Product Documentation

To configure a Microsoft certificate server entity

Dec 21, 2015
  1. In the Device Manager web console, click Options.
  2. In the Options dialog box, from the left side select PKI > Entities.
  3. Click New > New MsCertSrv entity.
  4. In the Add a MsCertSrv entity dialog box, on the General tab enter the following information:
    1. Entity name. Type a name for your new entity, which you’ll use later on to refer to that entity. Entity names must be unique.
    2. Service root URL. The base URL of your Microsoft CA’s web enrollment service; for example, (the URL may use plain HTTP or HTTP-over-SSL).
    3. certnew.cer page name. The name of the certnew.cer page, if you have renamed it for some reason. If not, then you can leave this field empty.
    4. certfnsh.asp page name. The name of the certfnsh.asp page, if you have renamed it for some reason. If not, leave this field empty.
    5. Authentication type. Select No authentication, HTTP-Basic Authentication or SSL client certificate authentication. For the latter, you will have to upload the SSL client certificate to the repository (with its private key) and select it here
  5. Next, select the Templates tab. On this tab, you will need to list the Certificate templates for your Microsoft CA. Note that those must be the internal names, not the display names.
  6. Next, select the Custom HTTP parameters tab. On this tab, you can specify custom parameters that XenMobile should inject in the HTTP request to the Microsoft Web Enrollment interface. This will only be useful if you have customized scripts running on the CA.
  7. Next, select the CA Certificates tab. On this tab, you will be required to inform XenMobile of the signers of the certificates the system will obtain through this entity. When your CA certificate is renewed, all you need to do is update it in the repository and then the change will be effected to the entity transparently.
  8. Click Create.