Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.19
  3. Managing secure connections
  4. Using PKI certificates with devices or apps
  5. Sending certificates to devices and apps using profiles
  6. Create a user credential profile to connect to your BlackBerry Dynamics PKI connector
  7. Configure BlackBerry Dynamics apps to use app-based certificates

Configure
BlackBerry Dynamics
 apps to use app-based certificates

BlackBerry Dynamics
 apps automatically select which certificate to use for S/MIME and for authentication over TLS connections based on the key usage and extended key usage properties in the certificates. If two or more certificates have same set of properties, apps may not be able to resolve which certificate to use for TLS authentication. You can help apps determine which certificate to use by following the steps below.
Make sure you have completed one of the following:
  1. In the
    UEM
     management console, on the menu bar, click
    Apps
    .
  2. In the app list, select the app (for example,
    BlackBerry Work
     or
    BlackBerry Access
    ).
  3. Select the
    Allow BlackBerry Dynamics apps to use user certificates, SCEP profiles, and user credential profiles
     check box.
  4. If you are configuring
    BlackBerry Work
    , in the
    App configuration
     section, click The Add icon and perform one of the following tasks:
    Task
    Steps
    Configure
    BlackBerry Work
     when your organization is using
    BEMS
    1. On the
      Basic Configuration
       tab, in the
      Security Settings
       section, select the
      Use client certificate in place of login/password
      checkbox.
    2. To enable automatic discovery of the
      Microsoft Exchange
       server that the users are on, in the
      Client Settings
       section, select the
      Use BEMS to perform Autodiscover of the EAS/EWS endpoint for the user
      checkbox.
    3. On the
      Advanced Configuration
       tab, in the
      TLS Certificate Settings
       section, type the name of the user credential profile for the device.
    Configure
    BlackBerry Work
     when your organization is not using
    BEMS
    1. Click the
      Basic Configuration
       tab.
    2. If your server uses the domain name\user login format, in the
      Exchange ActiveSync Settings
       section, in the
      Default Domain
       field, specify the default
      Windows NT
       Domain that
      BlackBerry Work
       connects to when users log in.
    3. In the
      Active Sync Server
       field, specify the default
      Exchange ActiveSync
       server that
      BlackBerry Work
       connects to when users log in to
      BlackBerry Work
       (for example, cas.mydomain.com).
    4. In the
      Autodiscover URL
       field, specify the autodiscover URL, if known. This speeds up the auto discover setup process (for example, https://autodiscover.mydomain.com).
    5. In the
      Autodiscover Connection Timeout in Seconds (iOS only)
       field, specify the autodiscover connection timeout in seconds.
    6. In the
      TLS Certificate Settings
      section, in the
      User Credential Profile Name
       field, type the name of the user credential profile.
  5. Click
    Save
    .
Create app-based PKI solution to use with the following devices: