Changing the default XenMobile Certificate to an external trusted SSL Certificate can be a bit complex, but it doesn’t have to be that way. Here’s the fastest way. Thanks to @mrhaapala for the tip during Citrix Synergy 2014.
Install Device Manager with the default XenMobile Certificate, just remember the password you use when defining the external FQDN certificate. Please do not use your administrator password since this is saved in clear text in the configuration files.
Access https://localhost/zdm to verify the before result.
XenMobile Certificate
Make sure the Root certificates exist in the same path, if not import them.
Right Click your wildcard certificate – Export – Export Private Key – PKCS and check “Include all certificates in the certification path if possible”.
Set the private key password to the same used in the XenMobile Device Manager wizard. Save the file as https.pfx and then rename it to https.p12
Stop the XenMobile Device Manager service and copy the https.p12 file to C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\conf.
Start the XenMobile Device Manager service and verify the new XenMobile Certificate.
iOS enrollment can also be simplified by changing some values in the configuration file. This is possible because we’re using and external trusted SSL Certificate.
Shutdown the XenMobile Device Manager service. Make a backup copy and open the file ew-config.propterties located in C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\webapps\zdm\WEB-INF\classes.
Change these 2 lines :
ios.mdm.enrollment.installRootCaIfRequired=false and ios.mdm.pki.useSslCertForDigitalSignature=true
And that’s how easy it is to change the XenMobile Certificate to and External SSL Certificate for Device Manager.
Resource :
Hehe, noticed just now this post 😀
Better late than never 🙂
Hi there. Do users need to re-enroll their devices if xdm cert is updated to a new one? We are already using external ssl cert and is due for renewal soob. I noticed Ios devices have the ssl cert pushed down and installed during enrolment.
Now I guess not, but would verify in the Citrix forum. Re-enroll would be really stupid!