Sending CA certificates to devices
You might need to distribute root and intermediate CA certificates to devices if the devices use certificate-based authentication to connect to a network or server in your organization’s environment or if your organization uses S/MIME.
Sending the CA certificates for your organization's network and server certificates to devices allows the devices to trust the network and servers when making secure connections. Sending CA certificates for your organization's S/MIME certificates allows devices to trust the sender's certificate when a secure email message is received.
You can send CA certificates to every device that is managed by the BlackBerry Device Service by copying the certificate to the appropriate subfolder in the BlackBerry Device Service shared network folder. If the contents of a certificate folder change, the Enterprise Management Web Service sends all certificates in the folder to the appropriate certificate store on every device to replace the previous set of certificates.
Depending on the purpose of a certificate, you should copy a CA certificate to one of the following Certificates subfolders:
| Folder | Description |
|---|---|
|
WIFI |
The BlackBerry Device Service sends certificates in the WIFI folder to the Wi-Fi Trusted Certificates store on every device. Certificates in the Wi-Fi Trusted Certificates store can be used only for Wi-Fi connections. You must set the Wi-Fi profile Trusted Certificate Source configuration setting to Trusted Certificate Store to use certificates in the store for work Wi-Fi connections. |
|
VPN |
The BlackBerry Device Service sends certificates in the VPN folder to the VPN Trusted Certificates store on every device. Certificates in the VPN Trusted Certificates store can be used only for VPN connections. You must set the VPN profile Trusted Certificate Source configuration setting to Trusted Certificate Store to use certificates in the store for work VPN connections. |
|
WWW |
The BlackBerry Device Service sends certificates in the WWW folder to the Enterprise Root Certificates list on every device. The work browser uses these certificates to establish SSL connections with servers in your organization's environment. Devices running BlackBerry 10 OS version 10.0 also use certificates in this folder to authenticate with your work messaging server if it uses certificate-based authentication and to authenticate secure email messages that have been received. |
|
Enterprise |
The BlackBerry Device Service sends certificates in the Enterprise folder to the Enterprise Root Certificates list on devices running BlackBerry 10 OS version 10.1 and later. Devices use certificates in this folder to authenticate with your work messaging server if it uses certificate-based authentication and to authenticate secure email messages that have been received. |