1. Mark_Wheeler's Avatar
    Hi all.

    Flushed with success from getting SWS working, I've run into a small problem.

    We use S/MIME in our organisation - I'm able to select the appropriate user certificate in the client and am able to open encrypted mail sent to me. The problem is when I try to send an encrypted email. I would expect that the SWS client would attempt to download the certificate for the recipient from the GAL but it appears not. Instead, I get a shield icon with a '?' (which I take to mean that an appropriate certificate for the recipient cannot be found) next to the recipient name.

    Has anyone got this working properly?

    One workaround would be to install the user cert for each recipient on each device but with 1000+ users, this is not really an option.

    Thanks in advance,

    Mark
    05-29-14 07:44 AM
  2. pkcable's Avatar
    Working on getting you an answer
    05-29-14 08:56 PM
  3. Sith_Apprentice's Avatar
    There is no error generated? Touch the shield icon and see if it shows the error.

    From the UDS admin guide :

    Setting up encrypted email using S/MIME You can extend email security for iOS and Android device users by permitting users to send and receive S/MIME-protected email messages. You cannot force users to use S/MIME. There are two types of S/MIME protection available: ?S/MIME for the native iOS email app. You enable this type of S/MIME in a Microsoft ActiveSync profile. ?S/MIME for the iOS and Android apps in the work space. You enable this type of S/MIME in a work space IT policy. To use either type of S/MIME, a user must enable S/MIME on the device and specify whether to encrypt, sign, or encrypt and sign emails. Users must store their private keys and a certificate for each recipient that they want to send an encrypted email message to on their devices. Users can store a key and certificates by importing the files from an email message


    Look at the last line.
    05-30-14 06:26 AM
  4. Mark_Wheeler's Avatar
    Thanks for the responses. I read that same paragraph in the admin guide and reached the same conclusion.

    Was just reaching out to the community and hoping that there was something a bit more positive (or undocumented) which might mean it was a usable feature.

    Managing 1000+ certificates on several hundred devices and / or trying to explain how to make this work to users means that this option (and indeed SWS on iOS in its entirety) is garbage for us.
    05-30-14 06:57 AM
  5. Sith_Apprentice's Avatar
    Thanks for the responses. I read that same paragraph in the admin guide and reached the same conclusion.

    Was just reaching out to the community and hoping that there was something a bit more positive (or undocumented) which might mean it was a usable feature.

    Managing 1000+ certificates on several hundred devices and / or trying to explain how to make this work to users means that this option (and indeed SWS on iOS in its entirety) is garbage for us.
    This is unfortunate. Have you contacted BlackBerry to see if there is a way to push then all?
    05-30-14 07:13 AM
  6. Mark_Wheeler's Avatar
    Not yet, although I have limited hope for a rapid turnaround - it took until 10.2 for this to be properly supported in BES10 for the new range of BB devices, so heaven know how long it will take them to implement it and actually make it work (2 very different things in my recent experience) in UDS / SWS.

    For info, GAL lookup of certificates for S/MIME is natively supported in ActiveSync enabled Exchange accounts on Android and iOS - I was amazed that the feature went AWOL in initial releases of BES10 and took so long to then be properly implemented.
    05-30-14 07:36 AM
  7. pirateer2k's Avatar
    I have my users certs, the root and CAs, and contacts certs on the device. S/MIME is enabled through the work space policy, but I am still unable to send/read encrypted S/MIME messages. When I go through the work space settings -> accounts -> my account -> S/MIME (is green) I see "Sign" and "Encrypt" below. Both are listed "No". When I click on either I see "None" and a green check mark. Hoping someone will know what I'm missing. Been working with Blackberry support the past week, and they haven't been able to help. Thanks in Advance
    03-10-15 06:07 AM

Similar Threads

  1. No LTE with GoPhone and Q10?
    By AndroidVageta in forum General Carrier Discussion
    Replies: 9
    Last Post: 06-15-14, 07:08 PM
  2. Update your self for dutch and Belgium users
    By whatsever in forum BlackBerry 10 OS
    Replies: 4
    Last Post: 06-04-14, 07:31 AM
  3. 10.3 and Advanced Interaction
    By Harborcoat in forum BB10 Leaked/Beta OS
    Replies: 14
    Last Post: 05-30-14, 04:52 AM
  4. BlackBerry CEO John Chen speaks on new devices, developers and taking BlackBerry back to its roots
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 05-28-14, 07:12 PM
LINK TO POST COPIED TO CLIPBOARD