Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
31323334353637383940
certificate. You can use the Automatic Renewal SCEP profile setting to configure how many days before the certificate
expires that automatic renewal occurs.
The certificate enrollment process can also start again if you change any of the following SCEP profile settings:
Certification Authority Identifier
Certificate Thumbprint
Key Algorithm
ECC Strength
RSA Strength
The certificate enrollment process does not delete the existing certificate from the device or notify the CA that the
certificate is no longer in use. If a SCEP profile is removed from the BlackBerry Device Service, the corresponding
certificate is not removed from the device.
Data flow: Enrolling a client certificate to a device using
SCEP
1. The BlackBerry Device Service sends a Wi-Fi profile, VPN profile, or email profile that has an associated SCEP profile to
the device.
2. The device performs the following actions:
a Generates a key pair using the key algorithm and strength that is specified in the SCEP profile
b Generates a PKCS#10 CSR containing all required attributes for the request, except for the challenge password
c Sends the SCEP profile name, PKCS#10 CSR, and hash type to the Enterprise Management Web Service
3. The Enterprise Management Web Service performs the following actions:
a Verifies that the subject distinguished name, subject alternative names, and email address that are contained in the
request match the user account information in the BlackBerry Configuration Database
b Adds the challenge password to the PKCS#10 CSR
c Hashes the PKCS#10 CSR
d Sends the PKCS#10 CSR hash to the device
4. The device computes the signature on the PKCS#10 CSR hash, and sends the SCEP profile name, original PKCS#10
CSR, signature request, computed signature response, CA certificate (to encrypt the SCEP request), hash type, and
encryption type to the Enterprise Management Web Service.
5. The Enterprise Management Web Service performs the following actions:
a Verifies the CA certificate that it receives
b Verifies that the subject distinguished name, subject alternative names, and email address that are contained in the
request match the user account information in the BlackBerry Configuration Database
c Adds the challenge password to the PKCS#10 CSR
Security Technical Overview Managing certificates on devices
40