Skip Navigation

Connect
BlackBerry UEM
to your organization's
OpenTrust
software

To extend
OpenTrust
certificate-based authentication to devices, you must add a connection to your organization's
OpenTrust
software.
BlackBerry UEM
supports integration with
OpenTrust
PKI 4.8.0 and later and
OpenTrust CMS
2.0.4 and later. This connection is not supported by
BlackBerry Dynamics
apps.
Contact your organization’s
OpenTrust
administrator to obtain the URL of the
OpenTrust
server, the client-side certificate that contains the private key (.pfx or .p12 format), and the certificate password.
  1. On the menu bar, click
    Settings > External integration > Certificate authority
    .
  2. Click
    Add an OpenTrust connection
    .
  3. In the
    Connection name
    field, type a name for the connection.
  4. In the
    URL
    field, type the URL of the
    OpenTrust
    software.
  5. Click
    Browse
    . Navigate to and select the client-side certificate that
    BlackBerry UEM
    can use to authenticate the connection to the
    OpenTrust
    server.
  6. In the
    Certificate password
    field, type the password for the
    OpenTrust
    server certificate.
  7. To test the connection, click
    Test connection
    .
  8. Click
    Save
    .
  • When you use the
    UEM
    connection with
    OpenTrust
    software to distribute certificates to devices, there may be a short delay before the certificates are valid. This delay might cause issues with email authentication during the device activation process. To resolve this issue, in the
    OpenTrust
    software, configure the
    OpenTrust
    CA and set "Backdate Certificates (seconds)" to 180.