Hi, Just looking at the following Blackberry and certificate integration help: http://docs.blackberry.com/en/smartphone_users/deliverables/12617/Certificate_synchronization_basics_162712_11.jsp Has anyone used the Microsoft CA and integrated it with the Blackberry solution? Do they play nicely together? Thanks

I can't speak for the specific implementation outlined in your link as we have a different team that handles the BlackBerry portion, but speaking as a member of the cert team here - yes we have gotten blackberries to work here. Here are some of the 'lessons learned' from our team's experience: For signing/encrypting email you will need to get an S/MIME package for things to work. When installing the blackberry desktop manager, unless they have changed it in the last couple months you will need to do a custom install in order to select "Certificate Synchronization" option. There are bluetooth smartcard readers you can get so you can use the same cert whereever you use the card, otherwise you need to go through and export the certificate & private key to PKCS#12 (.pfx) and import from that file (not just import the certificate from the synch tool listing). You also need to configure a number of settings from the Desktop Management software for testing such as LDAP (base query is the LDAP DN for your domain - e.g. dc=com,dc=company, use simple authentication and SSL over port 636), OCSP (if available), CDP, etc. - once you have it figured out in test then you can probably do this via BES I would imagine. Make sure that the certs are published to AD when they are issued from your CA - it makes life a lot easier.

what a great summary - thank you Steve !