Category : certificate

APNS, Apple, Blog, certificate, Citrix, XenMobile

XenMobile 10 – Configuration Series Part 3: Requesting an APNS Certificate

In order to enroll and manage iOS devices with Device Manager, you need to set up and create an Apple Push Notification Service (APNS) certificate from Apple. This guide shows basic steps for requesting the APNS certificate:

– Use a Windows 2008 R2 Server and Microsoft Internet Information Server (IIS) to generate a certificate signing request (CSR).
– Request an APNS certificate from Apple.
– Import the certificate to XenMobile 10.


Create a Certificate Signing Request (CSR) by using Microsoft IIS


1. Log in to a Windows Server where IIS is installed and in the Server Certificates window, click Create Certificate Request.

2. Type the appropriate Distinguished Name (DN) information and then click Next.

3. Select Microsoft RSA SChannel Cryptographic Provider for the Cryptographic Service Provider and 2048 for bit length and then click Next.

4. Enter a file name and specify a location to save the CSR and then click Finish.

Submit the CSR to Citrix for signing

1. Go to the Website URL: and log in using your MyCitrix credentials.

2. Follow the instructions to upload your CSR file.

3. Press Sign.

4. Download and save your Citrix Signed CSR file.

Submit the signed CSR to Apple to obtain the APNS certificate

1. Go to the Website URL: and log in using your Apple ID credentials.

2. Click Create a Certificate.

3. Accept Terms of Use.

4. Choose your Citrix signed CSR file and Upload it.

5. Download and save APNS certificate.

Convert the .pem certificate file to the .p12 format

1. Log in back to a Windows Server where IIS is installed and in the Server Certificates window, click Complete Certificate Request. Choose the APNS certificate file and fill the details and press OK.

2. Choose APNS certificate and click Export.

3. Select place to save certification file and choose new password to import certificate into XenMobile 10 in next step.

Import an APNS certificate into XenMobile 10

1. Log in to the XenMobile Web Console. Go to the Configure -> Settings -> Certificates and choose Import to upload APNS certificate into XenMobile. Fill the details as in the fig above and press Import.

2. Press OK and you’re done!


Views: 4703

Read More
Blog, certificate, Citrix, FIPS, XenMobile

XenMobile 10 – Configuration Series Part 1: Installing in FIPS 140-2 Compliance Mode

The latest version of XenMobile includes FIPS 140-2 compliant encryption for mobile apps, ensuring government and enterprise workers can access critical documents and apps securely. XenMobile 10 expands FIPS 140-2 support by encrypting connections from the network to the server and connections to the console. This is in addition to the existing client-side FIPS 140-2 that came with XenMobile 9.

This guide helps you go thru how to install XenMobile 10 in FIPS Compliance Mode.


What is FIPS?

The Federal Information Processing Standard (FIPS), issued by the US National Institute of Standards and Technologies (NIST), specifies the security requirements for cryptographic modules used in security systems. FIPS 140-2 is the second version of this standard.

More detailed information about FIPS and NIST see links:


XenMobile 10 – Installation


– Microsoft SQL Server ready for the XenMobile database.
– SSL certificate installed on the MS SQL and encrypted connections enabled on it.
– Root Certificate exported.

Important: You can enable XenMobile FIPS mode only during initial installation.


Configuring XenMobile 10 for the First Time Use:

After you have downloaded and imported XenMobile 10 virtual appliance into hypervisor, start the virtual machine and open console view.

1. Enter new password for the Admin (CLI) user.


2. Provide Network settings and commit by pressing y and hit Enter.


3. Type y to increase security by generating a random passphrase. The passphrase is used as part of the protection of the encryption keys used to secure your sensitive data.


4. There we are! Type y and hit Enter to enable FIPS mode configuration.

Important: FIPS mode only supports an SSL encrypted remote database connection.


5. Hit Enter to accept the default mi for Microsoft SQL.

6. To enable a secure connection you must copy or import a Root certificate. Hit Enter to accept the default y to upload a root certificate.

7. Type i or c depending can you copy-paste Root Certificate on your console or as in my case it needs to be copied from the IIS server, because I’m using VMWare Fusion and copy-paste won’t work.

8. Enter http URL to import Root Certificate and hit Enter.


9. Enter Database server FQDN and hit Enter.

10. Hit Enter to choose default Database TCP port.

11. Enter Database db_creator credentials.

12. Choose new XenMobile Database name and commit all settings pressing y and hit Enter.


13. Type y to enable Cluster and hit Enter. (not needed yet, but it’s safe to enable already)


13. Type XenMobile FQDN hostname and commit settings pressing y and hit Enter.


14. Hit Enter to choose all default communication ports and commit settings pressing y and hit Enter.


2015-02-23 12_39_23-2015-02-19_1648-2.png - Windows Photo Viewer

15. Enter y to use same password for the all PKI certificates and commit settings pressing y and hit Enter.


16. Hit Enter to choose default username for the Web Console admin account, or change it whatever you want. Enter new password for it can commit settings pressing y and hit Enter.


17. Hit Enter not to upgrade from previous release and you’re done!


18. Notice XenMobile Web Console access URL.


19. Login to the CLI and you’ll see that XenMobile is now configured as in FIPS Compliant Mode.


20. After configuration has finished you should be able to login to the XenMobile Web Console via web browser.




Views: 3300

Read More
Blog, certificate, Citrix, NetScaler, Windows

How to create, export and install SSL certificate from the Windows Server to the NetScaler


This is an example how to create, export and install Windows Server Root CA signed certificate to the NetScaler appliance.

Create Certificate Request on Windows Server:


Choose Request a certificate on your Windows CA:

Choose advanced certificate request:

Choose Submit a certificate…:

Copy-Paste your Certification Request and choose Certificate Template Web Server:

Download and save your certificate:

Complete your Certificate Request:

Open Certificates MMC Snap-in, choose certificate and and export:

Log in to your NetScaler 10.1 and install certificate (for NetScaler 10.5 same method works, GUIs look is just a bit different)

Choose Import PKCS#12:

Choose Output file name whatever you want, browse PKCS#12 certificate file we just exported and type Password we created in certificate export phase:

Choose Manage Certificates / Keys / CSRs:

Download certificate .key file, change filetype association from .key to the .cer and upload it back to the NetScaler:

Choose Install…

Install certificate:

And that’s it! Now you have properly exported and installed certificate on your NetScaler.





Views: 3967

Read More