Skip Navigation

Determining the status of S/MIME certificates on devices

You can use OCSP and CRL profiles to allow
devices to check the status of S/MIME certificates to see if it's a valid certificate. You can assign an OCSP profile and a CRL profile to user accounts, user groups, or device groups.
You can use the OSCP profile to specify the OSCP responders where you want the devices to retrieve the status of S/MIME certificates from.
You can use CRL profiles to allow devices check the responders defined within the S/MIME certificate. You can also configure it so that
BlackBerry UEM
requests the status of S/MIME certificates using HTTP, HTTPS, or LDAP. If you use
Exchange ActiveSync
for certificate retrieval, devices use
Exchange ActiveSync
to check the status of S/MIME certificates. If you use LDAP for certificate retrieval, devices uses the OCSP (Online Certificate Status Protocol) to check the status of certificates.
Certificate status indicators may vary between devices. For more information, see the user guide for the device to read about secure email icons.