BESX - Replace self-signed SSL certificate

[tnsnames.ora]

Hello,

Currently referencing the following KB in an attempt to utilize a custom SSL certificate for the BAS service:

KB12887

Sorry, first post and unable to post links.

I have read forum posts similar to the KB article which describe first backing up the current web.keystore file, modifying the cacerts keystore password via the BlackBerry Server Configuration utility, modifying the "WebKeyStorePass" registry entry (HKCU\Software\Research In Motion\BlackBerry Enterprise Server\Administration Service\Key Store) and then generate the CSR via the Java keytool.exe utility. The KB article makes no mention of such modification, are such steps required?

Task 1, point/step 4 from the KB article states the following (with no mention or reference to the current key store password nor creating a new key store password via the cacerts password tab within the BlackBerry Server Configuration utility):

"4. When prompted, enter the key store password. "

Trying to understand this whole operation I am led to believe that I must first alter the web.keystore password via the BlackBerry Server Configuration utility, modify the appropriate registry key to reflect the newly chosen/created password from the utility and then generate the CSR.

Has anyone been able to successfully install a custom SSL certificate for the BAS service utilizing the steps/method mentioned? Perhaps I am missing a piece of this entire puzzle so I thought I would ask around.

Thank you.

[saber87]

no registry modifications are needed at all to replace the ssl cert

[centricc]

Did you ever get this working? I followed the steps to create the CSR but GoDaddy tells me that the CSR is invalid. I added the variable to make the keysize 2048, but still get the error.