Blackberry Torch 9850 9860 7 1 User Guide
Have a look at the manual Blackberry Torch 9850 9860 7 1 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 57 Blackberry manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
4.Click one of the following menu items: •Show Personal Certificates •Show Personal PGP Keys •Show Others' Certificates •Show Others' PGP Keys •Show CA Certificates •Show Root Certificates To view all the certificates on your BlackBerry smartphone, press the key > Show All Certificates. View the certificate chain for a certificate 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificates. 3.Highlight a certificate. 4.Press the key > Show Chain. Certificate and PGP key statuses Status indicators for certificates, PGPkeys, and certification authority profiles Status indicators for certificates and PGP keys IndicatorDescription The certificate or PGP key has a corresponding private key that is stored on your BlackBerry smartphone or a smart card. The certificate chain or PGP key is trusted and valid, and the revocation status is good. The revocation status is unknown, or a public key is weak. The certificate, a certificate in the certificate chain, or the PGP key is untrusted, revoked, expired, not valid, or can't be verified.User GuideSecurity 321
Status indicators for certification authority profiles IndicatorDescription A valid certificate is associated with the certificate authority profile. A new certificate is being retrieved because the current certificate is scheduled to expire soon. The enrollment request is pending approval from the certificate authority. Enrollment with the certificate authority profile is pending because an action from the user is required to continue, or because enrollment is scheduled to occur later. Enrollment with the certificate authority profile is required and will occur automatically. Check the revocation status of a certificate, certificate chain, or PGP key 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificates or PGP keys. 3.Highlight a certificate or PGP key. 4.Press the key > Fetch Status or Fetch Chain Status. Change the trust status of a certificate or PGP key Before you begin: Depending on the types of certificates that your administrator allows, you might not be able to trust some types of certificates. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificates or PGP keys. 3.Highlight a certificate or PGP key. 4.Press the key > Trust or Distrust. 5.If you are trusting a certificate with a certificate chain, do one of the following: •To trust only the highlighted certificate, click Selected Certificate. •To trust the highlighted certificate and all the other certificates in the chain, click Entire Chain. Related information About the trust status of certificates and PGP keys, 318 User GuideSecurity 322
Revoke a certificate or PGP key If you revoke a certificate or PGP key, it is revoked only in the key store on your BlackBerry smartphone. Your smartphone doesn't update the revocation status on the certificate authority, CRL servers, or on the PGP Universal Server. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificates or PGP keys. 3.Highlight a certificate or PGP key. 4.Press the key > Revoke > Yes. 5.Change the Reason field. 6.Click OK. To cancel a certificate hold, highlight the certificate. Press the key > Cancel Hold. Certificate revocation reasons ReasonDescriptionUnknownThe revocation reason does not match any of the predefined reasons.Key CompromiseA person who is not the key subject might have discovered the private key value.CA CompromiseSomeone might have revealed the private key of the certificate issuer.Change in AffiliationThe certificate subject no longer works for the organization.SupersededA new certificate is replacing an existing certificate.Cessation of OperationThe certificate subject no longer requires the certificate.Certificate HoldYou want to revoke the certificate temporarily. PGP key revocation reasons ReasonDescriptionUnknownThe revocation reason does not match any of the predefined reasons.SupersededA new PGP key is replacing an existing PGP key.Key CompromiseA person who is not the key subject might have discovered the private key value.Key RetiredThe PGP key is no longer used.User ID InvalidThe user information for the PGP key is not valid.User GuideSecurity 323
Certificate and PGP key options Change the display name for a certificate or PGP key 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificates or PGP keys. 3.Highlight a certificate or PGP key. 4.Press the key > Change Label. 5.Type a display name for the certificate or PGP key. 6.Click OK. Turn off prompts that appear when you add a certificate or PGP key to the key store 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificates or PGP keys. 3.Press the key > Fetch Certificates or Fetch PGP Keys. 4.Press the key > Options. •To download the revocation status of a certificate or PGP key when you add it to the key store, change the Fetch Status field to Yes. •To add a certificate or PGP key to the key store without downloading the revocation status, change the Fetch Status field to No. •To turn off the display name prompt, clear the Prompt for Label checkbox. 5.Press the key > Save. If you turn off the display name prompt, when you add a certificate or PGP key, your BlackBerry smartphone uses the subject as the name for the certificate or PGP key. Add an email address to a certificate 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificates. 3.Press the key > Show Others' Certificates. 4.Highlight a certificate. 5.Press the key > Associate Addresses. 6.Press the key > Add Address. 7.Do one of the following: User GuideSecurity 324
