XenMobile Server - Netscaler Gateway Credential certificates (PKI) do not auto renew within the 60 days renewal time set
Article ID: CTX233726
Updated On:
Description
Question : XenMobile Server - Netscaler Gateway Credential certificates (PKI) do not auto renew within the 60 days renewal time set ?
Answer :
The NetScaler Gateway Credentials certificates are the user certificates which are directly bound from the Credential Provider to the NetScaler Gateway. Hence we do not have any credentials policy bound to the user certificates. For that reason they get renewed only when the certificate gets expired.
1. Once the certificate gets generated for a user from the Certificate Authority server, the certificate is valid up to the point when it gets expired.
2. After the expiry of the certificate, when Secure Hub presents the certificate to Gateway, Gateway realizes that the cert is expired and sends a reject response for the connection.
3. Secure hub then connects to the XenMobile server for the user certificate request.
4. XenMobile requests a re-issue of the certificate from the configured PKI entity.
5. CA server will renew the certificate and provide the same to XenMobile server.
6. XM server then passes the certificate the the device.
7. Secure Hub uses the new certificate to setup the connection with Netscaler Gateway. This session should then succeed.
8. Hence, even if the devices re-enroll, and if the old certificate is still valid, there would not be any new certificate generation or renewal. The old certificate itself gets deployed on the device.
This is the expected behavior for user certificate renewal process.
1. Once the certificate gets generated for a user from the Certificate Authority server, the certificate is valid up to the point when it gets expired.
2. After the expiry of the certificate, when Secure Hub presents the certificate to Gateway, Gateway realizes that the cert is expired and sends a reject response for the connection.
3. Secure hub then connects to the XenMobile server for the user certificate request.
4. XenMobile requests a re-issue of the certificate from the configured PKI entity.
5. CA server will renew the certificate and provide the same to XenMobile server.
6. XM server then passes the certificate the the device.
7. Secure Hub uses the new certificate to setup the connection with Netscaler Gateway. This session should then succeed.
8. Hence, even if the devices re-enroll, and if the old certificate is still valid, there would not be any new certificate generation or renewal. The old certificate itself gets deployed on the device.
This is the expected behavior for user certificate renewal process.
Was this article helpful?
Yes
No
Powered by
