Citrix Virtual Delivery Agent for macOS

Configure VDA with Enterprise / Domain Certificates

August 1, 2025

Contributed by:

Besides DDC self-signed certificates, there is another option to configure VDA with AD CS issued CA certificates, so that you can configure all Citrix components with one CA certificate. Follow the instructions to Configure VDA with Enterprise/Domain certificates.

Install Active Directory Certificate Services

Log on Active Directory Server, Open Server Manager and click Manage, and then click Add Roles and Features. The Add Roles and Features Wizard opens.

Roles

In Select Server Roles, in Server Roles, select Active Directory Certificate Services.

Active Directory

In Role Services, Click following items

Web

In Confirmation,, Click Install

Install

For more information, see Install the certification authority.

Configure Active Directory Certificate Services

In Server Manager, click on AD CS on the left pane. If there is a warning mark, then click on the flag on the right corner, then click Configure Active Directory Certificate Services to start the configuration

Configure

Role Service

Setup Type

CA Type

Private Key

Cryptography

Confirmation

Server

Role Service

Authentication

Service

Authentication CEP

Confirm

Create Customized Web Server Certificate Template

On Active Directory Server, Open Certification Authority

Certificate

Create customized certification template

Template

Web Server â†’Duplicate Template

Duplicate

Configure the Properties of New Template

Properties

Properties 1

Properties 2

Properties 3

Back to Certification Authority to issue the Certificate Template

Certificate New

Test Web Server

Install Certificate on DDC

First on DDC machine, open (http://<AD CS machine IP>/certsrv) via the browser to download and install the certificate

DDC

DDC 1

Double click on the downloaded certificate file to install

DDC 2

DDC 3

DDC 4

DDC 5

DDC 6

Request New Certificate on DDC

On DDC machine, open MMC and Request New Certificate as following

New Certificate

NC 7

NC 2

NC 3

NC 4

NC 5

NC 6

Binding Certificate on DDC IIS

On DDC machine, open IIS and Edit Site Binding.

Binding

Binding 1

Note:

There is no need to reboot IIS or server after changing SSL certificate for DDC site.

WebStudio is a prerequisite for websocket VDA since token generation is only available in WebStudio.

If there are multiple DDC machines, the step to bind the certificate shall be done for all DDC machines, and ensure they are all binding the same certificate.

Install the Certificate on Mac

There are two ways to install the AD CS issued certificate on the Mac machine Method1:

On DDC machine, open the Manage computer certificates by certlm.msc command.

Make sure to select the certificate which is selected in Step Binding Certificate on DDC IIS and Export the certificate.
Transfer the exported certificate in above step to Mac machine,execute the following commands in Terminal App to trust the certificate:

sudo security add-trusted-cert -d -r trustAsRoot -p basic -p ssl -k /Library/Keychains/System.keychain <path/to/cert file name>
Open Keychain Access app, double confirm the certificate is added to System keychain and trust it for Secure socket Layer(SSL) and X.509 Basic Policy.

mac4

Method2:

On Mac machine, open the Browser and input http://<AD CS IP>/certsrv
Execute the following commands in Terminal App to trust the downloaded certificate in above step

sudo security add-trusted-cert -d -r trustRoot -p basic -p ssl -k /Library/Keychains/System.keychain <path/to/cert file name>
Open Keychain Access app, double confirm the certificate is added to System keychain and trust it for Secure socket Layer(SSL) and X.509 Basic Policy

Install Citrix VDA for macOS

To install Citrix VDA for macOS, see install VDA.

After installation, open the VDA Configuration app to finish the Enrollment and Registration.

vda

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Configure VDA with Enterprise / Domain Certificates

August 1, 2025

Contributed by:

August 1, 2025

Contributed by:

Configure VDA with Enterprise / Domain Certificates

Install Active Directory Certificate Services

Configure Active Directory Certificate Services

Create Customized Web Server Certificate Template

Install Certificate on DDC

Request New Certificate on DDC

Binding Certificate on DDC IIS

Install the Certificate on Mac

Install Citrix VDA for macOS

In this article