Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
ktu555
Posts: 17
Registered: ‎08-24-2012
My Device: RIM
Accepted Solution

Does BES 10 Support ActiveSync certificate-based authentication with iOS?

Hello,

 

We have successfully configured the ActiveSync certificate-based authentication with BlackBerry 10.

 

Now we are testing  the ActiveSync certificate based authentication with iOS devices. However, the document implies that it only supports form-based authentication… Could you please confirm that?

 

“verify that you have Basic authentication and Windows authentication enabled”

 

Thanks,

Kevin

Please use plain text.
BlackBerry Technical Advisor
-BD-
Posts: 495
Registered: ‎05-15-2008
My Device: Z10

Re: Does BES 10 Support ActiveSync certificate-based authentication with iOS?

Certificate based authentication is available for iOS devices when activated with the MDM Controls Activation Type.  It is not currently supported with Secure Work Space.

Please use plain text.
Contributor
ktu555
Posts: 17
Registered: ‎08-24-2012
My Device: RIM

Re: Does BES 10 Support ActiveSync certificate-based authentication with iOS?

One more question: Does Secure Work Space require additional licenses? The Configuration Guide says: "In BlackBerry Management Studio, add Secure Work Space licenses" Thanks, Kevin
Please use plain text.
BlackBerry Technical Advisor
-BD-
Posts: 495
Registered: ‎05-15-2008
My Device: Z10

Re: Does BES 10 Support ActiveSync certificate-based authentication with iOS?


ktu555 wrote:
One more question: Does Secure Work Space require additional licenses? The Configuration Guide says: "In BlackBerry Management Studio, add Secure Work Space licenses" Thanks, Kevin

Secure Work Space does require a different license type than a regular activation.

Please use plain text.
Contributor
Sidjustice
Posts: 11
Registered: ‎01-29-2014
My Device: Q10

Re: Does BES 10 Support ActiveSync certificate-based authentication with iOS?

Hi there,

 

Saw your posts that you were able to configure CBA successfully in a BES 10 Environment. I have been strugling for past few weeks on this issue. Hope you can help me by proving the implementation steps or guide that you followed.

 

Brief on my environment and current station

 

Exchange 2010 SP2

NDES on 2008 R2
CA on 2008 R2 (seperate from NDES)

BES 10.2

 

The activation process goes like this

 

->Create a new user and assign the SCEP profile, email profile

->setup an activation password

->try to activate

->it goes through the cycle of activation. I can even see a user cert generated by SCEP service account on the CA. However while setting up the messaging account it still prompts for the AD username and password.

 

I have been pulling my hair for past few weeks on this issue. Kindly help

 

Please use plain text.
Contributor
ktu555
Posts: 17
Registered: ‎08-24-2012
My Device: RIM

Re: Does BES 10 Support ActiveSync certificate-based authentication with iOS?

First, did you configure your Exchange environment to accept CBA request? You can manually export the cert generated on the CA, and import it to a iOS device to test your environment is ready.

 

Second, did you put the scep profile name under Profile associations section in your email profile? This tells the device to use the cert to authenticate instead of password.

Please use plain text.
Contributor
Sidjustice
Posts: 11
Registered: ‎01-29-2014
My Device: Q10

Re: Does BES 10 Support ActiveSync certificate-based authentication with iOS?

Yes i  did configure the exchange active sync vir dir to accept CBA. do i need to set require certs or just accept certs on the exchange

 

Also yes to the second question. i select the scep profile under the email profile. which is why i can see a user cert being generated on CA whenever i try to activate the bB.

 

but no joy so far.. can you please tell me what to troubleshoot. any logs or events which can help me in resolving this issue.

 

Please use plain text.
Contributor
ktu555
Posts: 17
Registered: ‎08-24-2012
My Device: RIM

Re: Does BES 10 Support ActiveSync certificate-based authentication with iOS?

We use requrie certificate. There are additional IIS configureation steps on Exchange server as well... 

 

To narrow down the issue, you can manually request a user cert on CA/SCEP, put it on and iOS device (BES 10 device doesn't allow you to do that as far as I know), make sure the CBA works. BTW, the CBA uses UPN, make sure the UPN is propgrated as CN in the cert.

 

If all above worked, I guess CBA on BES 10 would work...

 

 

 

 

 

Please use plain text.