User guide
Protecting HTTP connections from a device
to content servers and application servers
using HTTPS
If a third-party application on a BlackBerry device can access servers on the Internet, you can configure the BlackBerry
MDS Connection Service to use HTTPS to provide additional authentication and security for the connection. The device
supports HTTPS in proxy mode using a proxy server or in direct mode using TLS.
If you configure HTTPS using a proxy server, the BlackBerry MDS Connection Service uses cipher suite components of Sun
JSSE version 1.4.1 to open the connection for the device. Typically, HTTP connections open faster using a proxy server
than TLS.
If you configure HTTPS using TLS, the BlackBerry MDS Connection Service uses the TLS and WTLS key establishment
algorithms, symmetric algorithms, and hash algorithms that the RIM Cryptographic API supports to open the connection
for the device. The device uses TLS to encrypt data that an application sends to content servers. The BlackBerry MDS
Connection Service does not decrypt data that it sends over the wireless network. You can use TLS when only the end
points of the transaction are trusted (for example, with banking services). A device that is running BlackBerry Device
Software version 3.6.1 or later supports TLS for connections.
Warning messages for invalid certificates
If a BlackBerry device user visits a website that presents an invalid certificate, the BlackBerry device displays one of the
following warning messages:
Warning message Description
Domain Name Mismatch The server uses a domain name that does not match any of the domain names
in the server's certificate.
Expired Certificate The certificate is expired.
Not Yet Valid The certificate has not yet reached the date when it becomes valid.
Untrusted Certificate The certificate cannot be trusted because there is a problem with the certificate
chain or the certification authority.
Security Technical Overview Protecting communication with a device
85