•Click a contact. • Click Use Once. Type an email address. Press the key on the keyboard. 8.Press the key > Save. Change how often a certification authority profile checks certificate status Depending on your organization, you might be able to change how often a certification authority profile checks the status of its certificate. If the certificate is scheduled to expire soon, you can re-enroll with the certification authority profile to receive an updated certificate. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificate Enrollment. 3.Change the Certificate Revocation Check Interval field. 4.Press the key > Save. Clear the PGP data cache The PGP data cache contains cached PGP public keys and the PGP Universal Server policy that your BlackBerry smartphone downloads from the PGP Universal Server. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > PGP. 3.Press the key > Clear Universal Cache. The next time that you send a PGP protected message, your smartphone downloads an updated PGP Universal Server policy and updated PGP public keys from the PGP Universal Server. Certificate servers Add or delete a certificate server 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificate Servers. • To add a new certificate server, press the key > New Server. Add the connection information for the certificate server. Press the key > Save. • To delete a certificate server, highlight a certificate server. Press the key > Delete. User GuideSecurity 325
Change connection information for a certificate server 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificate Servers. 3.Highlight a certificate server. 4.Press the key > Edit. 5.Change the connection information for the certificate server. 6.Press the key > Save. Connection options for OCSP and CRL servers OptionDescriptionFriendly NameType a display name for the certificate server.Server URLType the web address of the certificate server. Connection options for LDAP-enabled servers OptionDescriptionFriendly NameType a display name for the server.Server NameType the network address of the server.Base QueryType the base query information for the server using X.509 certificate syntax (for example, o=test.rim.net).PortType the port number for your organization’s network. The default port number is 389.Authentication TypeSpecify whether you must log in to the server.Connection TypeSpecify whether your BlackBerry smartphone uses an SSL connection or a TLS connection to connect to the server. Send connection information for a certificate server 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificate Servers. User GuideSecurity 326
3.Highlight a certificate server.4.Press the key > Email Server or PIN Server. Key store About the key store The key store on your BlackBerry smartphone might store the following items: •Personal certificates or PGP keys (public and private key pairs) •Certificates that you download using a certification authority profile or the BlackBerry Desktop Software •Root certificates that are included in the BlackBerry Desktop Software •Certificates that you download from an LDAP-enabled server or DSML-enabled server •PGP public keys that you download from an LDAP-enabled server •Certificates or PGP public keys that you import from your smartphone or a media card •Certificates or PGP public keys that you add from a message To access items in the key store, you must enter a key store password. If you exceed the number of allowed password attempts, all your smartphone data is deleted. Research In Motion recommends that you regularly create and save a backup file on your computer, especially before you update any software. Maintaining a current backup file on your computer might allow you to recover smartphone data if your smartphone is lost, stolen, or corrupted by an unforeseen issue. Change the key store password 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Key Stores. 3.Press the key > Change Key Store Password. Synchronize the key store password with the smartphone password If you synchronize the key store password with your BlackBerry smartphone password, when you change your smartphone password, the key store password changes to match it automatically. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Key Stores. 3.Change the Use Device Password as Key Store Password field to Yes. 4.Press the key > Save. User GuideSecurity 327
