Recently, I was part of a discussion on the creation of a private key and a certificate signing request (CSR) to obtain a third-party certificate for Manager XenMobile devices (XDM). These are not covered in the documentation. There are quite a few different ways this can be done and I wanted to list a few.
1) Use an IIS box. Most are familiar with this process and it is fairly simple to make. Once the certificate is obtained and added to IIS, it can be exported with.
2) If a NetScaler is part of the environment of use. Both the key and CSR can be generated on the NetScaler. Once the certificate is added, you can export the keystore.
3) Download OpenSSL for Windows on the XDM server. The key and CSR can then be generated on the XDM server itself. This can help ensure the key seat elsewhere in the network.
So there are three ways to generate the key and XDM Private CSR to obtain a third party SSL certificate. Options 1 and 3 will probably be covered by your certificate provider. All restrictions on the size or key algorithms should be provided by your SSL certificate provider. The XDM keystore file must be in PKCS12 format
Generating OpenSSL key -. Http://www.openssl.org/docs/HOWTO/keys.txt
Generating a CSR OpenSSL - http://www.openssl.org/docs/HOWTO/certificates.txt
Creating a PKCS # 12 bundle - http://support.citrix.com/article/CTX106630
Change the XDM server cert - http://support.citrix.com/proddocs/ topic / xmob-dm-85 / xmob-dm-manage-securityId-configcert-ssl-tsk.html
UPDATE: I have documented this process for one of my clients in their building Nike guide and thought I would add here.
1) Download OpenSSL for Windows. http://www.openssl.org/related/binaries.html You may also need Visual C ++ 08 redistributable
2) Make sure to follow all applicable directives in your environment during the the addition of these components.
3) Open a command prompt on the XDM server. All orders by assuming that you are in the c :. Win32 OpenSSL bin
4) Generate a new private key. Make sure to use the size of the key needed for your environment. This example uses a 2048 bits key.
i. "openssl genrsa -des3 -out
5) Generate CSR. You will get a warning about not find openssl.cfg, even when specifying the configuration in the order.
i. "openssl req -new -key
6) Submit the CSR to the CA to sign the certificate and place in c :. Win32 OpenSSL bin with
7) Create a PKCS # 12 bundle file. Be sure to protect the beam password when creating.
i. "openssl pkcs12 -export -in
8) Create a folder on the XDM server to hold the beam, for example C .. XDMCert
9) If desired, remove the key, CSR and regroup from the OpenSSL bin directory and remove
0 Komentar