Connect BlackBerry UEM to a BlackBerry
Dynamics PKI connector
BlackBerry UEMto a
BlackBerry DynamicsPKI connector
If you want to use your organization's PKI software to enroll certificates for
BlackBerry Dynamicsapps, and your PKI software isn't supported for a direct connection with
BlackBerry UEM, you can set up a
BlackBerry DynamicsPKI connector to communicate with your CA and link
BlackBerry UEMto the PKI connector.
BlackBerry UEM Cloudenvironment, if the PKI connector is behind a firewall, you must have a
BlackBerry Connectivity Nodeinstalled to allow UEM to communicate with the PKI connector through the
BlackBerry Cloud Connector.
A PKI connector is a set of
Javaprograms and web services on a back-end server that allows
BlackBerry UEMto send certificate requests and receive responses from the CA.
BlackBerry UEMuses the
BlackBerry Dynamicsuser certificate management protocol to communicate with the PKI connector. This protocol runs over HTTPS and defines JSON-formatted messages. For more information on setting up a
BlackBerry DynamicsPKI connector, see the User Certificate Management Protocol and PKI Connector documentation.
Set up a
BlackBerry DynamicsPKI connector.
- On the menu bar, clickSettings > External integration > Certificate authority.
- ClickAdd a BlackBerry Dynamics PKI connection.
- In theConnection namefield, type a name for the connection.
- In theURLfield, type the URL of the PKI connector.
- Select one of the following options:
- Authenticate with username and password: Choose this option ifBlackBerry UEMauthenticates with theBlackBerry DynamicsPKI Connector using password-based authentication.
- Authenticate with client certificate: Choose this option ifBlackBerry UEMauthenticates with theBlackBerry DynamicsPKI Connector using certificate-based authentication.
- If you selectedAuthenticate with username and password, in theUsernameandPasswordfields, type the username and password for theBlackBerry DynamicsPKI connector.
- If you selectedAuthenticate with client certificate, clickBrowseto select and upload a certificate that is trusted by theBlackBerry DynamicsPKI Connector. In theClient certificate passwordfield, type the password for the certificate.
- In theTrusted certificate for the PKI connectorsection you can specify the certificate thatBlackBerry UEMuses to trust connections to the PKI connector, select one of the following options:
- CA certificate from BlackBerry Control TrustStore
- CA certificate: If you select this option you must click Browse to navigate to and select your organization's CA certificate.
- PKI connector server certificate: If you select this option you must click Browse to navigate to and select your organization's PKI connector server certificate.
- To test the connection, clickTest connection.