Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Dynamics SDK for Cordova 12.1
  3. BlackBerry Dynamics SDK for Cordova Development Guide
  4. Deploying certificates to BlackBerry Dynamics apps
  5. Using Personal Information Exchange files
  6. Certificate requirements

Certificate requirements

  • Client certificates must be in PKCS12 format, with the Certificate Authority (CA), public key, and private key in the same file.
  • The PKCS12 file must have a .p12 or .pfx extension
  • The PKCS12 file must be password-protected
  • The source of the certificate can be your own internal CA, a well-known public CA, or an online tool such as 
    OpenSSL
     or the 
    Java
     keytool. You can use the following keytool example to generate a certificate, substituting your own values as required: 
keytool -genkeypair -alias good123 -keystore good123.pfx -storepass good123 -validity 365 -keyalg RSA -keysize 2048 -storetype pkcs12
  • If the organization’s security policy uses FIPS standards, Personal Information Exchange files must be encrypted with FIPS-strength ciphers. If Personal Information Exchange files use a weak cipher, which is common for third-party applications when exporting identity material, you can use a tool like 
    OpenSSL
     to re-encrypt the files with a FIPS-strength cipher. See the following example:
openssl pkcs12 -in weak.p12 -nodes -out decrypted.pem
        
<enter password>

        openssl pkcs12 -export -in decrypted.pem -keypbe AES-128-CBC -certpbe  AES-128-CBC -out strong.p12
       
<enter password>

           rm decrypted.pem