Determining the status of S/MIME certificates on devices
You can use OCSP and CRL profiles to allow
Androiddevices to check the status of S/MIME certificates to see if it's a valid certificate. You can assign an OCSP profile and a CRL profile to user accounts, user groups, or device groups.
You can use the OSCP profile to specify the OSCP responders where you want the devices to retrieve the status of S/MIME certificates from.
You can use CRL profiles to allow devices check the responders defined within the S/MIME certificate. You can also configure it so that
BlackBerry UEMrequests the status of S/MIME certificates using HTTP, HTTPS, or LDAP. If you use
Exchange ActiveSyncfor certificate retrieval, devices use
Exchange ActiveSyncto check the status of S/MIME certificates. If you use LDAP for certificate retrieval, devices uses the OCSP (Online Certificate Status Protocol) to check the status of certificates.
Certificate status indicators may vary between devices. For more information, see the user guide for the device to read about secure email icons.