Change when your smartphone deletes the key store password 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Key Stores. 3.Change the Key Store Password Timeout field. 4.Press the key > Save. To access private keys after your BlackBerry smartphone deletes the key store password, you must type your key store password. Add contacts automatically when you add certificates or PGP keys to the key store You can set your BlackBerry smartphone to add a contact to your contact list using information from a certificate or PGP key in your key store. For example, if you add a coworker's public certificate to your key store, your smartphone can automatically create a contact entry with that person's name, organization, phone number, and address. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Key Stores. 3.Select the Add Certificate Email to Contacts checkbox. 4.Press the key > Save. Change the service that your smartphone uses to download certificates Depending on your organization, you might not be able to change the service that your BlackBerry smartphone uses to download certificates. For more information, contact your administrator. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Key Stores. 3.Change the Certificate Service field. 4.Press the key > Save. Turn off automatic backup and restore of key store data By default, items in the key store on your BlackBerry smartphone are backed up or restored when you back up or restore your smartphone data. For security reasons, if you don't want to back up your private key to your computer or restore your private key from your computer, you can turn off automatic backup and restore of key store data. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Key Stores. User GuideSecurity 328
3.Clear the Allow Key Store Backup/Restore checkbox.4.Press the key > Save. To turn on automatic backup and restore of key store data, select the Allow Key Store Backup/Restore checkbox. Change the refresh rate for certificate revocation lists 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Key Stores. 3.In the Certificate Status section, change the Expires After field. 4.Press the key > Save. Your BlackBerry smartphone downloads a new revocation status automatically when your smartphone uses a key store item with a status that is older than the time limit that you set. Reject certificate revocation lists from unverified CRL servers 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Key Stores. 3.Clear the Accept Unverified CRLs checkbox. 4.Press the key > Save. Your BlackBerry smartphone rejects certificate revocation lists from CRL servers that the BlackBerry MDS Connection Service can't verify. Smart cards About using a smart card with your smartphone Smart cards store certificates and private keys. You can use a smart card reader to import certificates from a smart card to the key store on your BlackBerry smartphone, but you can't import private keys. As a result, private key operations such as signing and decryption use the smart card, and public key operations such as verification and encryption use the public certificates on your smartphone. If you use a smart card certificate to authenticate with your smartphone, after you connect your smart card reader to your smartphone, your smartphone requests authentication from the smart card each time that you unlock your smartphone. You can install multiple smart card drivers on your smartphone, including drivers for microSD smart cards, but you can only authenticate to one smart card at a time. If you are authenticating using a microSD smart card and you want to transfer media files between your microSD smart card and your computer, you must temporarily turn off two-factor authentication or select a different authentication option. User GuideSecurity 329
If the S/MIME Support Package for BlackBerry smartphones is installed on your smartphone, you can use smart card certificates to send S/MIME-protected messages. Turn on two-factor authentication Before you begin: To perform this task, you must set a password for your BlackBerry smartphone and have the smart card password that you received with your smart card. 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Password. •To use a smart card and your smartphone password to unlock your smartphone, set the Authentication Type field to Smart Card. •To use your connected smart card reader (even if the smart card is not inserted) and your smartphone password to unlock your smartphone, set the Authentication Type field to Proximity. Select the Prompt for Device Password checkbox. 3.Press the key > Save. Import a certificate from a smart card 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Advanced Security Settings > Certificates. 3.Press the key > Import Smart Card Certs. 4.Enter your smart card password. 5.Select the checkbox beside a certificate. 6.Click OK. 7.Enter your key store password. 8.Click OK. Lock your smartphone when you remove your smart card from your smart card reader 1.On the home screen or in a folder, click the Options icon. 2.Click Security > Password. 3.If necessary, change the User Authenticator field to Smart Card. 4.Select the Lock On Card Removal checkbox. 5.Press the key > Save. Related information I can't unlock my smartphone using my smart card, 338 User GuideSecurity 330