This article provides information on how to configure an external SSL Certificate for XenMobile Device Manager (XDM).

The procedure in this article should be used during new installations or certificate renewals with the same FQDN – new installations that are set up with internal self-signed certificate that should now be changed to a publicly trusted SSL certificate. Citrix recommends that this procedure be followed first prior to enrolling any devices into the environment. SSL Certificate renewals can be altered at any time as per the following instructions.

Prerequisites

• Include any intermediate certificates to the certificate chain.

• External SSL certificate file in .p12 format copied locally to the XDM server.

• Must have access to password of SSL certificate file.

Configuration

The following two XDM server files must be edited:

• pki.xml 

• server.xml

---

Instructions

Complete the following steps to configure external SSL certificate for XenMobile Device Manager:

1. On the XDM server, browse to the pki.xml file, located at: C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\webapps\zdm\WEB-INF\classes\pki.xml.

2. In this file, add the bean ID (copy and paste):
   <bean id="externalSslCert"
   class="com.sparus.nps.pki.def.KeyStoreParams"
   p:keyStoreType="PKCS12"
   p:keyStorePath="C:\yoursslcert.p12"
   p:entryAlias=""
   p:keyStorePass="yourpassword"
   p:publiclyTrusted="true"
   />

   

3. Edit the string keyStorePath to point to the location of the external SSL certificate.

4. Edit the string keyStorePass with the SSL certificate password.

5. In the same file, search for the string legacySslCert and replace with externalSslCert.

   Old entry:

   

   New entry:

   

6. On the XDM server, browse to the server.xml file, located at C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\conf\server.xml.

   1. Search for the string Connector Port="443" and then add the SSL certificate path and password as defined in the pki.xml file (Steps 3-4).

      

   2. Search for the string Connector Port="8443" and then add the SSL certificate path and password as defined in the pki.xml file (Steps 3-4).

      

7. Save and close the file.

8. Restart the Device Manager Service.

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.

This article explains how to configure an External SSL Certificate for XenMobile Device Manager.

• Citrix Documentation - Configuring Device Manager with Microsoft Certificate Services
• Citrix Documentation - Configuring an External Certificate Authority by Using SSL
• Citrix Documentation - Certificates in XenMobile 10
• Citrix Documentation - To renew an APNS certificate