Configure the authentication of BlackBerry
Dynamics apps in the DMZ
BlackBerry
Dynamics
apps in the DMZTo authenticate
BlackBerry
Dynamics
apps in the DMZ, you must configure your own TLS server certificate for Direct Connect
from the BlackBerry UEM
management console (Settings
> Infrastructure
> Server certificates
and select the BlackBerry Dynamics certificates
tab). This allows the BlackBerry
Dynamics
app to trust the TLS server certificate that will be used by the SSL bridging appliance to terminate the Direct Connect
TLS connection.Server certificate requirements
When you replace the
Direct Connect
certificate through the UEM management console (see Changing the certificates that BlackBerry UEM uses for authentication), the certificate file must include the entire certificate chain. You must provide the PKCS 12 file, which has the key-pair for the BlackBerry Proxy
and the complete certificate chain ending in the root Certificate Authority (CA). These required root CA and Intermediate certificate authorities are then automatically sent to the BlackBerry
Dynamics
containers, while the full certificate chain is also sent to the BlackBerry Proxy
. You do not need to create a CA certificate profile to send to the BlackBerry
Dynamics
app.This is the server certificate that the SSL bridging appliance uses for the TLS connection to the
BlackBerry Proxy
. Client certificate requirements
To authenticate
BlackBerry
Dynamics
apps in the DMZ, you must provide client certificates to the BlackBerry
Dynamics
apps from your enterprise certificate authority using one of the certificate distribution mechanisms supported by BlackBerry UEM
. You must also configure the load balancer to challenge the BlackBerry
Dynamics
apps to authenticate the TLS connection with the client certificates.