Hi Team:
I have a client that wants to run Citrix on an ET1. In order to get the connection to server, the CITRIX client needs to access to a HTTPS URL, and for that reason they are installing a certificate in the ET1. The problem is that all appear that the ET1 don't recognise the root certificate, so the connection with the server is not possible.
Do you know where is the storage of the certificates in the ET1, and which type of certificates are compatible with the ET1?
Thank you very much in advance.
Best regards
5 Replies
Alejandro, Take a look at the attached MSP4 Test Fest Presenation. Hopefully this will provide you some answers. Mark
ET1 FTPS doc uses Root Certs, see attached.
People in adjacent threads have certificate issues with FTPS and have SPRs open. Could you be hitting the same issue? Better check with support.
In order to establish trust of an HTTPS Server, the Trusted Keystore needs to have the root certificate(s) for the CA(s) that issued the Server certificate. You do NOT need to have the Server certificate in the Trusted Keystore unless it is also the issuer (i.e. the Server cetificate is self-signed). On all versions of the ET1 prior to Rev D (i.e. Rev A, B, and C), the ONLY way to get a root certificate into the Trusted Keystore is using MSP 4.0. You can do it using Staging (i.e. RD Client on device pulls it from a Relay Server) or using Provisioning (MSP Server pushes it to the device via a Relay Server). Root certificates are deployed via MSP as DER format files (.CER extension). If you are using only a single CA, then you will need to deploy the root certificate for that CA. If you are using a CA chain (e.g. Primary and Intermediate CA), then you will need to deploy the root certificates for all CAs in the trust chain (the immediate issuer of the Server certificate plus all issuers in the chain above that immediate issuer). Consult the MSP 4.0 product documentation and the supplemental deliverables that added support to MSP 4.0 for the ET1 for more information on how to use MSP 4.0 to deploy certificates to the ET1. Beginning with ET1 Rev D, an alternate XML-based method to deploy root certificates into the Trusted Keystore will be provided that does not require using MSP. Stay tuned for documentation to be provided with the Rev D release of the ET1 for information on how to do that.
Hello:
Thank you for the answers, I really appreciate your help. Actually, I'm trying to push the root certificate using MSP4, however I haven't get success. I was reviewing the documentation of the MSP, however I didn't find any step by step example, maybe I'm not searching in the correct documents. In this sense, Do you have a document or guide that you can provide me?
Thank you very much in advance.
Best regards