MKS6029736 ; R032 ; [HH] ; Deployme

MKS6029736 ; R032 ; [HH] ;

Deployment: On-prem (see 6265610 for cloud requirement)

The BES NG system must be able to integrate with the Opentrust PKI system.

The use cases, which were covered for integration with BES have to be covered with BES NG for iOS/Android/BB10 and Windows Phone devices if applicable.

At a minimum, we need to provide the SCEP integration like we provide for Microsoft CA.

Notes:

This documentation covers the integration of OpenTrust with Mobile Device Management systems.
https://www.keynectis.com/en/credential-management-system-mobile

There is also a whitepaper attached.

Key Use Cases:

Organizations use identity certificates to create an additional layer of security for authentication or to prevent users from having to enter passwords. Certificates are commonly used with WiFi / VPN / ActiveSync / Web-Applications / etc. In case an enterprise CA is used, the certificate authority that is required to establish the "chain of trust" needs to be installed on devices, too. This can also be automated via MDM and CA certificate profiles.

Integration with CA systems helps further automate workflows, hence reducing work for IT and saving cost.

OpenTrust supports provisioning of certificates through:
- Password-protected PKCS#12 files (centralized mode)
- SCEP exchanges with a PKI SCEP connector (decentralized mode)
- Root certificates

In general, centralized mode would be used for certificates to support encryption which would need to be long lived or held in escrow for the purpose of decrypting SMIME mail. Decentralized mode would be used for authentication and signing where certificates would have a shorter live span with no need to hold private keys in escrow.