Providing client certificates to devices and apps
You and users can send client certificates to devices and apps in several ways.
How the certificate is added | Description | Supported devices |
|---|---|---|
During device activation | BlackBerry UEM sends certificates to devices during the activation process. Devices use these certificates to establish secure connections between the device and BlackBerry UEM . | All |
SCEP profiles | You can create SCEP profiles that devices use to connect to, and obtain client certificates from, your organization's CA using a SCEP service. Devices and BlackBerry
Dynamics apps can use these certificates for certificate-based authentication and to connect to your work Wi-Fi network, work VPN, and work mail server. | iOS macOS Android Windows 10 |
Connection to your organization's PKI solution | If your organization uses a PKI solution, such as Entrust or OpenTrust software products, to issue and manage certificates, you can create user credential profiles that devices use to get client certificates from your organization's CA. BlackBerry
Dynamics enabled devices use these certificates for certificate-based authentication from BlackBerry
Dynamics apps. Other devices use these certificates for certificate-based authentication from the browser, and to connect to your work Wi-Fi network, work VPN, and work mail server. | iOS macOS (for BlackBerry Access only)Android Windows 10 (for BlackBerry Access only) |
Shared certificate profiles | A shared certificate profile specifies a client certificate that BlackBerry UEM sends to iOS , macOS , and Android devices. BlackBerry UEM sends the same client certificate to every user that the profile is assigned to.The administrator must have access to the certificate and private key to create a shared certificate profile. | iOS macOS Android |
Sending client certificates to individual user accounts | You can add a client certificate to a user account. BlackBerry UEM can send the certificate to the user's iOS and Android devices.If the certificate is associated with a user credential profile, devices can use these certificates to connect to your work Wi-Fi network, work VPN, and work mail server.The administrator must have access to the certificate and private key to send the client certificate to the user. | iOS Android |
User upload to UEM Self-Service | If your organization has an on-premises BlackBerry UEM environment, users can upload certificates to BlackBerry UEM Self-Service . BlackBerry UEM then pushes the certificate to the users devices.If the certificate is associated with a user credential profile, devices and BlackBerry
Dynamics apps can use these certificates for certificate-based authentication and to connect to your work Wi-Fi network, work VPN, and work mail server.This feature is not supported in BlackBerry UEM Cloud . | iOS Android |
User import | On BlackBerry 10 devices, users can import client certificates into the device's certificate store in the "Security and Privacy" section of the "System Settings". Certificates intended for use by the work browser or for sending S/MIME-protected messages from the work email account can be imported from the file system on the device or from a network location that is accessible from the work space.On Android devices, users can add certificates to the device native keystore for use with BlackBerry
Dynamics apps. | Android |