How to Replace the Certificate on the AO Configuration Server
Article ID: CTX200266
Updated On:
Description
This article describes how to replace the certificate on the App Orchestration (AO) configuration server.
Background
App Orchestration server requires a certificate for secure communication between:- AO Management Console and AO configuration server
- AO agent and AO configuration server
- Switch the self-sign certificate to a more robust certificate from enterprise PKI or third party commercial certificate authority when environment is ready for production usage.
- Replace the certificate that will expire soon.
Instructions
Complete the following steps to change the certificate used for AO configuration server:- Open the certificate from Certificate snap-in through the MMC console to get thumbprint of the new certificate from certificate application.
-
Run the following netsh command in the command line to get a snapshot of the exist cert configuration:
netsh http show sslcert -
Note the application ID (this will be used later when the new certificate is added).
- Run the following netsh command to delete the existing certificate:
netsh http delete sslcert ipport=0.0.0.0:443
- Run the following command to add the new cert to match to the right application id and enable the client certificate negotiation:
netsh http add sslcert ipport=0.0.0.0:443 certhash = [your new cert thumprint] appid = {your application id in your system, need to include the braces at the start and end} clientcertnegotiation=enable
- If the preceding command does not work properly, try the following steps:
- Type netsh http.
-
Type the following command in the Netsh http prompt:
add sslcert ipport=0.0.0.0:443 certhash= [your new cert thumprint] appid= {your application id in your system, need to include the braces at the start and end} clientcertnegotiation=enable
- Reboot the AO configuration server or stop and start IIS and all Citrix services.
-
Check the AO console after a while. All the delivery sites and StoreFront group health should return to normal (no more yellow or red health indication about issue with the agent).
Environment
The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.
Issue/Introduction
This article describes how to replace the certificate on the AO configuration server.
Was this article helpful?
Yes
No
Powered by
