Skip Navigation

Creating user credential profiles for app-based certificates

App-based PKI solutions such as 
Purebred
 include an app installed on a device that communicates with a CA to enroll certificates and add them to the device. You can use an app-based PKI solution to provide certificates for use by 
BlackBerry Dynamics
 apps.
To use an app-based PKI solution with 
iOS
 devices, you must add a connection between 
BlackBerry UEM
 and the PKI provider. This task is not required to use an app-based PKI solution with only 
Android
 devices.
If the PKI app that retrieves certificates from the CA is not a 
BlackBerry Dynamics
 app, the 
BlackBerry UEM Client
 communicates with the PKI app to get the certificates and provide them to 
BlackBerry Dynamics
 apps.
If you send more than one certificate to devices using this method, it is recommended that you set up multiple user credential profiles with each profile using a different type of certificate. If you use a single profile instance for multiple certificates, there is no indication if any certificates are missing. For example, if a profile includes separate encryption, signing, and authentication certificates and only the signing and authentication certificates are imported, it appears on the device that the that the import was successful even though the encryption certificate is missing. However, if you set up three separate user credential profiles and the encryption certificate is missing, the issue is apparent.