Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
101102103104105106107108109110
b after the certification authority administrator approves the certificate request, issues the certificate, and sends the
certificate to the user in an email message
12. The BlackBerry MDS Connection Service performs the following actions:
a polls the user's mailbox on the messaging server, at specified intervals, for the certificate
b sends the certificate to the BlackBerry Enterprise Server after the BlackBerry MDS Connection Service retrieves the
certificate
13. The BlackBerry Enterprise Server performs the following actions:
a verifies the certificate by checking whether the public key matches the public key that is stored in the BlackBerry
Configuration Database
b sends the certificate to the device over the wireless network
14. The device adds the certificate and private key to the key store.
Data flow: Enrolling a certificate using an
RSA certification authority
After a BlackBerry device receives an IT policy that includes a certification authority profile, the enrollment process can
start automatically or you can instruct a user to start it.
1. The CA Profile Manager on the device generates the key pair for the certificate.
2. The device requests the user's distinguished name from the BlackBerry Enterprise Server.
3. The BlackBerry Enterprise Server retrieves the user's distinguished name from the messaging server and sends the
distinguished name to the device.
4. The device encrypts the key pair, and stores the key pair, distinguished name, and profile ID for the certification
authority in the persistent store in flash memory.
5. The CA Profile Manager creates the PKCS #10 certificate request and signs it with the private key.
6. The device sends the certificate request and the name of the certification authority profile to the BlackBerry MDS
Connection Service
.
7. The BlackBerry MDS Connection Service performs one of the following actions:
sends the certificate chain to the BlackBerry Enterprise Server if the certificate chain is in the BlackBerry MDS
Connection Service cache
retrieves the certificate chain from the certification authority and sends it to the BlackBerry Enterprise Server if the
certificate chain is not in the BlackBerry MDS Connection Service cache
8. The BlackBerry Enterprise Server sends the certificate chain to the device.
Security Technical Overview Managing certificates on a device
109