Using Personal Information Exchange files

An organization can deploy corporate services that require two-way SSL/TLS authentication for users. A user is issued a password-protected Personal Information Exchange file (PKCS12 format, .p12 or .pfx) containing an SSL/TLS client certificate and a private key. This file can be provided to 
BlackBerry Dynamics
 apps to grant access to secure corporate services.
The 
BlackBerry Dynamics SDK
 supports the use of Personal Information Exchange files to authenticate 
BlackBerry Dynamics
 apps and to access secure services. All of the required operations to support client certificates are carried out by the 
BlackBerry Dynamics Runtime
, with no additional programming required. The app can use client certificates if:
After a user activates a 
BlackBerry Dynamics
 app, the app receives the Personal Information Exchange files. For each file, the user is prompted to provide the issued password so that the files and identification material can be installed. When this process is complete, the app can access the server resources that require two-way SSL/TLS authentication.
If more than one Personal Information Exchange file is required per user, the 
BlackBerry Dynamics Runtime
 selects the appropriate certificate using the following criteria:
  1. Only client certificates that are suitable for SSL/TLS client authentication are eligible to send to the server. Certificates must have no Key Usage or Extended Key Usage, or Key Usage that contains “Digital Signature" or "Key Agreement”, or Extended Key Usage that contains "TLS Web Client Authentication”. Key Usages and Extended Key Usages must not contradict allowances for SSL/TLS client authentication.
  2. If the server advertises the client certificate authority in the SSL/TLS handshake, only client certificates that have been issued by that authority are considered.
  3. Expired certificates and certificates that are not yet valid cannot be selected.
  4. If more than one certificate satisfies the above criteria, the 
    BlackBerry Dynamics Runtime
     selects the most recently issued certificate.