Product Documentation

Configuring a Certificate Services Entity by Using XML

May 06, 2015
  1. Find the sample entity in the file. It will be located in a bean similar to the bold text in the following example.
    <list value-type="com.sparus.nps.pki.conf.MsCertSrvEntity"> 
     
    <bean class="com.sparus.nps.pki.conf.MsCertSrvEntityBean"> 
     
    <constructor-arg index="0" type="java.lang.String" value="QA-CertSrv-On-SCEP-ClientCertAuth" /> …. 
     
    </bean> 
     
    </list>
  2. Rename the entity to a name for your organization (for example, Company-MS-CA). This name appears in Device Manager.
  3. Uncomment the bean for the entity by deleting the comment characters before and after the bean. For example, <-- including the exclamation and the ending comment -->.
  4. Specify the serverBaseUrl value in the file which should be the certificate server URL to make a certificate request (for example, https://cert-server.company.com/certsrv). <property name="serverBaseUrl" value="https://serverca.company.com/certsrv/" />
  5. certFinishPageName/certNewPageName: The default values may be used unless the Microsoft Certificate Server is configured to use non-default pages.
  6. Specify the Client Certificate Authentication file, which is the certificate export file that you copied when you exported the client certificate. Modify the following values shown in bold.
     
     
    <property name="authentication"> 
     
    <bean class="com.sparus.nps.pki.conf.ClientCertAuthentication"> 
     
    <property name="keyStoreFile" value="C:\client-certificate-name.pfx" /> 
     
    <property name="keyStoreType" value="PKCS12" /> 
     
    <property name="keyStorePass" value="xxxxxxx" /> 
     
    </bean> 
     
    </property> 
    
  7. Specify a template name to be used for making user certificate requests from Device Manager. The name should match the certificate template name you created for certificate requests. For details, see To create a certificate template for XenMobile certificate requests. Do not use the template display names. For example, "iPhone Encryption" is the display name whereas "iPhoneEncryption" is the template name. Use the template name without any spaces. The properties dialog box of the template should include both display name and the actual template name.
     
     
    <property name="availableTemplates"> 
     
    <list value-type="java.lang.String"> 
     
    <value>CertificateTemplateName</value> 
    
  8. Save the file and then restart the Device Manager server.