Product Documentation

Installing a Signed Server Certificate and Private Key on App Controller

Oct 08, 2015

App Controller includes a server certificate that is not signed by a trusted Certificate Authority (CA). You need to install on App Controller a digital X.509 server certificate that belongs to your company and is signed by a CA. Your company can operate as its own CA, or you can obtain a digital signed server certificate from a commercial CA, such as VeriSign or Thawte.

App Controller accepts a Privacy Enhanced Mail (PEM) format certificate file. PEM is a text format that is the Base-64 encoding of the Distinguished Encoding Rules (DER) binary format. The PEM format specifies the use of text BEGIN and END lines that indicate the type of content that is being encoded.

You can install a secure digital certificate and private key on App Controller in the following two ways:

  • Generate a Certificate Signing Request (CSR) by using the App Controller management console. When App Controller generates the CSR, App Controller creates a certificate and private key. The private key remains on App Controller and the certificate contents are copied and submitted to a CA web site for signing. When the signed certificate is returned, you install the certificate on App Controller. During installation, the signed certificate is paired with the password-protected private key. Citrix recommends that you use this method to create and install secure certificates.
  • Install a PEM certificate and private key from a Windows-based computer. By using this method, you upload a signed certificate and private key together. The certificate is signed by a CA and is paired with the private key.

To install a certificate and private key from a Windows-based computer

If you are using a load balancer or you have a signed digital certificate with a private key that is stored on a Windows-based computer, you can upload the certificate to App Controller. If the App Controller virtual machine (VM) is not located behind a load balancer, the certificate must contain the fully qualified domain name (FQDN) of App Controller. If the App Controller VM is located behind a load balancer, each appliance must contain the same certificate and private key.

  1. In the App Controller management console, click the Settings tab.
  2. In the left pane, under System Configuration, click Certificates.
  3. Click Import and then select Server (.pfx).
  4. In the Import a certificate dialog box, click Browse, navigate to the certificate and then click Open.

    When you upload the certificate to App Controller, you are asked for a password to encrypt the private key.