You may have heard about Let's Encrypt. If not, go there and check it. You can have SSL certificates for your servers for free, so there is now no excuse for not using https by default.
But Let's Encrypt certificates are not yet trusted in all browsers/systems. And one of those is my beloved BlackBerry OS 10. Here comes the good news: there is a way to fix it!
Go to https://letsencrypt.org/certificates/ and download https://letsencrypt.org/certs/isrgrootx1.pem and https://letsencrypt.org/certs/letsencryptauthorityx1.pem.
And then go to https://www.identrust.com/certificates/trustid/root-download-x3.html and copy certificate body to text editor. You need to prepend -----BEGIN CERTIFICATE----- and append -----END CERTIFICATE----- so it looks like this
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----dstrootx3.pem).
Then simply import these three files on your Blackberry phone via Settings - Security and privacy - Certificates - Import.
After doing so, your Blackberry should start trusting all Let's Encrypt certificates.
Comments
Thanks
Submitted by Dave on
Very helpfull and works perfect!
works, except for one site
Submitted by louis weismann on
Hi Martin,
Thanks for this tip. It works for most sites except for this one: osca.hs-osnabrueck.de
Do you have any suggestions,
Regards,
Louis Weismann
osca.hs-osnabrueck.de
Submitted by Martin Green on
Its possible that site is signed with one of the other intermediate certificates than the ones listed in this article. To ensure you cover ALL the bases you actually need to install seven certs from Let's Encrypt, and one from IdenTrust. As I mention in another post here you can install all eight required certs with just two click with my free multiCERT app. https://appworld.blackberry.com/webstore/content/59999147/
Cheers.
diky
Submitted by caniss on
Vse funguje naprosto super. Diky za navod !
Encription tthrough "Let's Encrypt"
Submitted by James Roberts on
A nightmare..... steps, coding reminds me of DOS, APL, COBOL, Fortran programing language.
I'll skip steps and hopefully find a "package", bundle from BlackBerry to update BlackBerry Classic.
multiCERT - Let's Encrypt cert installer for BlackBerry 10
Submitted by Martin Green on
Just wanted to let anybody reading this comment know that a few days ago I released a totally free BlackBerry 10 Native app that installs all eight required Let's Encrypt certificates with just two clicks. Check it out here... https://appworld.blackberry.com/webstore/content/59999147/
Thanks
Submitted by Flix2 on
You made my day! Thanks.
good article, but multiCERT app is a better option now
Submitted by mato on
That's a great post, thanks.
But as mentioned above, now there's a better way - a new app multiCERT that will install all 8 required certificates with just a single click. Kudos to its author.
cert problem
Submitted by jacco on
Thanks! You solved my long running problems
The Seven Certificates
Submitted by Shuswap on
Hi Martin, I've imported five certificates from Firefox to my Bold 9900, but I'm still getting certificate problems. Could you provide a list of the certificates you included in the BB10 app?
try the multiCERT application
Submitted by martin jinoch on
try the multiCERT application mentioned several comments above this one
Blackberry passport
Submitted by Lance on
not sure whats going but some how I manage to fix the site that is bugging me with the same issue, the first two instructions could not be done because the phone would not trust the site I used another browser on the phone and then copied the file in the last instruction over to my phone and now it works without complaining. The application your speak of will not work on a passport it says "your device is not supported"