Replace / Update Apple signing certificate to resolve profile service “Not Verified” when enrolling an iOS device on Blackberry UEM

If you enroll your very first iOS device on Blackberry UEM after it is implemented (you can check out my series on implementation by clicking here), you may notice that the device profile is Not Verified.


Per Blackberry KB, this is the expected behavior as out of the box Apple profile signing certificate is self-signed. This is somewhat similar to another use case I shared via this blog post except this is not ideal since it has user-facing component.

Blackberry offers two solutions:

  1. The user must browse to to download the CA certificate with both country code and SRP Identifier and save it to the iOS device (i.e.
  2. You can create your own self-sign certificate and then get it signed by an Apple (iOS) trusted root certificate, or you can buy your own certificate. Please check the following link for further information

Solution 1 will only result in many unhappy users due to the steps involved no matter how small they may seem. Since I have a wildcard certificate from a 3rd party Certificate Authority, I resolved the issue with solution 2.

*Please note: If you deploy Blackberry UEM in the cloud instead of on-premise, solution 2 will not be available at all.

In summary, the steps required for solution 2 are:

  • Take a snapshot of the UEM virtual machine (or export existing cert on the server)
  • Log onto UEM web console
  • Go to Settings -> Infrastructure -> Server certificates
  • Browse to Apple profile signing certificate
  • Click View Details and Replace certificate
  • Upload certificate
  • Restart Blackberry UEM Core service

Let’s get started!

Go to Settings -> Infrastructure -> Server certificatesThen, browse to Apple profile signing certificate. Click View Details.


Under Apple profile signing certificate, click Replace certificate.



If the incorrect password is entered when replacing the certificate, you will get the error below.


Going forward, you should see Verified when enrolling the iOS device with Blackberry UEM.


As always, stay mobile!


  1. So I need to worry about the deactivating devices? The “Warning” about users may need to reactivate? That’s a little concerning since I have users already on.



    • You don’t need to re-activate any device prior to and after making this change as users hardly notice this setting anyway. However, I recommend making this change for best pratice.


      • i will make the change i just wanted to make sure the existing users will not be bumped off.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.