Certificate management policies (Premium)
A group of policies to control certificate management settings. For example, disable certificates, restrict certificates and more.
  • Enable certificate management controls
    Use this control to enable or disable certificate management settings for the device. Enable this control before changing any certificate management settings. If this control is not enabled, any Enterprise certificate management policy is ignored.
  • Certificate revocation
    Choose the Certificate revocation method most appropriate for your devices.
    • Enable revocation check
      Use this to check certificate validation. For example if you list “com.samsung.email” in a whitelist, any certificates used by this app for SMIME encryption or signing is first checked against a list of Certificate Revocation List (CRL) to verify that they are still valid. Enter the application package names to check as a comma separated list, for example (“com.xyz, com.abc”)
    • Enable OCSP check before CRL
      Use this to perform certificate validation using OSCP before checking a CRL. If the OCSP response is inconclusive the device performs a CRL check.
    • List of apps to enable for verification
      Use this to perform certificate revocation on a list of applications. Enter the values as a comma separated list of the application packages, for example, “com.xyz, com.abc”.
  • Add trusted CA certificate
    Enter the name of a Trusted CA Alias which was already defined in Certificate Alias. Enter the values as a comma separated list of the Trusted CA Alias
  • Block User from removing Certificate
    Use this control to block the user from removing certificates from the keystore. By default, users are allowed to remove certificates from the keystore.