This article applies to BlackBerry Enterprise Server 4.x for Microsoft Exchange. It describes the configuration required on the BlackBerry Enterprise Server that is specific to enabling PGP Support Package for BlackBerry on handhelds.
Install SQL Schema (this step may not be required for BES 4.1)
- From the BlackBerry Manager, right click on BlackBerry Manager and select Properties.
- Click on the Policy Rules tab and then click Import Policy Definitions File.
- Import the schema file: sspolicytemplate.sql
- Click Apply.
Modify IT Policy
Now that you have installed the SQL Schema, the schema has installed a new set of IT Policies called "PGP Application Policy Group". To modify these attributes:
- From the BlackBerry Manager, right click a server and select IT Policy.
- In the Policy Name list, select Default.
- Click Edit for BES 4.x or click Properties for BES 4.x.
- Scroll down the list to PGP Application Policy Group and modify the 10 settings according to your company policy.
Note: The attribute PGP Force Encrypted Messages should be set to FALSE if you want the PGP Universal Server to determine whether or not messages should be encrypted. When this setting is attribute to TRUE, it will force all email to be encrypted so that if keys cannot be found, email for those recipients cannot be sent.
- Click OK.
|Caution: These IT Policy settings should be considered carefully because post-deployment changes to the settings may force users to re-enroll with the PGP Universal Server.|
Enable PGP Support
With this release of the BES, the PGP Support Package for BlackBerry will not function unless the BES S/MIME encryption setting is enabled. To do this follow these steps:
- From the BlackBerry Manager, right click on a server and select BlackBerry Server Properties.
- Click on the Message Options tab.
- Under Encrypted Messages put a check in the box labeled Support S/MIME encrypted messages on this server.
- Click Apply.
Configure Mobile Data Service LDAP Settings
- From the BlackBerry Manager, right click on a server and select Mobile Data Service Properties.
- Click on the LDAP tab.
- Under Host Name, enter the name of your PGP Universal Server (example: keys.example.com).
- Under Default Server Base Query, enter: o=Searchable%20PGP%20Keys.