Changing the certificates that BlackBerry UEM uses for authentication
BlackBerry UEM
uses for authenticationWhen you install
BlackBerry UEM
on-premises, the setup application generates several self-signed certificates that are used to authenticate communication between various UEM
components and with devices. You can change the certificates if your organization's security policy requires that certificates be signed by your organization's CA, or if you want to use certificates issued by a CA that devices and browsers already trust.If problems occur when you change a certificate, communication between
UEM
components and between UEM
and devices can be disrupted. If you choose to change any certificates, plan and test the change carefully.You can change the following certificates:
Certificate | Description |
|---|---|
Apple profile signing certificate | This is the certificate that UEM uses to sign the MDM profile that users must accept when they activate iOS devices.If you are using a certificate signed by a CA, verify that the root certificate for the CA is installed on users' iOS devices before activation. |
SSL certificate for consoles | This is the SSL certificate that the management console and UEM Self-Service use to authenticate browsers.If you configure high availability, the certificate must have the name of the UEM domain. You can find the domain name in the management console under Settings > Infrastructure > Instances. |
SSL certificates for the BlackBerry Web
Services | This is the SSL certificate that the BlackBerry Web
Services use to authenticate applications that use the BlackBerry Web
Services APIs to manage UEM .If you configure high availability, the certificate must have the name of the UEM domain. You can find the domain name in the management console under Settings > Infrastructure > Instances. |
SSL certificate for BlackBerry
Dynamics apps | This is the SSL certificate that the BlackBerry Dynamics Launcher uses to establish a secure communication channel with UEM . BlackBerry
Dynamics apps that include the integrated BlackBerry Dynamics Launcher can present the certificate to UEM to authenticate with the server. |
Certificate for application management | This is the SSL certificate that is used for authentication between UEM and BlackBerry
Dynamics apps.The root CA certificate is stored in the list of trusted CA certificates on the device. When the server authenticates with the device, the server presents this certificate to the device for validation. If you change this certificate and the change becomes effective before UEM pushes the certificate to all BlackBerry
Dynamics apps, any apps that did not receive the certificate must be reactivated. |
Certificate for Direct Connect | This is the SSL certificate that is used for authentication between a BlackBerry Proxy server configured for BlackBerry
Dynamics Direct Connect and BlackBerry
Dynamics apps on devices.When you update this certificate, the new version will always be sent to devices over a non- BlackBerry
Dynamics Direct Connect connection. Any devices or containers that are not online at the time of the change will receive the update when they come back online. Updating this certificate should be done on the UEM server and any applicable networking appliances at the same time.For more information on setting up Direct Connect , see Configuring Direct Connect with BlackBerry UEM. |
Certificate for BlackBerry
Dynamics servers | This is the SSL certificate that authenticates connections between UEM and BlackBerry Proxy . |