Skip Navigation

Changing
BlackBerry UEM
certificates

When you install
BlackBerry UEM
, the setup application generates several self-signed certificates that are used to authenticate communication between various
UEM
components and with devices. You can change the certificates if your organization's security policy requires that certificates be signed by your organization's CA or if you want to use certificates issued by a CA that devices and browsers already trust.
If problems occur when you change a certificate, communication between
UEM
components and between
UEM
and devices can be disrupted. If you choose to change any certificates, plan and test the change carefully.
You can change the following certificates:
Certificate
Description
SSL certificate for consoles
An SSL certificate that the
BlackBerry UEM
management console and
BlackBerry UEM Self-Service
use to authenticate browsers.
If you configure high availability, the certificate must have the name of the
BlackBerry UEM
domain. You can find the
BlackBerry UEM
domain name in the management console under Settings > Infrastructure > Instances.
SSL certificates for
BlackBerry Web Services
An SSL certificate that the
BlackBerry Web Services
use to authenticate applications that use the
BlackBerry Web Services
APIs to manage
BlackBerry UEM
.
If you configure high availability, the certificate must have the name of the
BlackBerry UEM
domain. You can find the
BlackBerry UEM
domain name in the management console under Settings > Infrastructure > Instances.
Apple
profile signing certificate
A certificate that
BlackBerry UEM
uses to sign the MDM profile that users must accept when they activate
iOS
devices.
If you are using a certificate signed by a CA, make sure that root certificate for the CA is installed on users'
iOS
devices before activation.
SSL certificate for
BlackBerry Dynamics
apps
An SSL certificate that the
BlackBerry Dynamics Launcher
uses to establish a secure communication channel with
BlackBerry UEM
.
BlackBerry Dynamics
apps that include the integrated
BlackBerry Dynamics Launcher
, can present the certificate to
BlackBerry UEM
to authenticate with the server.
Certificate for
BlackBerry Dynamics
servers
An SSL certificate that authenticates connections between
BlackBerry UEM
and
BlackBerry Proxy
.
Certificate for application management
An SSL certificate that is used for authentication between
BlackBerry UEM
and
BlackBerry Dynamics
apps.
The root CA certificate for this certificate is stored in the list of trusted CA certificates on the device. When the server authenticates with the device, the server presents this certificate to the device for validation.
If you change this certificate and the change becomes effective before
BlackBerry UEM
pushes the certificate to all
BlackBerry Dynamics
apps, any apps that did not receive the certificate must be reactivated.
Certificate for
Direct Connect
An SSL certificate that is used for authentication between a
BlackBerry Proxy
server configured for
BlackBerry Dynamics
Direct Connect
and
BlackBerry Dynamics
apps on end user's devices.
When you update this certificate, the new version will always be sent to devices over a non-
BlackBerry Dynamics
Direct Connect
connection. Any devices or containers that are not online at the time of the change will receive the update when they come back online. Updating this certificate should be done on the
BlackBerry UEM
server and any applicable networking appliances at the same time.
For more information on setting up
Direct Connect
, see Configuring Direct Connect with BlackBerry UEM