Providing client certificates to devices and apps Skip Navigation

Providing client certificates to devices and apps

You and users can send client certificates to devices and apps in several ways.
How the certificate is added
Description
Supported devices
During device activation
BlackBerry UEM
sends certificates to devices during the activation process. Devices use these certificates to establish secure connections between the device and
UEM
.
All
You can create SCEP profiles that devices use to connect to, and obtain client certificates from, your organization's CA using a SCEP service. Devices and
BlackBerry Dynamics
apps can use these certificates for certificate-based authentication and to connect to your work
Wi-Fi
network, work VPN, and work mail server.
iOS
macOS
Android
Windows 10
If your organization uses a PKI solution, such as
Entrust
or
OpenTrust
software products, to issue and manage certificates, you can create user credential profiles that devices use to get client certificates from your organization's CA.
BlackBerry Dynamics
enabled devices use these certificates for certificate-based authentication from
BlackBerry Dynamics
apps. Other devices use these certificates for certificate-based authentication from the browser, and to connect to your work
Wi-Fi
network, work VPN, and work mail server.
iOS
macOS
(for
BlackBerry Access
only)
Android
Windows 10
(for
BlackBerry Access
only)
A shared certificate profile specifies a client certificate that
UEM
sends to
iOS
,
macOS
, and
Android
devices.
UEM
sends the same client certificate to every user that the profile is assigned to.
The administrator must have access to the certificate and private key to create a shared certificate profile.
iOS
macOS
Android
You can add a client certificate to a user account.
UEM
can send the certificate to the user's
iOS
and
Android
devices.
If the certificate is associated with a user credential profile, devices can use these certificates to connect to your work
Wi-Fi
network, work VPN, and work mail server.
The administrator must have access to the certificate and private key to send the client certificate to the user.
iOS
Android
If your organization has an on-premises
UEM
environment, users can upload certificates to
BlackBerry UEM Self-Service
.
UEM
then pushes the certificate to the users devices.
If the certificate is associated with a user credential profile, devices and
BlackBerry Dynamics
apps can use these certificates for certificate-based authentication and to connect to your work
Wi-Fi
network, work VPN, and work mail server.
This feature is not supported in
UEM Cloud
.
iOS
Android
Users can add certificates to the device native keystore for use with
BlackBerry Dynamics
apps.
Android