Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.18
  3. Administration
  4. Securing connections using PKI
  5. Sending certificates to devices and apps using profiles
  6. Sending client certificates to devices and apps using SCEP

Sending client certificates to devices and apps using SCEP

You can use SCEP profiles to specify how devices and
BlackBerry Dynamics
 apps obtain client certificates from your organization's CA through a SCEP service. SCEP is an IETF protocol that simplifies the process of enrolling client certificates to a large number of devices or apps without any administrator input or approval required to issue each certificate. Devices and
BlackBerry Dynamics
 apps can use SCEP to request and obtain client certificates from a SCEP-compliant CA that is used by your organization.
The CA that you use must support challenge passwords. The CA uses challenge passwords to verify that the device or app is authorized to submit a certificate request.
To use SCEP in a
BlackBerry UEM Cloud
 environment, you must install the most recent version of the
BlackBerry Connectivity Node
 to allow
BlackBerry UEM Cloud
 to access your company directory.
If your organization uses an
Entrust
 CA or
OpenTrust
 CA, SCEP profiles are not supported for
Windows 10
 devices.