User Guide Supplement S/MIME Support Package for BlackBerry Smartphones BlackBerry 8800 Series BlackBerry Curve 8300 Series
SWD-327206-0324105005-001
Contents Certificates..............................................................................................................................................................................................................................................3 Certificate basics.........................................................................................................................................................................................................................................
2
Certificates Certificate basics Download a certificate from an LDAP certificate server 1. In the device options, click Security Options. 2. 3. 4. 5. 6. 7. 8. 9. Click Certificates. Press the Menu key. Click Fetch Certificates. Specify the search criteria. Press the Menu key. Click Search. Click a certificate. Click Add Certificate to Key Store. View properties for a certificate 1. In the device options, click Security Options. 2. Click Certificates. 3. Click a certificate.
This field displays the standard to which the public key complies. Your device supports RSA®, DSA, Diffie-Hellman, and ECC keys. Subject: This field displays information about the certificate subject. Issuer: This field displays information about the certificate issuer. Serial Number: This field displays the certificate serial number in hexadecimal format. Key Usage: This field displays approved uses of the public key.
Delete a certificate 1. 2. 3. 4. 5. In the device options, click Security Options. Click Certificates. Highlight a certificate. Press the Menu key. Click Delete. View the certificate chain for a certificate 1. 2. 3. 4. 5. In the device options, click Security Options. Click Certificates. Highlight a certificate. Press the Menu key. Click Show Chain.
5. Click Fetch Status or Fetch Chain Status. Change the trust status of a certificate 1. 2. 3. 4. 5. 6. In the device options, click Security Options. Click Certificates. Highlight a certificate. Press the Menu key. Click Trust or Distrust. If necessary, perform one of the following actions: • To trust the highlighted certificate, click Selected Certificate. • To trust the highlighted certificate and all the other certificates in the chain, click Entire Chain.
Superseded: A new certificate is replacing an existing certificate. Cessation of Operation: The certificate subject no longer requires the certificate. Certificate Hold: You want to revoke the certificate temporarily. Certificate options Change the display name for a certificate 1. In the device options, click Security Options. 2. 3. 4. 5. 6. 7. Click Certificates. Highlight a certificate. Press the Menu key. Click Change Label. Type a display name for the certificate. Click OK.
3. 4. 5. 6. 7. 8. 9. Press the Menu key. Click Fetch Certificates. Press the Menu key. Click Options. Change the Prompt for Label field to No. Press the Menu key. Click Save. When you add a certificate, your BlackBerry® device uses the certificate subject as the name for the certificate. Turn off the fetch status prompt that appears when you add a certificate to the key store 1. 2. 3. 4. 5. 6. 7. In the device options, click Security Options. Click Certificates. Press the Menu key.
Certificate troubleshooting I cannot download a certificate If you changed the connection type that your BlackBerry® device uses to connect to the LDAP certificate server, try switching to the default connection type.
10
Certificate servers Add a certificate server 1. In the device options, click Security Options. 2. 3. 4. 5. 6. 7. Click Certificate Servers. Press the Menu key. Click New Server. Specify information for the certificate server. Press the Menu key. Click Save. Change connection information for a certificate server 1. 2. 3. 4. 5. 6. 7. 8. In the device options, click Security Options. Click Certificate Servers. Highlight a certificate server. Press the Menu key. Click Edit.
Connection Type: Specify whether your BlackBerry® device uses an SSL connection or a TLS connection to connect to the certificate server. Connection options for OCSP and CRL servers Friendly Name: Type a display name for the certificate server. Server URL: Type the web address of the certificate server. Send connection information for a certificate server 1. 2. 3. 4. 5. In the device options, click Security Options. Click Certificate Servers. Highlight a certificate server. Press the Menu key.
Key stores About the key store The key store on your BlackBerry® device might store the following items. To access these items in the key store, you must type a key store password.
3. Change the Key Store Address Injector field to Enabled. 4. Press the Menu key. 5. Click Save. Change the service that your device uses to download certificates Depending on your organization, you might not be able to change the service that you use to download certificates. For more information, contact your administrator. 1. 2. 3. 4. 5. In the device options, click Security Options. Click Key Stores. Change the Certificate Service field. Press the Menu key. Click Save.
2. 3. 4. 5. Click Key Stores. Change the Accept Unverified CRLs field to No. Press the Menu key. Click Save. Your BlackBerry® device rejects certificate revocation lists from CRL servers that the BlackBerry® MDS Connection Service cannot verify.
16
S/MIME-protected messages S/MIME-protected message basics About signing and encrypting messages You can digitally sign or encrypt messages to add another level of security to email messages and PIN messages that you send from your BlackBerry® device. Digital signatures are designed to help recipients verify the authenticity and integrity of messages that you send.
Add a certificate from a message 1. In a message, highlight a digital signature indicator. 2. Press the Menu key. 3. Click Import Sender’s certificate. Add a certificate from an attachment 1. 2. 3. 4. In a message, click the certificate attachment. Click Retrieve Certificate Attachment. Click the certificate. Click Import Certificate. Add connection information for a certificate server from a message 1. In a message, highlight the certificate server indicator. 2. Click the trackball. 3.
Your device cannot verify the digital signature. : Your device requires more data to verify the digital signature. : Your device trusts the certificate chain. : The sender’s email address does not match the email address of the certificate subject, or the sender’s certificate is revoked, is not trusted, cannot be verified , or is not on your device. : The certificate is weak, the certificate status is not current, or your device requires more data to verify the trust status of the certificate.
1. 2. 3. 4. 5. In the device options, click Security Options. Click S/MIME. In the Signing Options section or the Encryption Options section, change the Certificate field. Press the Menu key. Click Save. Change the default signing and encryption option Your BlackBerry® device is designed to use the default signing and encryption option when you send a message to a contact that you have not sent a message to or received a message from previously.
Change the size of S/MIME indicators in messages 1. 2. 3. 4. 5. In the device options, click Security Options. Click S/MIME. Change the Message Viewer Icons field. Press the Menu key. Click Save. Change the encryption algorithms for S/MIME-protected messages If a message has multiple recipients, your BlackBerry® device uses the first selected encryption algorithm in the list that all recipients are known to support. 1. 2. 3. 4. 5. In the device options, click Security Options. Click S/MIME.
3. Change the Warn about problems with my certificates field to No. 4. Press the Menu key. 5. Click Save. To turn on the prompt again, change the Warn about problems with my certificates field to Yes. S/MIME-protected message troubleshooting Some signing and encryption options are not available on my device Try performing the following actions: • Verify that the email account that you are using supports all signing and encryption options.
Smart cards About using a smart card with your device Smart cards store certificates and private keys. You can use a smart card reader to import certificates from a smart card to the key store on your BlackBerry® device, but you cannot import private keys. As a result, private key operations such as signing and decryption use the smart card, and public key operations such as verification and encryption use the public certificates on your device.