Skip Navigation

Sending client certificates to devices and apps using SCEP

You can use SCEP profiles to specify how devices and
BlackBerry Dynamics
apps obtain client certificates from your organization's CA through a SCEP service. SCEP is an IETF protocol that simplifies the process of enrolling client certificates to a large number of devices or apps without any administrator input or approval required to issue each certificate. Devices and
BlackBerry Dynamics
apps can use SCEP to request and obtain client certificates from a SCEP-compliant CA that is used by your organization.
The CA that you use must support challenge passwords. The CA uses challenge passwords to verify that the device or app is authorized to submit a certificate request.
To use SCEP in a
BlackBerry UEM Cloud
environment, you must install the most recent version of the
BlackBerry Connectivity Node
to allow
UEM Cloud
to access your company directory.
If your organization uses an
Entrust
CA or
OpenTrust
CA, SCEP profiles are not supported for
Windows 10
devices.