As an admin, configure Workspace ONE Boxer to support Purebred as a certificate source for the managed Android devices.

You can determine how Workspace ONE Boxer can use the Purebred Registration application as a source for derived credential certificates. To do so, you must configure Boxer using the Workspace ONE UEM console version 2003 or below with the following key-value pair.

  • PolicyDerivedCredentials - Enable this key to use the Purebred Registration application as a certificate source for Certificate-based authentication (CBA).
  • PolicyDerivedCredentialsSMIME - Enable this key to use the Purebred Registration application as a certificate source for the S/MIME certificates (signing or encryption).
If you are deploying Boxer using the Workspace ONE UEM console version 2004 or higher, you must apply the following steps:
  1. Enable Purebred for Certificate-based authentication.
    1. In the Boxer Assignment screen, navigate to Email Settings > > Authentication > Advanced > .
    2. Set the authentication type to Certificate.
    3. Select Purebred as Derived Credentials.
  2. Enable Purebred for S/MIME certificates.
    1. Navigate to Email Settings > S/MIME and add the certificate source as Derived Credentials.
    2. Select Purebred as an issuer name.
Note: iOS supports Workspace ONE PIV-D Manager instead of the Purebred Registration application for the derived credential certificates. As an admin, you must push the certificates to the VMware PIV-D Manager application using the Workspace ONE UEM console.

Verifying Purebred Registration Application

Android has the ability to install applications through sideloading, which can be an easy way for any unauthorized application to act as Purebred and get installed on the device. To mitigate such security risk, you can configure Workspace ONE Boxer to authenticate the Purebred Registration application using the Purebred public signing key. To do so, you must enable the AppPurebredPublicKey KVP in the Workspace ONE UEM console. When enabled, this key can easily override the signing key because Purebred is a non-Play Store application.