Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.20
  3. Managing secure connections
  4. Using PKI certificates with devices or apps
  5. Sending certificates to devices and apps using profiles
  6. Create a user credential profile to connect to your BlackBerry Dynamics PKI connector
  7. Create a user credential profile to use app-based certificates on iOS devices

Create a user credential profile to use app-based certificates on
iOS
 devices

  1. On the menu bar, click
    Policies and Profiles > Certificates > User credential
    .
  2. Click The Add icon.
  3. Type a name and description for the profile.
  4. In the
    Certificate authority connection
     drop-down list, click the name of the app you specified when you connected
    BlackBerry UEM
     to your PKI solution. If you are using
    Purebred
    , select the
    BlackBerry UEM Client
    .
  5. To specify which certificate the
    BlackBerry Dynamics
     app will use, perform the following actions:
    1. In the
      Key usage
       section, select the operations that the certificate supports.
      BlackBerry Dynamics
       apps will only use certificates that have at least the specified key usage value set. For example, an encryption certificate may have a key usage value of
      Key encipherment
      . An authentication certificate may have a key usage value of
      Digital signature
      . A signing certificate may have a key usage value of both
      Digital signature
       and
      Nonrepudiation
      .
    2. In the
      Extended key usage
       section, select the functions that the certificate was issued for.
      BlackBerry Dynamics
       apps will only use certificates if all selected extended key usage values are present in the certificate. Certificates can have additional extended key usage values.
    3. If the certificate was issued for purposes other than email, client authentication, or smart card login, select
      Additional Object ID usage
      , click The Add icon and specify the OID for the key usage. For example, if the certificate will be used for server authentication, it may have the OID 1.3.6.1.5.5.7.3.1.
    4. Beside
      Issuers
      , click The Add icon and type the issuer name.
      BlackBerry Dynamics
       apps will only use a certificate if the specified issuer matches the
      OpenSSL
       short-form OID in the certificate. You can copy this value from the issuer's certificate. Do not put spaces before or after the equal sign (=). For example: 
      CN=Acme_cert SMIME,OU=Acme_Legal,O=Acme,C=Can
                                     CN=Acme_cert SMIME,OU=Acme_Legal,O=Acme
                                     CN=Acme_cert TLS
  6. If you want the device to delete expired certificates, select
    Delete expired certificates
    .
  7. If you want the device to delete duplicate certificates, select
    Remove duplicate certificates
    .
  8. Click
    Add
    .
  • To allow
    BlackBerry Dynamics
     apps to use certificates, on the menu bar, click
    Apps
    . Click the
    BlackBerry Dynamics
     app that you want to change, then on the
    Settings > BlackBerry Dynamics
     tab, select the
    Allow BlackBerry Dynamics apps to use user certificates SCEP profiles and user credential profiles
     checkbox.  
  • Assign the profile to user accounts and user groups.