Creating user credential profiles for app-based certificates
App-based PKI solutions such as
Purebred
include an app installed on a device that communicates with a CA to enroll certificates and add them to the device. You can use an app-based PKI solution to provide certificates for use by BlackBerry
Dynamics
apps.To use an app-based PKI solution with
iOS
devices, you must add a connection between BlackBerry UEM
and the PKI provider. This task is not required to use an app-based PKI solution with only Android
devices.If the PKI app that retrieves certificates from the CA is not a
BlackBerry
Dynamics
app, the BlackBerry UEM Client
communicates with the PKI app to get the certificates and provide them to BlackBerry
Dynamics
apps.If you send more than one certificate to devices using this method, it is recommended that you set up multiple user credential profiles with each profile using a different type of certificate. If you use a single profile instance for multiple certificates, there is no indication if any certificates are missing. For example, if a profile includes separate encryption, signing, and authentication certificates and only the signing and authentication certificates are imported, it appears on the device that the that the import was successful even though the encryption certificate is missing. However, if you set up three separate user credential profiles and the encryption certificate is missing, the issue is apparent.