Deploying certificates to 
BlackBerry Dynamics
 apps

You can use any of the following options to deploy certificates to 
BlackBerry Dynamics
 apps. Each method requires configuration in the 
BlackBerry UEM
 or standalone 
Good Control
 management console. Coordinate with your organization's administrator to select and configure the desired option.
Option
For more information
Personal Information Exchange files
CA certificate profile
See Sending CA certificates to devices and apps in the 
UEM Administration Guide
.
User credential profile
SCEP profile
See Sending client certificates to devices and apps using SCEP in the 
UEM Administration Guide
.
Shared certificate profile
See Sending the same client certificate to multiple devices in the 
UEM Administration Guide
.
After certificates are distributed to a user's device, those certificates are shared and used by all of the 
BlackBerry Dynamics
 apps on the device. No additional programming is required by the app developer to support client certificates.
The management server and 
BlackBerry Dynamics
 apps also support the use of 
Kerberos
 for service authentication. For more information, see Using Kerberos in this section.
The SDK also provides a Crypto C language programming interface that allows an app to retrieve public key certificates that are stored in the 
BlackBerry Dynamics
 credentials store and use those certificates for signing and verification of messages and documents such as PDFs. Note that 
BlackBerry Infrastructure
 certificates cannot be retrieved from the store and that the private key will remain inaccessible. For more information, see the Crypto C Programming Interface appendix (Android/iOS) in the API reference.