The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
BBDS-00-000310	BBDS-00-000310	BBDS-00-000310_rule		Low

Description
The key store password protects the server digital authentication certificates from unauthorized use.

STIG	Date
BlackBerry Device Service 6.2 STIG	2013-05-03

Details

Check Text ( C-BBDS-00-000310_chk )
When you install the BlackBerry Administration Service, the setup application generates a password for the web.keystore file. The web.keystore file stores the SSL certificate that the BlackBerry Administration Service uses to authenticate with browsers. You can change the web keystore password after the installation process completes. All BlackBerry Administration Service instances in a BlackBerry Device Service domain must use the same web keystore password. Before you begin: To verify the current password for the web.keystore file, log in to the BlackBerry Administration Service using an administrator account with the Security Administrator role. On the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view, click BlackBerry Administration Service, and check the Security settings section. 1. On a computer that hosts a BlackBerry Administration Service instance, open the BlackBerry Device Service Configuration tool. 2. On the Administration Service - Web Keystore tab, type the current password. 3. Type a new password and confirm the new password. 4. Click OK. 5. In the Windows Services, restart the BlackBerry Administration Service services. 6. Repeat steps 1 to 5 on each computer that hosts a BlackBerry Administration Service instance. If the default passwords have not been changed, this is a finding.

Check Text ( C-BBDS-00-000310_chk )

When you install the BlackBerry Administration Service, the setup application generates a password for the web.keystore file. The web.keystore file stores the SSL certificate that the BlackBerry Administration Service uses to authenticate with browsers. You can change the web keystore password after the installation process completes. All BlackBerry Administration Service instances in a BlackBerry Device Service domain must use the same web keystore password.

Before you begin: To verify the current password for the web.keystore file, log in to the BlackBerry Administration Service using an administrator account with the Security Administrator role. On the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view, click BlackBerry Administration Service, and check the Security settings section.

1. On a computer that hosts a BlackBerry Administration Service instance, open the BlackBerry Device Service Configuration tool.
2. On the Administration Service - Web Keystore tab, type the current password.
3. Type a new password and confirm the new password.
4. Click OK.
5. In the Windows Services, restart the BlackBerry Administration Service services.
6. Repeat steps 1 to 5 on each computer that hosts a BlackBerry Administration Service instance.

If the default passwords have not been changed, this is a finding.

Fix Text (F-BBDS-00-000310_fix)
Change the key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use from the default.