The XenMobile Public Key Infrastructure (PKI) Integration feature allows you to manage the distribution and life-cycle of security certificates used on your devices with great flexibility.
The main feature of the system is the PKI Entity. A PKI entity models back-end component for PKI operations. That component may be either local to XenMobile (internal) or a part of your corporate infrastructure (external, such as a Microsoft, RSA, or OpenTrust PKI). The PKI entity handles the back-end certificate issuance and revocation. It is the authoritative source for the certificate’s status. The XenMobile configuration will normally contain exactly one PKI Entity per back-end PKI component.
The second feature is the Credential Provider. A Credential Provider is a particular configuration of certificate issuance and life-cycle. It will control things like the certificate’s format (subject, key, algorithms) and the conditions for its renewal or revocation, if any. The Credential Providers delegate operations to the PKI Entities. In other words, while Credential Providers control when and with what data PKI operations are undertaken, PKI Entities control how those operations are performed. The XenMobile configuration will normally contain many Credential Provider per PKI Entity.
The third feature of the system are Server Certificates. Server Certificates are X.509 certificates used functionally by the PKI Entity or the Credential Provider configurations.