Skip Navigation

Sending certificates to devices and apps using profiles

You can send certificates to devices and apps using the following profiles available in the Policies and Profiles library:
Profile
Description
CA certificate
CA certificate profiles specify a CA certificate that devices and
BlackBerry Dynamics
apps can use to trust the identity associated with any client or server certificate that has been signed by that CA.
User credential
User credential profiles send certificates to devices in the following ways:
  • They can specify a connection to your organization's PKI software to send client certificates to devices and
    BlackBerry Dynamics
    apps.
  • They can allow you to manually upload certificates in
    BlackBerry UEM
    and, in an on-premises environment, allow users to upload certificates using
    BlackBerry UEM Self-Service
    .
  • They can allow
    BlackBerry Dynamics
    apps on
    Android
    devices and the
    BlackBerry Access
    app on
    macOS
    and
    Windows 10
    devices to use certificates from the device native keystore.
  • They can allow
    BlackBerry Dynamics
    apps to import certificates from other app-based PKI solutions such as
    Purebred
    .
SCEP
SCEP profiles specify how devices and
BlackBerry Dynamics
apps connect to, and obtain client certificates from, your organization's CA using a SCEP service.
Shared certificate
Shared certificate profiles specify a client certificate that
BlackBerry UEM
sends to
iOS
and
Android
devices.
BlackBerry UEM
sends the same client certificate to every user that the profile is assigned to.
For
iOS
and
Android
devices, you can also send a client certificate to a device by adding the certificate directly to a user account. For more information, see Add a client certificate to a user account.
For
iOS
and
Android
devices, if your organization uses certificates for S/MIME, you can also use profiles to allow devices to get recipient public keys and check certificate status. For more information, see Extending email security using S/MIME.
For
BlackBerry Dynamics
apps to use certificates sent by profiles, you must select "Allow
BlackBerry Dynamics
apps to use user certificates, SCEP profiles, and user credential profiles" in the settings for the app.