Skip Navigation

DOCS HOME
UNIFIED ENDPOINT SECURITY
ENDPOINT MANAGEMENT
BLACKBERRY DYNAMICS
MORE PRODUCTS

Identity, Communication, and Collaboration

Development Tools

BlackBerry Smartphones

BlackBerry Apps for Android Smartphones

BlackBerry 10
: SCEP profile settings

BlackBerry 10 : SCEP profile setting	Description
Use device default subject and SAN	This setting specifies whether a BlackBerry 10 device generates the subject and subject alternative name for a certificate request. If this setting is not selected, you must specify the subject and subject alternative name type and value.
Subject	This setting specifies the subject for the certificate, if required for your organization's SCEP configuration. Type the subject in the format "/CN=`<common_name>`/O=`<domain_name>`" If the profile is for multiple users, you can use a variable, for example: %UserDistinguishedName%. This setting is valid only if the "Use device default subject and SAN" setting is not selected. The minimum requirement is BlackBerry 10 OS version 10.3.1.
SAN	This setting specifies the subject alternative name type and value for a certificate. This setting is valid only if the "Use device default subject and SAN" setting is not selected. The minimum requirement is BlackBerry 10 OS version 10.3.1.
SAN type	This setting specifies the subject alternative name type for the certificate, if it is required. Possible values: RFC 822 name URI NT principal name DNS name The default value is "RFC 822 name."
SAN value	This setting specifies the subject alternative representation of the certificate subject. The value must be an email address, the DNS name of the CA server, the fully qualified URL of the server, or principal name. The "SAN type" setting determines the appropriate value to specify. If set to "RFC822 name," the value must be a valid email address. If set to "URI," the value must be a valid URL that includes the protocol and FQDN or IP address. If set to "NT principal name," the value must be a valid principal name. If set to "DNS name," the value must be a valid FQDN.
Key algorithm	This setting specifies the algorithm that a BlackBerry 10 device uses to generate the client key pair. You must select an algorithm that is supported by your CA. Possible values: None RSA ECC The default value is " RSA ."
RSA strength	This setting specifies the RSA strength that a BlackBerry 10 device uses to generate the client key pair. You must enter a key strength that is supported by your CA. This setting is valid only if the "Key algorithm" setting is set to " RSA ." Possible values: 1024 2048 4096 8192 16384 The default value is "1024."
ECC strength	This setting specifies the elliptic curve that a BlackBerry 10 device uses to generate a client key pair. The elliptic curve defines the strength of the client key pair. You must select an elliptic curve that is supported by your CA. This setting is valid only if the "Key algorithm" setting is set to "ECC." Possible values: sect163k1 sect283k1 secp192r1 secp256r1 secp384r1 secp521r1 The default value is "secp521r1."
Encryption algorithm	This setting specifies the encryption algorithm that a BlackBerry 10 device uses for the certificate enrollment request. Possible values: None Triple DES AES (128-bit) AES (196-bit) AES (256-bit) The default value is "Triple DES."
Hash function	This setting specifies the hash function that a BlackBerry 10 device uses for the certificate enrollment request. Possible values: None SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 The default value is "SHA-1."
Certificate thumbprint	This setting specifies the hexadecimal-encoded hash of the root certificate for the CA. You can use the following algorithms to specify the thumbprint: MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. You must set a value for this setting to activate a BlackBerry 10 device successfully.
Automatic renewal	This setting specifies how many days before a certificate expires that automatic certificate renewal occurs. The possible values are from 1 to 999,999,999 days. The default value is "30."
Key usage	This setting specifies the cryptographic operations that can be performed using the public key contained in the certificate. Possible selections: Digital signature Non-repudiation Key encipherment Data encipherment Key agreement Key certificate signing CRL signing Encipher only Decipher only The default selections are "Digital signature," "Key encipherment," and "Key agreement." The minimum requirement is BlackBerry 10 OS version 10.3.1.
Extended key usage	This setting specifies the purpose of the key contained in the certificate. Possible selections: Server authentication Client authentication Code signing Email protection Time stamping OCSP signing Secure shell client Secure shell server The default selection is "Client authentication." The minimum requirement is BlackBerry 10 OS version 10.3.1.

SCEP profile settings