[toosweetnitemare]

Does anyone know how to import a .Pfx s/mime cert into a z10 to work with my corporate active sync account? I put the cert on my sd cars but the device doesn't see the cert....

Thanks in advance!

Posted via CB10

[unpp]

mail yourself the cert

[toosweetnitemare]

I'll give that a shot. Thanks

Posted via CB10

[toosweetnitemare]

I received a message that I could not import a cert from a personal account. Any other ideas?

Posted via CB10

[Omnitech]

I received a message that I could not import a cert from a personal account. Any other ideas?

Settings/Security and Privacy/Certificates/Import. You have to get a personal computer involved, here is the other side of the equation:

Import a certificate from your computer - How To - BlackBerry Z10 Smartphone - 10.0.0

[toosweetnitemare]

thank. I gave that a shot but i did not see a folder called "certs". should i just reset my device and start over? I really need this email to work if i'm going to keep the device.

[tk-093]

I'm struggling with this a little bit as well.

For legacy Blackberry devices we just have the users export their three certs and email it to themselves and import them. One is a .pfx and the other two are .cer files. No problems ever.

Now with the Z10 I can't seem to import them. I tap on them in an email just like on legacy BB devices and it prompts me for the password but it never, ever takes it. It keeps asking and asking. It is even asking for the password for the intermediate and root cert and there are no passwords on it. Not sure if we have to export them different now or what.

S/MIME is pretty much the only reason we got approval to move to BB10. I'll keep messing with it.

[toosweetnitemare]

I'm struggling with this a little bit as well.

For legacy Blackberry devices we just have the users export their three certs and email it to themselves and import them. One is a .pfx and the other two are .cer files. No problems ever.

Now with the Z10 I can't seem to import them. I tap on them in an email just like on legacy BB devices and it prompts me for the password but it never, ever takes it. It keeps asking and asking. It is even asking for the password for the intermediate and root cert and there are no passwords on it. Not sure if we have to export them different now or what.

S/MIME is pretty much the only reason we got approval to move to BB10. I'll keep messing with it.

tk-093, i totally understand. I was able to import my pfx file on my 9930 and made it work but i am unable to do it in bb10. If i cant get activesync to work with smime then i will be forced to move to android or iphone because they both support it and my company requires it. Please keep me posted if you discover a work around for this. Thanks!

[tk-093]

tk-093, i totally understand. I was able to import my pfx file on my 9930 and made it work but i am unable to do it in bb10. If i cant get activesync to work with smime then i will be forced to move to android or iphone because they both support it and my company requires it. Please keep me posted if you discover a work around for this. Thanks!

Will do. I don't know if a BB10 activated device is required for it to work or not. I'll let you know what I find.

[unpp]

It has to be a work account so you need to be on a BDS server for smime to work.

[toosweetnitemare]

Will do. I don't know if a BB10 activated device is required for it to work or not. I'll let you know what I find.

my verizon z10 is activated. I can run some testing if you need an activated z10 for the process. Obviously i cant import your certs and confirm it working for your company but i can at least confirm process using my company resources.

[toosweetnitemare]

It has to be a work account so you need to be on a BDS server for smime to work.

why does it have to have BDS to work? shouldn't activesync alleviate the need for a BES?



EDIT: sorry if that sounded whiny, i just reread that comment and could hear a small child crying about candy lol it was meant to be inquiring TBH

[unpp]

I have no idea. I just know that BBRY has always required their server software for smime to work.

[tk-093]

I found these official instructions from Blackberry
Securing your email - How To - BlackBerry Z10 Smartphone - 10.0.0

I'm missing the S/MIME settings it is talking about. Maybe they don't show up unless you are activated on BES10, or BB10 or whatever it's called now.

[tk-093]

why does it have to have BDS to work? shouldn't activesync alleviate the need for a BES?



EDIT: sorry if that sounded whiny, i just reread that comment and could hear a small child crying about candy lol it was meant to be inquiring TBH

Generally speaking, you are correct. You shouldn't need BES10 to use S/MIME. I'm just guessing but I wonder if Blackberry has limited it to just enterprise activated devices for security reasons?

