What is the BlackBerry Dynamics SDK?
- BlackBerry Dynamics API reference
- Key features of the BlackBerry Dynamics SDK
Requirements and support for platform-specific features
Steps to get started with the BlackBerry Dynamics SDK
Integrating optional features
Integrating BlackBerry Analytics
- Remove the previous integration with the separate BlackBerry Analytics SDK
- Using the BlackBerry Analytics REST API
  - Get a JWT token for REST API calls
Sample apps
Testing and troubleshooting
Deploying your BlackBerry Dynamics app
- Configuring library version compliance
- Instructing users to trust the signing certificate
Deploying certificates to BlackBerry Dynamics apps
- Using Personal Information Exchange files
  - Configuring support for client certificates
  - Certificate requirements
- Using Kerberos

Using Personal Information Exchange files

An organization can deploy corporate services that require two-way SSL/TLS authentication for users. A user is issued a password-protected Personal Information Exchange file (PKCS12 format, .p12 or .pfx) containing an SSL/TLS client certificate and a private key. This file can be provided to

BlackBerry Dynamics

apps to grant access to secure corporate services.

The

BlackBerry Dynamics SDK

supports the use of Personal Information Exchange files to authenticate

BlackBerry Dynamics

apps and to access secure services. All of the required operations to support client certificates are carried out by the

BlackBerry Dynamics Runtime

, with no additional programming required to handle the authentication challenge. For more information on how this is handled, refer to HttpViewController.swift in the Dynamics-iOS-Swift sample app. The app can use client certificates if:

The app uses the

BlackBerry Dynamics

Secure Communication Networking APIs.

The device user’s

UEM

account is configured to support certificates.

The certificates satisfy the certificate requirements.

After a user activates a

BlackBerry Dynamics

app, the app receives the Personal Information Exchange files. For each file, the user is prompted to provide the issued password so that the files and identification material can be installed. When this process is complete, the app can access the server resources that require two-way SSL/TLS authentication.

If more than one Personal Information Exchange file is required per user, the

BlackBerry Dynamics Runtime

selects the appropriate certificate using the following criteria:

Only client certificates that are suitable for SSL/TLS client authentication are eligible to send to the server. Certificates must have no Key Usage or Extended Key Usage, or Key Usage that contains “Digital Signature" or "Key Agreement”, or Extended Key Usage that contains "TLS Web Client Authentication”. Key Usages and Extended Key Usages must not contradict allowances for SSL/TLS client authentication.

If the server advertises the client certificate authority in the SSL/TLS handshake, only client certificates that have been issued by that authority are considered.

Expired certificates and certificates that are not yet valid cannot be selected.

If more than one certificate satisfies the above criteria, the

BlackBerry Dynamics Runtime

selects the most recently issued certificate.

Section:

Deploying certificates to BlackBerry Dynamics apps

Configuring support for client certificates

Certificate requirements