Retrieving S/MIME certificates
For devices that are running a version of BlackBerry 10 OS that is 10.2.1 or later, you can use the BlackBerry Device Service to configure LDAP-enabled server settings and send them to BlackBerry devices so that devices can search for and retrieve recipients' S/MIME certificates from LDAP-enabled servers over the wireless network. If a required S/MIME certificate isn't already in a device's certificate store, the device retrieves it and imports it into the certificate store automatically.
A device searches each LDAP-enabled server and retrieves the S/MIME certificate. If there is more than one S/MIME certificate and the device is unable to determine the preferred one, the device displays all of the S/MIME certificates so that the user can choose which one to use.
If you don't configure certificate retrieval settings, users must manually import S/MIME certificates from a work email attachment or a computer.
To allow BlackBerry devices to trust the network and servers when making secure connections, you will need to distribute root and intermediate CA certificates to the devices. For more information, see Sending CA certificates to devices.
For more information about certificates, see the BlackBerry Device Service Solution Security Technical Overview.