03-20-2014 05:28 PM
We have successfully configured the ActiveSync certificate-based authentication with BlackBerry 10.
Now we are testing the ActiveSync certificate based authentication with iOS devices. However, the document implies that it only supports form-based authentication… Could you please confirm that?
“verify that you have Basic authentication and Windows authentication enabled”
Solved! Go to Solution.
03-20-2014 06:45 PM
Certificate based authentication is available for iOS devices when activated with the MDM Controls Activation Type. It is not currently supported with Secure Work Space.
03-21-2014 03:27 PM
03-22-2014 11:33 AM
One more question: Does Secure Work Space require additional licenses? The Configuration Guide says: "In BlackBerry Management Studio, add Secure Work Space licenses" Thanks, Kevin
Secure Work Space does require a different license type than a regular activation.
06-11-2014 01:09 PM
Saw your posts that you were able to configure CBA successfully in a BES 10 Environment. I have been strugling for past few weeks on this issue. Hope you can help me by proving the implementation steps or guide that you followed.
Brief on my environment and current station
Exchange 2010 SP2
NDES on 2008 R2
CA on 2008 R2 (seperate from NDES)
The activation process goes like this
->Create a new user and assign the SCEP profile, email profile
->setup an activation password
->try to activate
->it goes through the cycle of activation. I can even see a user cert generated by SCEP service account on the CA. However while setting up the messaging account it still prompts for the AD username and password.
I have been pulling my hair for past few weeks on this issue. Kindly help
06-11-2014 01:31 PM
First, did you configure your Exchange environment to accept CBA request? You can manually export the cert generated on the CA, and import it to a iOS device to test your environment is ready.
Second, did you put the scep profile name under Profile associations section in your email profile? This tells the device to use the cert to authenticate instead of password.
06-11-2014 04:05 PM
Yes i did configure the exchange active sync vir dir to accept CBA. do i need to set require certs or just accept certs on the exchange
Also yes to the second question. i select the scep profile under the email profile. which is why i can see a user cert being generated on CA whenever i try to activate the bB.
but no joy so far.. can you please tell me what to troubleshoot. any logs or events which can help me in resolving this issue.
06-11-2014 04:21 PM
We use requrie certificate. There are additional IIS configureation steps on Exchange server as well...
To narrow down the issue, you can manually request a user cert on CA/SCEP, put it on and iOS device (BES 10 device doesn't allow you to do that as far as I know), make sure the CBA works. BTW, the CBA uses UPN, make sure the UPN is propgrated as CN in the cert.
If all above worked, I guess CBA on BES 10 would work...