Creating CA certificate profiles
You might need to distribute CA certificates to devices if the devices use certificate-based authentication to connect to a network or server in your organization’s environment, or if your organization uses S/MIME. When the CA certificates for your organization's network and server certificates are stored on devices, the devices can trust your networks and servers when they make secure connections. When the CA certificates for your organization's S/MIME certificates are stored on devices, the devices can trust the sender's certificate when a secure email message is received.
Many CA certificates that are used for different purposes can be stored on a device. You can use certificate profiles to send CA certificates to devices. CA certificates have a .der file extension.
Create a CA certificate profile
- On the menu bar, click Policies and Profiles.
- Click the + icon beside CA certificate.
- Type a name and description for the profile. Each CA certificate profile must have a unique name. Some names (for example, ca_1) are reserved.
- In the Certificate file field, click Browse to locate the certificate file.
-
If the CA certificate is sent to BlackBerry
devices, specify one or more of the following certificate stores to send the
certificate to on the device:
- Browser certificate store
- VPN certificate store
- Wi-Fi certificate store
- Enterprise certificate store
- Click Add.
CA certificate stores on BlackBerry 10 devices
CA certificates that are sent to BlackBerry 10 devices can be stored in different certificate stores, depending on the purpose of the certificate.
| Store | Description |
|---|---|
|
Browser certificate store |
The work browser on BlackBerry 10 devices uses the certificates in this store to establish SSL connections with servers in your organization's environment. Devices that are running BlackBerry 10 OS version 10.0 also use the certificates in this store to authenticate S/MIME-protected email messages that are received. |
|
VPN certificate store |
BlackBerry 10 devices use certificates in this store for VPN connections. You must set the "Trusted certificate source" setting in the VPN profile to "Trusted certificate store" to use the certificates in this store for work VPN connections. |
|
Wi-Fi certificate store |
BlackBerry 10 devices use certificates in this store for Wi-Fi connections. You must set the "Trusted certificate source" setting in the Wi-Fi profile to "Trusted certificate store" to use certificates in this store for work Wi-Fi connections. |
|
Enterprise certificate store |
Devices that are running BlackBerry 10 OS version 10.1 or later use certificates in this store to authenticate S/MIME-protected email messages that are received. |