Endpoint Management | How to generate and import a certificate for a Discretionary CA - PKI
Article ID: CTX322738
Updated On:
Description
The objective of this article is to show you how to prepare a self-signed certificate so it can be uploaded to Citrix Endpoint Management or XenMobile to be used by a Discretionary CA - PKI
Instructions
If you need to set up a Discretionary CA, first you need to create a self-signed certificate and generate a full chain PFX, then import it to CEM so it can be used by the Discretionary PKI.Follow the steps below:
- Generate a certificate for your CA
-
On your server, open the Microsoft Management Console (MMC) with your Local System account, and open the certificates snap-in. In the pane on the right, right-click and then click All Tasks > Request New Certificate.
-
In the wizard that opens, click Next twice. In the Request Certificates list, select Subordinate Certification Authority and then click the More information link.
-
In the window, type a Subject name and Alternative name. Click OK.
-
Click Enroll, and then click Finish.
-
In the MMC, right-click the certificate you created. Click All Tasks > Export. Export the certificate as a .pfx file with a private key. Make sure the option "Include all certificates in the certification path if possible" is selected.
- Import a certificate for your CA
2. Click Import. In the window that opens, browse for the certificate and private key files you exported previously.
3. Click Import. The certificate is added to the table. You should see that 2 certificates were added, one server certificate and one root/intermediate certificate.
4. After that, continue following the steps on the documentation for how to configure a discretionary PKI if is a first-time setup or update the bindings of the PKI properties to the new certificate if is just an update.
Additional Information
