BlackBerry
Dynamics: SCEP profile settings
BlackBerry
Dynamics
: SCEP profile settingsThese settings apply to SCEP certificates used with
BlackBerry
Dynamics
apps on iOS
and Android
devices.BlackBerry
Dynamics : SCEP profile setting | Description |
|---|---|
Subject | This setting specifies the subject for the certificate, if required for your organization's SCEP configuration. Type the subject in the format "/CN= <common_name> ,O=<domain_name> " If the profile is for multiple users, you can use a variable, for example: %UserDistinguishedName%. |
SAN type | This setting specifies the subject alternative name type for the certificate, if it is required. Possible values:
The default value is "RFC 822 name." |
SAN value | This setting specifies the subject alternative representation of the certificate subject. The value must be an email address, the DNS name of the CA server, the fully qualified URL of the server, or principal name. The "SAN type" setting determines the appropriate value to specify. If set to "RFC822 name," the value must be a valid email address. If set to "URI," the value must be a valid URL that includes the protocol and FQDN or IP address. If set to "NT principal name," the value must be a valid principal name. If set to "DNS name," the value must be a valid FQDN. |
Key algorithm | This setting specifies the algorithm used to generate the client key pair. You must select an algorithm that is supported by your CA. Possible values: RSA |
RSA strength | This setting specifies the RSA strength used to generate the client key pair. You must enter a key strength that is supported by your CA.This setting is valid only if the "Key algorithm" setting is set to " RSA .".Possible values:
The default value is "2048." |
Encryption algorithm | This setting specifies the encryption algorithm used for the certificate enrollment request. Possible values:
The default value is "Triple DES." |
Hash function | This setting specifies the hash function used for the certificate enrollment request. Possible values:
The default value is "SHA-256." |
Certificate thumbprint | This setting specifies the hexadecimal-encoded hash of the root certificate for the CA. You can use one of the following algorithms to specify the thumbprint: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. MD5 is supported only if "Enable FIPS" is not selected in the BlackBerry
Dynamics profile. |
Automatic renewal | This setting specifies how many days before a certificate expires that automatic certificate renewal occurs. The possible values are 1 to 365. The default value is "30." |
Key usage | This setting specifies the cryptographic operations that can be performed using the public key that is contained in the certificate. Possible selections:
The default selections are "Digital signature," "Key encipherment," and "Key agreement." |
Extended key usage | This setting specifies the purpose of the key that is contained in the certificate. Possible selections:
The default selection is "Client authentication." |
App restrictions | This setting specifies which BlackBerry
Dynamics apps can use the certificate.Possible values:
The default selection is "Allow all apps to use certificates." |
Apps allowed to use SCEP | This setting specifies the BlackBerry
Dynamics apps that are allowed to use SCEP certificates.This setting is valid only if the "App restrictions" setting is set to "Allow specified apps to use certificates." |
Delete expired certificates | This setting specifies whether the device deletes expired certificates. |
Remove duplicate certificates | This setting specifies whether the device deletes duplicate certificates. The device deletes the certificate that has the earliest start date. |