Skip Navigation

BlackBerry UEM
to trust the
Exchange ActiveSync
server or identity provider certificate

If your environment includes
13.0 and later devices and you use modern authentication (OAuth) to connect to
Microsoft Exchange Online
, you must add the certificate (or the root certificate) of the identity provider to
BlackBerry UEM
. The
BlackBerry Secure Gateway
requires the certificate to trust the identity provider when it establishes the connection.
If your
Exchange ActiveSync
server is configured to require a TLS connection, you must also add the certificate (or the root certificate) of the
Exchange ActiveSync
server to
BlackBerry UEM
. The
BlackBerry Secure Gateway
requires the certificate to trust the server when it establishes the TLS/SSL connection.
Export the certificates in X.509 format (*.cer, *.der) from the following servers and store them in a network location that you can access from the management console:
  • Active Directory
    identity provider, if your environment supports modern authentication
  • Exchange ActiveSync
    server, if your
    Exchange ActiveSync
    is configured to require a TLS connection 
  1. In the management console, on the menu bar, click
    Settings > External Integration > Trusted certificates
  2. Click The Add icon beside
    Exchange ActiveSync server trusts
  3. Click
  4. Select the certificate file that you want to use.
  5. Click
  6. Type a description for the certificate.
  7. Click