Description

This rule specifies whether to prevent a BlackBerry® device user from exporting private keys that are included in the certification authority profile. A user can export private keys using the BlackBerry® Desktop Manager to back up BlackBerry device data or to synchronize certificates.

Related rules

The Disable Key Store Backup IT policy rule affects this rule. A device uses this rule only if the Disable Key Store Backup IT policy rule is configured to No.

Possible values

• Yes
• No

Default value

• No

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the time that must elapse before a BlackBerry® device can initiate the certificate enrollment process. The device selects a time randomly within this specified time period to start the certificate enrollment process so that the BlackBerry® Enterprise Server receives certificate enrollment requests at different times. If the initial certificate enrollment process does not complete, the device uses this rule to specify a time to retry the certificate enrollment process.

Possible values

• 0 to 24 hours

Default value

• 1 hour

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry Enterprise Server 5.0

Description

This rule specifies the number of days before a certificate expires that a BlackBerry® device generates a new certificate enrollment request to replace the expiring certificate.

Possible values

• 1 to 30 days

Default value

• 7 days

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the name of the certification authority server that is required in the certification authority profile (for example, http://<server>.<domain>).

The previous name of this rule was Certificate Authority Host IT policy rule.

Default value

• Null value

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the port number that the BlackBerry® MDS Connection Service can use to connect to the certification authority.

The previous name of this rule was Certificate Authority Port IT policy rule.

Possible values

• 0 to 65,535

Default value

• 80

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies a name for the certification authority profile that a BlackBerry® device requires for certificate enrollment requests over a wireless network. If you change this rule after the BlackBerry® Enterprise Server sends the certification authority profile to the device and you resend the IT policy, the device restarts the certificate enrollment process.

The previous name of this rule was Certificate Authority Profile Name IT policy rule.

Possible values

• 0 to 32 characters

Default value

• Null value

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry Enterprise Server 5.0

Description

This rule specifies whether the certificate authority profile starts the enrollment process automatically for a BlackBerry® device.

The previous name of this rule was Certificate Authority Profile Required IT policy rule.

Possible values

• Yes
• No

Default value

• Yes

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the type of certification authority that the BlackBerry® MDS Connection Service can access in your organization's environment.

The previous name of this rule was Certificate Authority Type IT policy rule.

Possible values

• Microsoft® Enterprise certification authority
• Microsoft stand-alone certification authority
• RSA® certification authority

Default value

• Microsoft Enterprise certification authority

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the information that appears in the common name of the certificate that the certification authority issues to a BlackBerry® device user.

Related rules

The Certification Authority Type IT policy rule affects this rule. If you change the Certification Authority Type IT policy rule to Microsoft® Enterprise certification authority and the Microsoft certification authority uses a template to build the subject name for the certificate from the Microsoft® Active Directory®, a BlackBerry device does not use this rule.

Possible values

• User Name
• Device PIN
• Local Email Address

Default value

• User Name
• Device PIN

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies a custom certificate template for the Microsoft® Enterprise certification authority.

The previous name of this rule was Custom Microsoft Certificate Authority Certificate Template IT policy rule.

Related rules

This rule affects the Microsoft Certification Authority Certificate Template IT policy rule. If you configure this rule, a BlackBerry® device does not use the Microsoft Certification Authority Certificate Template IT policy rule.

The Certification Authority Type IT policy rule affects this rule. A device uses this rule only if the Certification Authority Type IT policy rule is configured to Microsoft Enterprise.

Default value

• Null value

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies, in a comma-delimited list, the components that must appear in the distinguished name of the certificate (for example, C=Country, O=Organization, OU=Organizational Unit).

Related rules

The Certification Authority Type IT policy rule affects this rule. If you change the Certification Authority Type IT policy rule to Microsoft® Enterprise, and the Microsoft certification authority uses a template to build the subject name of the certificate from the Microsoft® Active Directory®, a BlackBerry® device does not use this rule.

Possible values

• C=<Country>
• L=<Locality>
• O=<Organization>
• OU=<Organizational_unit>
• ST=<State_or_Province>

Default value

• Null value

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the algorithm that a BlackBerry® device uses to generate a public-private key pair.

Possible values

• RSA®
• DSA

Default value

• RSA

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the size of the key that a BlackBerry® device generates. If you configure an unsupported key size, the device chooses the next strongest key size and generates the key.

Related rules

The Key Algorithm IT policy rule affects this rule. If you change the Key Algorithm rule to RSA®, you must configure the key size to be a multiple of 64. If you change the Key Algorithm rule to DSA, you must configure the key size to be 512,768, or 1024 bits.

Possible values

• 512 to 16,384 bits

Default value

• 1024 bits

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the certificate template that the Microsoft® Enterprise certification authority uses to create a certificate.

The previous name of this rule was Microsoft Certificate Authority Certificate Template IT policy rule.

Related rules

The Certification Authority Type IT policy rule affects this rule. If you configure the Certification Authority Type IT policy rule to Microsoft Stand-alone or RSA®, a BlackBerry® device does not use this rule.

Possible values

• Authenticated session
• Smart Card user
• User certificate

Default value

• User certificate

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the MD5 certificate ID that is assigned to the RSA® certification authority.

The previous name of this rule was RSA Certificate Authority Certificate ID IT policy rule.

Related rules

The Certification Authority Type IT policy rule affects this rule. A BlackBerry® device uses this rule only if you change the Certification Authority Type IT policy rule to RSA.

Default value

• Null value

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0

Description

This rule specifies the unique domain ID that you assign to the RSA® certification authority.

Related rules

The Certification Authority Type IT policy rule affects this rule. A BlackBerry® device uses this rule only if you configure the Certification Authority Type IT policy rule to RSA.

Default value

• Null value

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server 5.0