Blackberry & Microsoft Exchange Email Encryption How To

Posted 1530 days ago - Encryption, Microsoft

Integrating a Blackberry With The Enterprise

Several steps are required to properly enable Microsoft Exchange email encryption certificates on a Blackberry, but this guide should provide clear, effective instructions and assumes the following:

  • Microsoft Active Directory Environment
  • Blackberry 7520 (should work with other models)
  • Blackberry Enterprise Server v4.0 or Later
  • Microsoft Windows XP Professional Workstations
  • Blackberry User has Outlook Configured for Email Encryption

Install Proper Desktop Management Software

For the purpose of this guide, I'm going to suggest desktop manager version 4.1 or 4.2, but the choice is ultimately yours. Visit the download site and choose the version you think is most appropriate. Once downloaded, start a custom installation and make sure Certificate Synchronization is selected.

Blackberry-Cert-Synch

Next, tell the installation your organization makes use of a BES (Blackberry Enterprise Server) so your email will integrate with Exchange. The caption reads:

Blackberry Enterprise Server or Blackberry Desktop Redirector

This option integrates your message account with Blackberry using the Blackberry Enterprise Server or Blackberry Desktop Redirector.

Click Next > and proceed to tell the installation a Microsoft Exchange environment is used. The caption reads:

Microsoft Exchange (typically used with Microsoft Outlook client)

Now tell the installation to Redirect messages using the Blackberry Enterprise Server, click Next >, don't install any additional shortcuts on the desktop (your choice of course), and finally, click Next >.

Install Proper Device Management Software

The corresponding device software is available on the same downloads page mentioned above. Select the desired desktop manager version, and the appropriate device software should become available on that same page. Device software installation is a typical Microsoft software installation, just click next until finished.

Install S/MIME Support For The Blackberry

According to Blackberry's web-site, this package is a component of the Blackberry Enterprise Server, so you'll need to contact your Systems Administrator to obtain the software. If you're the sysadmin and don't recall ever seeing the S/MIME package, contact Blackberry. They'll either provide a link to download the software, or send the software package via mail on a CD. Once again, the installation is pretty straight forward, just click next until finished.

Configuring LDAP Settings

Dock the device to the user's workstation while they're logged into the domain, then enter the device password (you do have a 10 minute lockout security policy, don't you?). The Desktop Manager will inform you new software is available, click Next >. On the next screen, make sure everything is checked including DOD root certificates and S/MIME support. Whether or not you decide to save and restore the device info is up to you, but remember, some of the data is stored in Exchange so you're not putting contacts, emails, and calendar appointments at risk. If those items are all you're worried about, I'd suggest not saving the current data and performing a fresh upgrade. Once upgrade options are configured, the process will take anywhere from 15 to 30 minutes, depending on workstation speed.

After the upgrade is complete, navigate to Certificate Server/LDAP server settings on the device. You'll need to obtain this information from a network/system administrator, and if you are the system administrator but don't know this information, what the hell kind of admin are you? Here's an example entry.

LDAP Server Friendly Name: YourOrg Server Name: bbldap.your.org.domain.com Base Query: dc=your,dc=org,dc=domain,dc=com Port: 389 Authentication Type: Simple

Certificate Syncronization With The Desktop Manager

Double click Certificate Sync in the desktop manager. In the Personal Certificates tab select the user's corresponding certificate - the Certificate Label should display the user's name. Under Options, select the LDAP Servers tab, click Add..., and populate the text boxes with the information above. Test the connection, and once confirmed, click OK, OK, Synchronize.

Blackberry Email Encryption Conclusion

You're now ready to test the newly configured certificate. Send a test email and open it. The Blackberry will ask for the certificate key store password and allow viewing once supplied. To send an encrypted email, compose the message like normal, push the trackwheel in and select S/MIME [Encrypt]. After composition, attempting to send the email will result in a username and password prompt. Provide the necessary credentials (DOMAIN\Username & Active Directory Password), then you're prompted for the key store password. Once the certificate status is checked, select OK, and if all is well, the message is sent encrypted.

This process is obviously a pain, and if there's an easier way, please provide a link in the comments.

Word Count: 851

Tags: , , ,

Click Here to Submit a Comment

Permalink / Last Modified:

Support Nullamatix.com:

E-mail Comment Facebook Del.icio.us Digg Reddit Technorati Furl

See Also:

  • 10/15/2007 -- How To: GnuPG (gpg4win) for MS Office Outlook, Exchange, and Others
    Excerpt: "GnuPG is a completely free implementation of the Open PGP standard defined in RFC2440.txt. The folks at Gpg4win made an excellent Windows port that allows you to use the standard in almost any way imaginable. This particular article will explain how to use ..."
  • 11/10/2007 -- 5 Ways to Harden and Improve Security in Windows XP
    Excerpt: "Out of the box, a fresh installation of Windows XP is weak, full of holes, and a guaranteed zombie if connected to the Internet. This post is not a guaranteed way to ensure your computer's security, but should definitely add to the existing Windows XP ..."
  • 11/05/2007 -- Microsft’s Windows Continuously Increasing Startup Time: Causes and Fixes
    Excerpt: "For years, Windows users have battled with the notorious load times that seem to get worse with every startup. I've developed a ritual of reinstalling windows every six to twelve months, which becomes obnoxious, but almost necessary to maintain usability. A ..."
  • 03/11/2008 -- A Shopping Cart Solution Worth Investing In
    Excerpt: "In an effort to increase my on-line earnings, I began researching Ecommerce store front solutions. After reviewing several options, my search came to an end as soon as I found Ashop's shopping cart software. The administration panel is powerful and feature ..."

2 (Comments|Trackbacks)

[ RSS feed | Trackback URI | Leave a Comment ]

collapse Dr. Hairline Puff # @ 2008-04-11 10:34:11

What I like to do is take the crackberry and toss it in a dirty toilet for about 33 minutes and then flush 2 times. That should help with viewing encrypted mail.

Cheers,

Dr. Hairline

Reply to this comment
collapse Guy Patterson # @ 2009-04-19 05:32:12

Perhaps a failed attempt at making a funny, or you're just really that naive.

Reply to this comment
 
 

Leave a Comment

Comments are moderated prior to showing up. If your comment does not show up immediately, please do not attempt to resubmit. If you're redirected to the original post after pressing "Add Comment", your comment was successfully entered into the moderation queue.

Trackback Responses to This Post:

  • No Trackbacks, yet. Help Nullamatix.com by Linking to This Post.