Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.21
  3. Managing email, calendar, and contacts
  4. Protecting email data sent to iOS devices using the BlackBerry Secure Gateway
  5. Configure BlackBerry UEM to trust the Exchange ActiveSync server or identity provider certificate

Configure
BlackBerry UEM
 to trust the
Exchange ActiveSync
 server or identity provider certificate

If your environment includes
iOS
 and
iPadOS
 13.0 and later devices and you use modern authentication (OAuth) to connect to
Microsoft Exchange Online
, you must add the certificate (or the root certificate) of the identity provider to
BlackBerry UEM
. The
BlackBerry Secure Gateway
 requires the certificate to trust the identity provider when it establishes the connection.
If your
Exchange ActiveSync
 server is configured to require a TLS connection, you must also add the certificate (or the root certificate) of the
Exchange ActiveSync
 server to
BlackBerry UEM
. The
BlackBerry Secure Gateway
 requires the certificate to trust the server when it establishes the TLS/SSL connection.
Export the certificates in X.509 format (*.cer, *.der) from the following servers and store them in a network location that you can access from the management console:
  • Active Directory
     identity provider, if your environment supports modern authentication
  • Exchange ActiveSync
     server, if your
    Exchange ActiveSync
     is configured to require a TLS connection 
  1. In the management console, on the menu bar, click
    Settings > External Integration > Trusted certificates
    .
  2. Click The Add icon beside
    Exchange ActiveSync server trusts
    .
  3. Click
    Browse
    .
  4. Select the certificate file that you want to use.
  5. Click
    Open
    .
  6. Type a description for the certificate.
  7. Click
    Add
    .