XenMobile Certificate Simplicity

5 Shares

xenmobile certificate simplicity 09

Changing the default XenMobile Certificate to an external trusted SSL Certificate can be a bit complex, but it doesn’t have to be that way. Here’s the fastest way. Thanks to @mrhaapala for the tip during Citrix Synergy 2014.

Install Device Manager with the default XenMobile Certificate, just remember the password you use when defining the external FQDN certificate. Please do not use your administrator password since this is saved in clear text in the configuration files.

xenmobile certificate simplicity

Access https://localhost/zdm to verify the before result.

xenmobile certificate simplicity 07

XenMobile Certificate

Make sure the Root certificates exist in the same path, if not import them.

Right Click your wildcard certificate – Export – Export Private Key – PKCS and check “Include all certificates in the certification path if possible”.

xenmobile certificate simplicity 04

Set the private key password to the same used in the XenMobile Device Manager wizard. Save the file as https.pfx and then rename it to https.p12

Stop the XenMobile Device Manager service and copy the https.p12 file to C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\conf.

xenmobile certificate simplicity 03

Start the XenMobile Device Manager service and verify the new XenMobile Certificate.

xenmobile certificate simplicity 08

iOS enrollment can also be simplified by changing some values in the configuration file. This is possible because we’re using and external trusted SSL Certificate.

Shutdown the XenMobile Device Manager service. Make a backup copy and open the file  ew-config.propterties located in C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\webapps\zdm\WEB-INF\classes.

Change these 2 lines :

ios.mdm.enrollment.installRootCaIfRequired=false and ios.mdm.pki.useSslCertForDigitalSignature=true

xenmobile certificate simplicity 06

And that’s how easy it is to change the XenMobile Certificate to and External SSL Certificate for Device Manager.

Resource :

5 Shares

4 Responses to XenMobile Certificate Simplicity

  1. Hi there. Do users need to re-enroll their devices if xdm cert is updated to a new one? We are already using external ssl cert and is due for renewal soob. I noticed Ios devices have the ssl cert pushed down and installed during enrolment.

Leave a reply