Product Documentation

Configuring Certificates for SAML Applications

Jun 07, 2013

Some SAML applications, such as ShareFile, Google Apps, and Echosign, require a certificate to communicate with App Controller. After you add the application in App Controller and configure application settings, you download a SAML certificate from App Controller. When you configure settings in the SAML application, you upload the certificate to the application. By doing so, you ensure secure connections between the application and App Controller.

App Controller supports installation of one SAML certificate on App Controller. When you first install App Controller, a SAML certificate is created and appears in the Certificates panel.

The SAML certificate is called If you want to use a custom SAML certificate, you need to upload a .pem certificate that contains only the certificate and private key.

Important: Do not include any chain certificates with the SAML certificate.

When you install the new SAML certificate, App Controller removes any previously installed certificates, including the SAML certificate created during App Controller installation. Only one SAML certificate can reside on App Controller.

You can download a SAML certificate by using one of the two following methods:

  • If you download the SAML certificate for backup, Citrix recommends creating a password to encrypt the certificate with a private key.
  • If you download the SAML certificate for use with SaaS applications, do not include the password. Private keys should not be included with the certificate in this instance.

To download a SAML certificate

  1. In the App Controller management console, click the Settings tab.
  2. In the left pane, under System Configuration, click Certificates.
  3. Under Certificates > All Certificates, select the SAML certificate and then click Export.
  4. In the Export Certificate dialog box, in Password and Confirm Password, enter the password for the certificate.

    Only supply the password if you are backing up the certificate and storing it on your computer.

  5. To export the private key with the certificate, click Export with private key and then click OK to save the certificate to your computer.

    Select this option only if you are backing up the certificate.

  6. Navigate to the location on your computer where you want to save the certificate and then click Save.