The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-39037	BBDS-00-000310	SV-50842r2_rule		Low

Description
The key store password protects the server digital authentication certificates from unauthorized use.

STIG	Date
BlackBerry Enterprise Service v10.1.x BlackBerry Device Service STIG	2014-10-06

Details

Check Text ( C-46480r3_chk )
Review the BlackBerry Device Service server configuration to ensure key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use has been changed from the default. When the BlackBerry Administration Service is installed, the setup application generates a password for the web.keystore file. The web.keystore file stores the SSL certificate that the BlackBerry Administration Service uses to authenticate with browsers. You can change the web keystore password after the installation process completes. All BlackBerry Administration Service instances in a BlackBerry Device Service domain must use the same web keystore password. Consult the system administrator to determine whteher the default password was changed. If the default password has not been changed, this is a finding. To change the web.keystore password, use the following procedure: Before you begin: To verify the current password for the web.keystore file, log in to the BlackBerry Administration Service using an administrator account with the Security Administrator role. Under "Servers and components" on the left side, navigate to "BlackBerry Solution topology > BlackBerry Domain> Component view > BlackBerry Administration Service", and check the "Security settings" section. 1. From the Windows machine with BlackBerry Enterprise Service 10, navigate to "Start > All Programs > BlackBerry Enterprise Service 10" and open "Configuration Tool for BlackBerry Enterprise Service 10". 2. On the "Administration Service - Web Keystore" tab, type the current password. 3. Type a new password and confirm the new password. 4. Click "OK". 5. In the Windows Services, restart the BlackBerry Administration Service services. 6. Repeat steps 1 to 5 on each computer that hosts a BlackBerry Administration Service instance.

Check Text ( C-46480r3_chk )

Review the BlackBerry Device Service server configuration to ensure key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use has been changed from the default. When the BlackBerry Administration Service is installed, the setup application generates a password for the web.keystore file. The web.keystore file stores the SSL certificate that the BlackBerry Administration Service uses to authenticate with browsers. You can change the web keystore password after the installation process completes. All BlackBerry Administration Service instances in a BlackBerry Device Service domain must use the same web keystore password. Consult the system administrator to determine whteher the default password was changed. If the default password has not been changed, this is a finding.

To change the web.keystore password, use the following procedure:

Before you begin: To verify the current password for the web.keystore file, log in to the BlackBerry Administration Service using an administrator account with the Security Administrator role. Under "Servers and components" on the left side, navigate to "BlackBerry Solution topology > BlackBerry Domain> Component view > BlackBerry Administration Service", and check the "Security settings" section.

1. From the Windows machine with BlackBerry Enterprise Service 10, navigate to "Start > All Programs > BlackBerry Enterprise Service 10" and open "Configuration Tool for BlackBerry Enterprise Service 10".
2. On the "Administration Service - Web Keystore" tab, type the current password.
3. Type a new password and confirm the new password.
4. Click "OK".
5. In the Windows Services, restart the BlackBerry Administration Service services.
6. Repeat steps 1 to 5 on each computer that hosts a BlackBerry Administration Service instance.

Fix Text (F-43994r1_fix)
Change the key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use from the default.