Setting up work email for devices
Controlling which devices can access Exchange ActiveSync for work email and organizer data
Creating email profiles
- Create an email profile
- Email profile settings
Protecting email data sent to iOS devices using the BlackBerry Secure Gateway
- Configure BlackBerry UEM to trust the Exchange ActiveSync server or identity provider certificate
- Configure the BlackBerry Secure Gateway to use OAuth with supported TLS versions and ciphers
Enable the BlackBerry Hub app for Android Enterprise devices
Extending email security using S/MIME
Create an IMAP/POP3 email profile
Setting up CardDAV and CalDAV profiles for iOS and macOS devices
- Create a CardDAV profile
- Create a CalDAV profile

Create a certificate retrieval profile

To allow devices to trust LDAP certificate servers when they make secure connections, you might need to distribute CA certificates to devices. If necessary, create CA certificate profiles and assign them to user accounts, user groups, or device groups. For more information about CA certificates, see Sending CA certificates to devices and apps.

If you implement

Kerberos

authentication for S/MIME certificate retrieval, you must assign a single sign-on profile to the applicable users or user groups. For more information about single sign-on profiles, see Enable automatic authentication for iOS devices.

In the management console, on the menu bar, click

Policies and profiles

Click

Certificates > Certificate retrieval

Click

Type a name and description for the certificate retrieval profile.

In the table, click

In the

Service URL

field, type the FQDN of an LDAP certificate server using the format ldap://<fqdn>:<port>. (For example, ldap://server01.example.com:389).

In the

Search base

field, type the base DN that is the starting point for LDAP certificate server searches.

In the

Search scope

drop-down list, perform one of the following actions:

To search the base object only (base DN), click

Base

. This option is the default value.

To search one level below the base object, but not the base object itself, click

One level

To search the base object and all levels below it, click

Subtree

To search all levels below the base object, but not the base object itself, click

Children

If authentication is required, perform the following actions:

In the

Authentication type

drop-down list, click

Simple

Kerberos

In the

LDAP user ID

field, type the DN of an account that has search permissions on the LDAP certificate server (for example, cn=admin,dc=example,dc=com).

In the

LDAP password

field, type the password for the account that has search permissions on the LDAP certificate server.

If necessary, select the

Use secure connection

check box.

In the

Connection timeout

field, type the amount of time, in seconds, that the device waits for the LDAP certificate server to respond.

Click

Add

Repeat steps 5 to 12 for each LDAP certificate server.

Click

Add

If necessary, rank the profile.

Section:

Retrieving S/MIME certificates