Connect with us

Hi, what are you looking for?

Citrix XenMobile

How to export an APNs SSL cert and key from one Citrix XenMobile appliance to another

xenmobile-10-3-5
In this example I will show you how to export an SSL cert like an APNs (Apple Push Notification service) cert from one XenMobile appliance to another. And yes Apple wants you to spell it APNs instead of APNS. In this example I’m using the latest 10.3.5 version of XenMobile on both appliances. If you login and hit the Gear icon in the corner and go to Settings > Certificates, you can see the APNS cert has the private key available (the green check mark):

1

When you click on the APNS cert you will see a box come up giving you the option to Export. Click Export:

2

You’ll be asked to create an export password so you can decrypt and use it on the other appliance you are migrating the cert to. Type in your password twice and hit export:

3

The resulting file will be called “certificate.pem” and if you open it in Notepad, you will see the RSA Private key section at the top and the cert at the bottom. This is proof that both the cert and the private key have been exported:

4

Now go to your other XenMobile appliance you are migrating to. Login and click the Gear > Settings > Certificates. Click Import at the top:

5

The Import wizard will pop up:

6

You need to set the Import to “Keystore” and Use as “APNs” since this is an APNs cert:

7

If you attempt to use the “certificate.pem” with the password you had created, you may get an error message saying “Error The imported file is invalid” like this:

8

The easy way to get around this message is to convert your .pem file into .pfx format. You will need to download OpenSSL for Windows and install it. Once you have installed it open up C:\OpenSSL-Win32\bin in Windows explorer and copy your “certificate.pem” into it. You can leave it wherever it is as well but to make this syntax simple for you in this example I have kept everything in the root of bin. Now open up cmd and type this:

openssl pkcs12 -export -in certificate.pem -inkey certificate.pem -out XM-new-certificate.pfx

You will be prompted for the password you used earlier. Then you will prompted to create a new export password and to verify. You can use the same password if you wish. This will create a new “XM-new-certificate.pfx” file in the bin folder.

9

Now go to your XenMobile appliance and browse to the “XM-new-certificate.pfx” file and put in all the same settings as before as well as the password you just created:

10

Now your cert will install just fine. In my case I had already ran through this example once before making the screenshot so it’s asking me if I want to overwrite. I say OK:

11

and now the cert appears in the console installed and the private key is there as well:

12

Hope this helps. Please feel free to leave a question or comment below.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Apache

Today I would like to go over proper URL redirection when using SSL but first I would like to preface this by describing what...

Citrix Workspace

You can use FIDO2 hardware security keys plugged into your physical desktop over the Citrix HDX remoting protocol for use with virtualized Windows Desktop...

Exchange 2003

A useful Exchange 2003 guide I wrote for a friend’s blog originally but I am posting it here on mine now for your viewing...

Cloud Design Architecture

The community-driven paperback book initiated by my friends Bas van Kaam and Christiaan Brinkhoff is available for sale on Amazon. If you haven’t picked...

JasonSamuel.com began in 2008 as a way for me to give back to the IT community. This website features the latest news and how-to's on enterprise mobility, security, virtualization, cloud architecture, and other technologies I work with. This website has evolved over time to become a go-to reference hub for these technologies. It receives hundreds of thousands of unique visitors from all over the world each month. More details on the About Me page.
Copyright © 2008-2023 JasonSamuel.com