Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.21
  3. Managing secure connections
  4. Using PKI certificates with devices or apps
  5. Integrating BlackBerry UEM with your organization's PKI software
  6. Connect BlackBerry UEM to your organization's OpenTrust software

Connect
BlackBerry UEM
 to your organization's
OpenTrust
 software

To extend
OpenTrust
 certificate-based authentication to devices, you must add a connection to your organization's
OpenTrust
 software.
BlackBerry UEM
 supports integration with
OpenTrust
 PKI 4.8.0 and later and
OpenTrust CMS
 2.0.4 and later. This connection is not supported by
BlackBerry Dynamics
 apps.
Contact your organization’s
OpenTrust
 administrator to obtain the URL of the
OpenTrust
 server, the client-side certificate that contains the private key (.pfx or .p12 format), and the certificate password.
  1. On the menu bar, click
    Settings > External integration > Certificate authority
    .
  2. Click
    Add an OpenTrust connection
    .
  3. In the
    Connection name
     field, type a name for the connection.
  4. In the
    URL
     field, type the URL of the
    OpenTrust
     software.
  5. Click
    Browse
    . Navigate to and select the client-side certificate that
    BlackBerry UEM
     can use to authenticate the connection to the
    OpenTrust
     server.
  6. In the
    Certificate password
     field, type the password for the
    OpenTrust
     server certificate.
  7. To test the connection, click
    Test connection
    .
  8. Click
    Save
    .
  • When you use the
    UEM
     connection with
    OpenTrust
     software to distribute certificates to devices, there may be a short delay before the certificates are valid. This delay might cause issues with email authentication during the device activation process. To resolve this issue, in the
    OpenTrust
     software, configure the
    OpenTrust
     CA and set "Backdate Certificates (seconds)" to 180.