If you enroll your very first iOS device on Blackberry UEM after it is implemented (you can check out my series on implementation by clicking here), you may notice that the device profile is Not Verified.
Per Blackberry KB, this is the expected behavior as out of the box Apple profile signing certificate is self-signed. This is somewhat similar to another use case I shared via this blog post except this is not ideal since it has user-facing component.
Blackberry offers two solutions:
- The user must browse to https://.bbsecure.com:443//ca to download the CA certificate with both country code and SRP Identifier and save it to the iOS device (i.e. https://us.bbsecure.com/your_SRP_ID/ca)
- You can create your own self-sign certificate and then get it signed by an Apple (iOS) trusted root certificate, or you can buy your own certificate. Please check the following link for further information https://support.apple.com/en-ca/HT204132
Solution 1 will only result in many unhappy users due to the steps involved no matter how small they may seem. Since I have a wildcard certificate from a 3rd party Certificate Authority, I resolved the issue with solution 2.
*Please note: If you deploy Blackberry UEM in the cloud instead of on-premise, solution 2 will not be available at all.
In summary, the steps required for solution 2 are:
- Take a snapshot of the UEM virtual machine (or export existing cert on the server)
- Log onto UEM web console
- Go to Settings -> Infrastructure -> Server certificates
- Browse to Apple profile signing certificate
- Click View Details and Replace certificate
- Upload certificate
- Restart Blackberry UEM Core service
Let’s get started!
Go to Settings -> Infrastructure -> Server certificates. Then, browse to Apple profile signing certificate. Click View Details.
Under Apple profile signing certificate, click Replace certificate.
If the incorrect password is entered when replacing the certificate, you will get the error below.
Going forward, you should see Verified when enrolling the iOS device with Blackberry UEM.
As always, stay mobile!