BlackBerry 10 and Active Sync SSL

We recently had a change in our work CIO. He has upgraded and virtualized a number of our Network Servers , software, and the mail server. He also changed the active sync connection requiring an SSL login. We are a BYOD employer, no BES, and as you can imagine, there are a lot Android and iPhone users. I am the only BlackBerry user.

I work for a small local government and our root certificates of trust are self signed. Due to the fact that the certificates are self signed BB10 will not verify the trust certificates. I have researched and discovered that in his attempt to "secure" the network he has virtually locked me out. I can connect to to the server, but it will not pass through mail due to the certificate issues. BB10 will not accept self signed certificates because they are not secure. Apparently, I can have him pull and email the certificates and then load it on the device using the Blackberry Link Desktop software. Has anyone found a work around or successfully solved this issue?

His answer of course is "Blackberry sucks, just get an Android or iPhone".

The irony for me is that his attempt to secure his mobile outlook connections cannot be accomplished as my Passport has more security in place than the network .

I thought of going the Priv route, but because the security container on the Priv is similar to BB10, I think the same issue will apply.

Hopefully the great minds of CrackBerry can help me out so I don't have to move to the dark side and shelve my beautiful OG Passport and it's great physical keyboard.

Passport. It's not as big as you think it is.

Unclear for me.
Is your login X.509 with a certificate or with username+password?
X.509 as far as I know is only supported with BES.

About certificate, simply download the root CA certificate of your company and install it on your device via settings.
So that your BB is trusting it.

Other problem you may have is that your BB device doesn't connect to a TLSv1.2 enables mailserver.
See my old post http://forums.crackberry.com/bb10-le...1-2-a-1029191/

Originally Posted by Thirsty

Unclear for me.
Is your login X.509 with a certificate or with username+password?
X.509 as far as I know is only supported with BES.

About certificate, simply download the root CA certificate of your company and install it on your device via settings.
So that your BB is trusting it.

Other problem you may have is that your BB device doesn't connect to a TLSv1.2 enables mailserver.
See my old post http://forums.crackberry.com/bb10-le...1-2-a-1029191/

Thanks for the response. I will expand on the details a little.

Login is username +password and a self signed certificate. The issues with self signed certs seems to be the problem as OS 10.3.2 does not recognize those as secure from the research I've done.

Active Sync worked great prior to the SSL requirement.

Do you have any feedback about the Priv version of Hub ? If I can't use my Passport, I may have to move in that direction or wait for the upcoming "Rome" to get a PKB device that will work

Passport. It's not as big as you think it is.

Self signed certificate is no problem. I used myself for a test with Sogo groupware icm with Z10.
Your need to install the CA certificate of the certificate on your blackberry.
Then every certificate signed by the CA will be trusted.

I can't help your with Priv.

Did it work?

Still working on it. Our new CIO/Administrator is kind of pissy about it. Still wants me to get "just get an Android or iPhone.

Just another example of why BB10, which is an actual secure communication device, continues to lose users. IT crew might actually have to do some work and understand the process.

Passport. It's not as big as you think it is.