[toosweetnitemare]

I have no idea. I just know that BBRY has always required their server software for smime to work.

thanks. i did have to use the smime option with BES on the 9930. but it shouldn't be required for activesync IMO

[toosweetnitemare]

Generally speaking, you are correct. You shouldn't need BES10 to use S/MIME. I'm just guessing but I wonder if Blackberry has limited it to just enterprise activated devices for security reasons?

I really hope they don't cripple activesync this way. Otherwise i just bought a very expensive paperweight that i'll be returning. My company has removed all BES servers from the environment because there were only 3 of us using it. This was my last hope to keep my very berry magic going.

[tk-093]

I really hope they don't cripple activesync this way. Otherwise i just bought a very expensive paperweight that i'll be returning. My company has removed all BES servers from the environment because there were only 3 of us using it. This was my last hope to keep my very berry magic going.

Heh, Windows Phone 8 doesn't even do S/MIME yet...

[toosweetnitemare]

Heh, Windows Phone 8 doesn't even do S/MIME yet...

really? lol M$ fail

[akavbb]

Anybody know if one could use S/MIME for regular email? I remember in legacy devices we couldn't

[toosweetnitemare]

Anybody know if one could use S/MIME for regular email? I remember in legacy devices we couldn't

That is what we are trying to find out. Apparently most of us are getting an error message that says "cannot import cert from personal account" and no one here has seen the documented smime option in security settings. I personally havent even seen the cert folder when i plug in my device.

p.s. awesome signature akavbb. personally im a fan of trinary.

[Markus Schulz]

Just to add some hints:

- s/mime is limited to BES accounts only atm.
- you don't need any other configuration on the BES to get it work on the BES account (of course you can provide certs an do some policy work, but you don't need to touch the BES server to get it run, in case your IT der starts to complain...)
- if you experience trouble with downloading the certificate, try to use .pem files instead
- of course, remember it's a version 1.0, there are some issues with CAs which worked on Legacy but don't show up as "Trusted" on BlackBerry 10. Signing and crypting with the certs would work anyway, so it's not a high priority issue.

Posted via CB with my Z10

[Omnitech]

I think unpp is correct. If you look at the Blackberry knowledgebase article about which ActiveSync features Blackberry 10 supports, it includes the following text:

Microsoft ActiveSync 12.1 with Microsoft Exchange Server 2007 SP1 Features:

Bandwidth reductions (compressed/removed headers) Partial
S/MIME13 Only supported through BDS

KB33619-Supported Microsoft ActiveSync Features and Policies for use with BlackBerry 10

If I had to hazard a guess, I'd say perhaps the philosophy underpinning that is that the idea of "secure email" is undermined if the device itself is not secured.

IE if it's trivial for someone to steal the phone and gain access to the "secure" email, then the email isn't actually secure.
.

[toosweetnitemare]

Just to add some hints:

- s/mime is limited to BES accounts only atm.
- you don't need any other configuration on the BES to get it work on the BES account (of course you can provide certs an do some policy work, but you don't need to touch the BES server to get it run, in case your IT der starts to complain...)
- if you experience trouble with downloading the certificate, try to use .pem files instead
- of course, remember it's a version 1.0, there are some issues with CAs which worked on Legacy but don't show up as "Trusted" on BlackBerry 10. Signing and crypting with the certs would work anyway, so it's not a high priority issue.

Posted via CB with my Z10

something that i wont have access to in the future is the BES server and really need this to work with active sync. If i were to connect it to a BES, what is the min version of the BES that would support bb10? also, by connecting it to the bes, will verizon try to charge me more and will connecting to the bes wipe out my personal accounts from the device?

[Omnitech]

BTW, there is a 3rd-party solution that purports to support S/MIME, I don't know if this requires a matching component on the server side though:

http://forums.crackberry.com/blackbe...w-bb10-791112/