Policy Reference Guide

Local Navigation

Certification Authority Profile policy group

The rules in the Certification Authority Profile policy group are used to create a certification authority profile for wireless certificate requests.

The previous name of this policy group was Certificate Authority Profile policy group.

Allow Private Key Export IT policy rule

Description

This rule specifies whether to prevent a BlackBerry® device user from exporting private keys that are included in the certification authority profile. A user can export private keys using the BlackBerry® Desktop Manager to back up BlackBerry device data or to synchronize certificates.

Related rules

The Disable Key Store Backup IT policy rule affects this rule. A device uses this rule only if the Disable Key Store Backup IT policy rule is configured to No.

Possible values

  • Yes
  • No

Default value

  • No

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Certificate Enrollment Delay IT policy rule

Description

This rule specifies the time that must elapse before a BlackBerry® device can initiate the certificate enrollment process. The device selects a time randomly within this specified time period to start the certificate enrollment process so that the BlackBerry® Enterprise Server receives certificate enrollment requests at different times. If the initial certificate enrollment process does not complete, the device uses this rule to specify a time to retry the certificate enrollment process.

Possible values

  • 0 to 24 hours

Default value

  • 1 hour

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry Enterprise Server 5.0

Certificate Expiry Window IT policy rule

Description

This rule specifies the number of days before a certificate expires that a BlackBerry® device generates a new certificate enrollment request to replace the expiring certificate.

Possible values

  • 1 to 30 days

Default value

  • 7 days

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Certification Authority Host IT policy rule

Description

This rule specifies the name of the certification authority server that is required in the certification authority profile (for example, http://<server>.<domain>).

The previous name of this rule was Certificate Authority Host IT policy rule.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Certification Authority Port IT policy rule

Description

This rule specifies the port number that the BlackBerry® MDS Connection Service can use to connect to the certification authority.

The previous name of this rule was Certificate Authority Port IT policy rule.

Possible values

  • 0 to 65,535

Default value

  • 80

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Certification Authority Profile Name IT policy rule

Description

This rule specifies a name for the certification authority profile that a BlackBerry® device requires for certificate enrollment requests over a wireless network. If you change this rule after the BlackBerry® Enterprise Server sends the certification authority profile to the device and you resend the IT policy, the device restarts the certificate enrollment process.

The previous name of this rule was Certificate Authority Profile Name IT policy rule.

Possible values

  • 0 to 32 characters

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry Enterprise Server 5.0

Certification Authority Profile Automatic Enrollment IT policy rule

Description

This rule specifies whether the certificate authority profile starts the enrollment process automatically for a BlackBerry® device.

The previous name of this rule was Certificate Authority Profile Required IT policy rule.

Possible values

  • Yes
  • No

Default value

  • Yes

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Certification Authority Type IT policy rule

Description

This rule specifies the type of certification authority that the BlackBerry® MDS Connection Service can access in your organization's environment.

The previous name of this rule was Certificate Authority Type IT policy rule.

Possible values

  • Microsoft® Enterprise certification authority
  • Microsoft stand-alone certification authority
  • RSA® certification authority

Default value

  • Microsoft Enterprise certification authority

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Common Name Components IT policy rule

Description

This rule specifies the information that appears in the common name of the certificate that the certification authority issues to a BlackBerry® device user.

Related rules

The Certification Authority Type IT policy rule affects this rule. If you change the Certification Authority Type IT policy rule to Microsoft® Enterprise certification authority and the Microsoft certification authority uses a template to build the subject name for the certificate from the Microsoft® Active Directory®, a BlackBerry device does not use this rule.

Possible values

  • User Name
  • Device PIN
  • Local Email Address

Default value

  • User Name
  • Device PIN

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Custom Microsoft Certification Authority Certificate Template IT policy rule

Description

This rule specifies a custom certificate template for the Microsoft® Enterprise certification authority.

The previous name of this rule was Custom Microsoft Certificate Authority Certificate Template IT policy rule.

Related rules

This rule affects the Microsoft Certification Authority Certificate Template IT policy rule. If you configure this rule, a BlackBerry® device does not use the Microsoft Certification Authority Certificate Template IT policy rule.

The Certification Authority Type IT policy rule affects this rule. A device uses this rule only if the Certification Authority Type IT policy rule is configured to Microsoft Enterprise.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Distinguished Name Components IT policy rule

Description

This rule specifies, in a comma-delimited list, the components that must appear in the distinguished name of the certificate (for example, C=Country, O=Organization, OU=Organizational Unit).

Related rules

The Certification Authority Type IT policy rule affects this rule. If you change the Certification Authority Type IT policy rule to Microsoft® Enterprise, and the Microsoft certification authority uses a template to build the subject name of the certificate from the Microsoft® Active Directory®, a BlackBerry® device does not use this rule.

Possible values

  • C=<Country>
  • L=<Locality>
  • O=<Organization>
  • OU=<Organizational_unit>
  • ST=<State_or_Province>

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Key Algorithm IT policy rule

Description

This rule specifies the algorithm that a BlackBerry® device uses to generate a public-private key pair.

Possible values

  • RSA®
  • DSA

Default value

  • RSA

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Key Length IT policy rule

Description

This rule specifies the size of the key that a BlackBerry® device generates. If you configure an unsupported key size, the device chooses the next strongest key size and generates the key.

Related rules

The Key Algorithm IT policy rule affects this rule. If you change the Key Algorithm rule to RSA®, you must configure the key size to be a multiple of 64. If you change the Key Algorithm rule to DSA, you must configure the key size to be 512,768, or 1024 bits.

Possible values

  • 512 to 16,384 bits

Default value

  • 1024 bits

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Microsoft Certification Authority Certificate Template IT policy rule

Description

This rule specifies the certificate template that the Microsoft® Enterprise certification authority uses to create a certificate.

The previous name of this rule was Microsoft Certificate Authority Certificate Template IT policy rule.

Related rules

The Certification Authority Type IT policy rule affects this rule. If you configure the Certification Authority Type IT policy rule to Microsoft Stand-alone or RSA®, a BlackBerry® device does not use this rule.

Possible values

  • Authenticated session
  • Smart Card user
  • User certificate

Default value

  • User certificate

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

RSA Certification Authority Certificate ID IT policy rule

Description

This rule specifies the MD5 certificate ID that is assigned to the RSA® certification authority.

The previous name of this rule was RSA Certificate Authority Certificate ID IT policy rule.

Related rules

The Certification Authority Type IT policy rule affects this rule. A BlackBerry® device uses this rule only if you change the Certification Authority Type IT policy rule to RSA.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

RSA Jurisdiction ID IT policy rule

Description

This rule specifies the unique domain ID that you assign to the RSA® certification authority.

Related rules

The Certification Authority Type IT policy rule affects this rule. A BlackBerry® device uses this rule only if you configure the Certification Authority Type IT policy rule to RSA.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 5.0

Rule introduction

  • BlackBerry® Enterprise Server 5.0

Was this information helpful? Send us your comments.