Changing BlackBerry UEM certificates
BlackBerry UEM
certificatesWhen you install
BlackBerry UEM
, the setup application generates several self-signed certificates that are used to authenticate communication between various UEM
components and with devices. You can change the certificates if your organization's security policy requires that certificates be signed by your organization's CA or if you want to use certificates issued by a CA that devices and browsers already trust.If problems occur when you change a certificate, communication between
UEM
components and between UEM
and devices can be disrupted. If you choose to change any certificates, plan and test the change carefully.You can change the following certificates:
Certificate | Description |
|---|---|
SSL certificate for consoles | An SSL certificate that the BlackBerry UEM management console and BlackBerry UEM Self-Service use to authenticate browsers.If you configure high availability, the certificate must have the name of the BlackBerry UEM domain. You can find the BlackBerry UEM domain name in the management console under Settings > Infrastructure > Instances. |
SSL certificates for BlackBerry Web
Services | An SSL certificate that the BlackBerry Web
Services use to authenticate applications that use the BlackBerry Web
Services APIs to manage BlackBerry UEM .If you configure high availability, the certificate must have the name of the BlackBerry UEM domain. You can find the BlackBerry UEM domain name in the management console under Settings > Infrastructure > Instances. |
Apple profile signing certificate | A certificate that BlackBerry UEM uses to sign the MDM profile that users must accept when they activate iOS devices.If you are using a certificate signed by a CA, make sure that root certificate for the CA is installed on users' iOS devices before activation. |
SSL certificate for BlackBerry
Dynamics apps | An SSL certificate that the BlackBerry Dynamics Launcher uses to establish a secure communication channel with BlackBerry UEM . BlackBerry
Dynamics apps that include the integrated BlackBerry Dynamics Launcher , can present the certificate to BlackBerry UEM to authenticate with the server. |
Certificate for BlackBerry
Dynamics servers | An SSL certificate that authenticates connections between BlackBerry UEM and BlackBerry Proxy . |
Certificate for application management | An SSL certificate that is used for authentication between BlackBerry UEM and BlackBerry
Dynamics apps.The root CA certificate for this certificate is stored in the list of trusted CA certificates on the device. When the server authenticates with the device, the server presents this certificate to the device for validation. If you change this certificate and the change becomes effective before BlackBerry UEM pushes the certificate to all BlackBerry
Dynamics apps, any apps that did not receive the certificate must be reactivated. |
Certificate for Direct Connect | An SSL certificate that is used for authentication between a BlackBerry Proxy server configured for BlackBerry
Dynamics Direct Connect and BlackBerry
Dynamics apps on end user's devices. When you update this certificate, the new version will always be sent to devices over a non- BlackBerry
Dynamics Direct Connect connection. Any devices or containers that are not online at the time of the change will receive the update when they come back online. Updating this certificate should be done on the BlackBerry UEM server and any applicable networking appliances at the same time. For more information on setting up Direct Connect , see Configuring Direct Connect with BlackBerry UEM |