[. . . ] A certificate can be explicitly trusted (the certificate itself is trusted), implicitly trusted (the root certificate in the certificate chain is trusted on your BlackBerry® device), or not trusted (the certificate is not explicitly trusted and the root certificate in the certificate chain is not trusted or does not exist on your device). Expiration Date: This field displays the date that the certificate issuer specified as the expiration date of the certificate. Your device supports X. 509 and WTLS certificate formats. 3 Public Key Type: This field displays the standard to which the public key complies. Subject: This field displays information about the certificate subject. [. . . ] Server URL: Type the web address of the certificate server. Send connection information for a certificate server 1. Click Delete. 12 Key stores About the key store The key store on your BlackBerry® device might store the following items. To access these items in the key store, you must type a key store password. · personal certificates (certificate and private key pairs) · certificates that you download using the certificate synchronization tool of the BlackBerry® Desktop Manager · certificates that you download from an LDAP certificate server · certificates that you add from a message · personal PGP® keys (public and private key pairs) · PGP public keys that you download from an LDAP certificate server · PGP public keys that you add from a message · root certificates that are included in the BlackBerry® Desktop Software Change the key store password 1. Click Change Password. Change when your device deletes the key store password 1. Click Save. To access private keys after your BlackBerry® device deletes the key store password, you must type your key store password. Add contacts to your address book automatically when you add items to the key store 1. Click Save. Change the service that your device uses to download certificates Depending on your organization, you might not be able to change the service that you use to download certificates. Click Save. Turn off automatic backup of key store data By default, items in the key store on your BlackBerry® device are backed up or restored when you back up or restore your device data. If you do not want to back up your private key to or restore your private key from your computer for security reasons, you can turn off automatic backup and restore of key store data. Click Save. To turn on automatic backup of key store data, change the Allow Key Store Backup/Restore field to Yes. Change the refresh rate for certificate revocation lists 1. Click Save. Your BlackBerry® device downloads a new revocation status automatically when your device uses a key store item with a status that is older than the time limit that you set. Reject certificate revocation lists from unverified CRL servers 1. Click Save. Your BlackBerry® device rejects certificate revocation lists from CRL servers that the BlackBerry® MDS Connection Service cannot verify. 15 16 S/MIME-protected messages S/MIME-protected message basics About signing and encrypting messages You can digitally sign or encrypt messages to add another level of security to email messages and PIN messages that you send from your BlackBerry® device. Digital signatures are designed to help recipients verify the authenticity and integrity of messages that you send. When you digitally sign a message using your private key, recipients use your public key to verify that the message is from you and that the message has not been changed. When you encrypt a message, your device uses the recipient's public key to encrypt the message. To send an encrypted PIN message, you must have a PIN and an email address for the contact in your address book. Your device uses the email address in your address book to locate a PGP® key or certificate for the contact. Sign or encrypt a message You can sign or encrypt email messages and PIN messages. If necessary, change the Classification field. Attach a certificate to a message You can attach a certificate to email messages and PIN messages. Click Continue. Download the certificate used to sign or encrypt a message If a certificate is not included in a received message or is not already stored in the key store on your BlackBerry® device, you can download the certificate. In a message, highlight the encryption indicator or a digital signature indicator. Click Fetch Sender's Certificate. 17 Add a certificate from a message 1. Click Import Sender's certificate. Add a certificate from an attachment 1. [. . . ] Click Save. To turn on the prompt again, change the Warn about truncated messages field to Yes. Turn off the prompt that appears when you use an S/MIME certificate that is not recommended for use 1. To turn on the prompt again, change the Warn about problems with my certificates field to Yes. S/MIME-protected message troubleshooting Some signing and encryption options are not available on my device Try performing the following actions: · Verify that the email account that you are using supports all signing and encryption options. · If you use message classifications, verify that the message classification supports the signing or encryption options that you want. Try using a different message classification. I cannot open an attachment in an encrypted message The attachment information might not be available on the BlackBerry® Enterprise Server, your administrator might have set options to prevent you from opening attachments in encrypted messages, or you might have received the message from an email account that does not support attachments in encrypted messages. [. . . ]