XenMobile Device Manager and SAN Certificates

I knew that most Citrix components work with SAN certificates, as per the eDocs at http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-certificates-con.html.  However when installing my first site that wanted to use a SAN certificate for their XenMobile Device Manager server, it would not accept the SAN certificate during the setup process.

xm-sancert

Note in the above screenshot, the certificate and password are accepted but you cannot click Next, and the FQDN and other details are not picked up from the certificate.

There is an easy way round this however, instead complete your XenMobile install using the self signed certificate that gets generated during the install.  Then swap the self-signed certificate for your SAN certificate by following this excellent post from Port25Guy:

http://port25guy.com/2013/11/18/import-a-3rd-party-certificate-into-xenmobile/

Once you have followed the above instructions and restarted the XenMobile service, the console should be accessible, and devices able to communicate with the XDM server and enroll etc using the SAN certificate without complaints.

XenApp / XenDesktop, Android 4.0 and Certificates

I’ve encountered various certificate related issues with Citrix Receiver on mobile devices over the years, and most of the time the issues related to incorrectly installed or configured certificates.  Some of the common issues are the intermediate or root certificates aren’t installed, or the certificates aren’t linked correctly.

However Android 4.0 however seems to be fussier about certificates, and I’ve had working setups with Android 2.3 stop working under Android 4.0 (while Windows/Mac/iOS etc work all along).  To help assist those thinking about a new certificate, here are a couple of certificates that I have found to work 100% reliably with Android as well as some I know that seem to have issues:

Working Certificates:
GeoTrust TrueBusinessID http://www.geotrust.com/ssl/ssl-certificates/
GeoTrust TrueBusinessID Wildcard http://www.geotrust.com/ssl/wildcard-ssl-certificates/
GoDaddy Standard or Premium SSL http://www.godaddy.com/ssl

Certificates I have had trouble with:
RapidSSL http://www.rapidssl.com/
Digicert http://www.digicert.com/

There will be more certificates out there that work reliably, but I have not tried them – once I discovered the GeoTrust ones work reliably I’ve stuck with them.  If you have reliable experiences with other certs, feel free to post a comment so we can all benefit from each other’s experiences.