Citrix Endpoint Management

Configuring certificate-based authentication with EWS for Citrix Secure Mail push notifications

February 22, 2024

Contributed by:

K C K

For Citrix Secure Mail push notifications to work, you must do the following:

Configure Exchange Server for certificate-based authentication. This requirement is especially necessary when Citrix Secure Hub is enrolled in Citrix Endpoint Management with certificate-based authentication.
Configure the Active Sync and Exchange Web Services (EWS) virtual directory on the Exchange Mail Server with certificate-based authentication.

Unless you complete these configurations, the subscription to Citrix Secure Mail push notifications fails and no badge updates occur in Citrix Secure Mail.

This article describes the steps to configure certificate-based authentication. The configurations are specifically against the EWS virtual directory on the Exchange Server.

To get started with the configuration, do the following:

Log on to the server or servers where the EWS virtual directory is installed.
Open the IIS Manager Console.
Under the Default Web Site, click the EWS virtual directory.

The Authentication, SSL, Configuration Editor snap-ins are on the right side of the IIS Manager Console
Make sure that the Authentication settings for EWS are configured as shown in the following figure.
Configure the SSL Settings for the EWS virtual directory.
1. Select the Require SSL checkbox.
2. Under Client Certificates, click Require. Or, if other EWS mail clients use a user name and password to authenticate to the Exchange Server, click Accept.
Click Configuration Editor. Go to the following section in the Section drop-down list:
- system.webServer/security/authentication/clientCertificateMappingAuthentication
Set the enabled value to True.
Click Configuration Editor. Go to the following section in the Section drop-down list:
- system.webServer/serverRuntime
Set the uploadReadAheadSize value to 10485760 (10 MB) or 20971520 (20 MB) or to a value as required by your organization.

Important:

If you don’t set this value correctly, certificate-based authentication while subscribing to EWS push notifications can fail with an error code of 413.

Do not set this value to 0.

For more information, see the Microsoft article, Microsoft IIS server runtime.

IIS Manager Console

For more information about troubleshooting Citrix Secure Mail issues with iOS push notifications, see this Citrix Support Knowledge Center article.

Push notifications for Citrix Secure Mail for iOS

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Configuring certificate-based authentication with EWS for Citrix Secure Mail push notifications

February 22, 2024

Contributed by:

K C K

February 22, 2024

Contributed by:

K C K

Configuring certificate-based authentication with EWS for Citrix Secure Mail push notifications

Related information

In this article