.

Certificate Type:

This field displays the certificate format. Your device supports X.509 and WTLS certificate formats.

Public Key Type:

3

This field displays the standard to which the public key complies. Your device supports RSA®, DSA, Diffie-Hellman, and ECC keys.

Subject:

This field displays information about the certificate subject.

Issuer:

This field displays information about the certificate issuer.

Serial Number:

This field displays the certificate serial number in hexadecimal format.

Key Usage:

This field displays approved uses of the public key.

Subject Alt Name:

This field displays an alternate email address for the certificate subject, if an alternate email address is available.

SHA1 Thumbprint:

This field displays the SHA-1 digital thumbprint of the certificate.

MD5 Thumbprint:

This field displays the MD5 digital thumbprint of the certificate.

View one type of certificate in the certificate list

1.In the device options, click Security Options.

2.Click Certificates.

3.Press the Menu key.

4.Click one of the following menu items:

Show My Certs

Show Others Certs

Show CA Certs

Show Root Certs

To view all the certificates on your BlackBerry® device, press the Menu key. Click Show All Certs.

Send a certificate

When you send a certificate, your BlackBerry® device sends the public key, but does not send the corresponding private key.

1.In the device options, click Security Options.

2.Click Certificates.

3.Highlight a certificate.

4.Press the Menu key.

5.Click Send via Email or Send via PIN.

4

Delete a certificate

1.In the device options, click Security Options.

2.Click Certificates.

3.Highlight a certificate.

4.Press the Menu key.

5.Click Delete.

View the certificate chain for a certificate

1.In the device options, click Security Options.

2.Click Certificates.

3.Highlight a certificate.

4.Press the Menu key.

5.Click Show Chain.

Certificate status

Certificate status indicators

:

The certificate has a corresponding private key that is stored on your BlackBerry® device or a smart card.

:

The certificate chain is trusted and valid, and the revocation status of the certificate chain is good.

:

The revocation status of the certificate chain is unknown, or a public key for a certificate in the certificate chain is weak.

:

The certificate is untrusted or revoked, or a certificate in the certificate chain is untrusted, revoked, expired, not valid, or cannot be verified.

Check the revocation status of a certificate or certificate chain

1.In the device options, click Security Options.

2.Click Certificates.

3.Highlight a certificate.

4.Press the Menu key.

5

5. Click Fetch Status or Fetch Chain Status.

Change the trust status of a certificate

1.In the device options, click Security Options.

2.Click Certificates.

3.Highlight a certificate.

4.Press the Menu key.

5.Click Trust or Distrust.

6.If necessary, perform one of the following actions:

To trust the highlighted certificate, click Selected Certificate.

To trust the highlighted certificate and all the other certificates in the chain, click Entire Chain.

Revoke a certificate

If you revoke a certificate, the certificate is revoked only in the key store on your BlackBerry® device. Your device does not update the revocation status on the certificate authority or CRL servers.

1.In the device options, click Security Options.

2.Click Certificates.

3.Highlight a certificate.

4.Press the Menu key.

5.Click Revoke.

6.Click Yes.

7.Change the Reason field.

8.Click OK.

To cancel a certificate hold, highlight the certificate. Press the Menu key. Click Cancel Hold.

Certificate revocation reasons

Unknown:

The revocation reason does not match any of the predefined reasons.

Key Compromise:

A person who is not the key subject might have discovered the private key value.

CA Compromise:

Someone might have revealed the private key of the certificate issuer.

Change in Affiliation:

The certificate subject no longer works for the organization.

6

+ 17 hidden pages