2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Change the Accept Unverified CRLs field to No.
6. Press the Menu key.
7. Click Save.
Your BlackBerry® device rejects certificate revocation lists from CRL servers that the BlackBerry® MDS Connection Service cannot verify.
Smart cards
About using a smart card with your device
Smart cards store certificates and private keys. You can use a smart card reader to import certificates from a smart card to the key store on
your BlackBerry® device, but you cannot import private keys. As a result, private key operations such as signing and decryption use the smart
card, and public key operations such as verification and encryption use the public certificates on your device.
If you use a smart card certificate to authenticate with your device, after you connect your smart card reader to your device, your device requests
authentication from the smart card each time that you unlock your device.
You can install multiple smart card drivers on your device, including drivers for microSD smart cards, but you can only authenticate to one smart
card at a time. If you are authenticating using a microSD smart card and you want to transfer media files between your microSD smart card
and your computer in mass storage mode, you must temporarily turn off two-factor authentication or select a different authentication option.
If the S/MIME Support Package for BlackBerry® devices is installed on your device, you can use smart card certificates to send S/MIME-
protected messages.
About two-factor authentication
Two-factor authentication is designed to provide additional security for your BlackBerry® device. Two-factor authentication requires an item
that you have (for example, a smart card) and an item that you know (for example, a pass phrase). You can also use the connection to your
smart card reader to authenticate, without requiring a smart card to be present.
You can use a smart card for two-factor authentication when you unlock your device, or you can use a software token for two-factor authentication
when you use your device with RSA® software as a hardware token. If you have a Wi-Fi® enabled BlackBerry device, you can also use a software
token for two-factor authentication when you log in to a VPN or connect to a Wi-Fi network.
Depending on your BlackBerry device model and the two-factor authentication settings that you choose, you might need to type your pass
phrase when you perform one of the following actions:
• unlock your BlackBerry device
• change a general security option on your BlackBerry device
• change a smart card option
• use your BlackBerry device with RSA software
User Guide
Security
292