Well the answer is lots of errors, some event log entries and a pretty un-usable Password manager solution.
I have just seen this in a customer site where an Internal Certifcate Authority server had been used to create the web certificates for the web interface and password manager servers. The certificates expired after a year and Password Manager stopped functioning.
In order to resolve the issue a new certificate was issued from the CA server and assigned to the relevent servers.
We then needed to resign the data following the guidelines in the following admin guide. Pages 316/317
I have just seen this in a customer site where an Internal Certifcate Authority server had been used to create the web certificates for the web interface and password manager servers. The certificates expired after a year and Password Manager stopped functioning.
In order to resolve the issue a new certificate was issued from the CA server and assigned to the relevent servers.
We then needed to resign the data following the guidelines in the following admin guide. Pages 316/317
In simple terms:
1. Create a new certificate.
Run CtxCreateSigningCert.exe from %ProgramFiles%\Citrix\MetaFrame Password Manager\Server folder. Enter the public key file name, the private key file name, and the time, in months, before the signing certificate expires. The new certificate is created.
Example:
ctxcreatesigningcert “C:\PublicKeyCert.cert” “C:\PrivateKeyCert.cert” “36”
2. Resign data at central store using the ctxsigndata command.
Example.
ctxsigndata -r mpmserver.mycompany.com/MPMService "C:\PrivateKeyCert.cert" mycompany.com AD
3. Verify data signatures at central store using the ctxsigndata command.
Example.
ctxsigndata -v mpmserver.mycompany.com/MPMService “https://mpmserver.mycompany.com/MPMService” mycompany.com AD
Done!
No comments:
Post a Comment