Create a trusted connection between BEMS and Microsoft Exchange
Server
BEMS
and Microsoft Exchange
Server
By default, BEMS is only aware of public CA certificates. If you enable email notifications for
BlackBerry Work
and your organization’s Microsoft Exchange
Server
doesn’t use an SSL certificate issued by a trusted CA, the connection between your BEMS
instance and Microsoft Exchange
Server
isn’t trusted. To create a trusted connection to the Microsoft Exchange
Server
upload the server’s SSL certificates (or the root or intermediate certificate chain) to the BEMS
database. You can upload a base64-encoded or binary-encoded file that includes one or more SSL certificates. When you upload a single file that includes multiple SSL certificates, the certificates are displayed in the dashboard and can be deleted and replaced individually as required. BEMS
supports the following file extensions: .der, .cer, .pem, and .crt. For information about creating a .pem file that includes multiple certificates, visit http://support.blackberry.com/community to read article 57259.
- BEMS-Mailservice is installed and configured in your environment.
- Export the SSL certificate from theMicrosoft Exchange Serverin a base64-encoded or binary-encoded format and store it in a network location that you can access from the management console. For more information about digital certificates and encryption inMicrosoft Exchange Server, visit https://docs.microsoft.com/en-us/exchange/architecture/client-access/certificates?view=exchserver-2016
- In theBlackBerry Enterprise Mobility Server Dashboard, underBEMS System Settings, clickBEMS Configuration.
- ClickUpload Trust Certificate.
- ClickChoose Fileand navigate to the location of the certificate file that you want to upload.
- ClickAdd.
- If you upload individual SSL certificates, repeat steps 3 and 4 for each additional file.