XenMobile – Apple APNS certificate Creation steps

APNS certificate is required to manage IOS devices from XenMobile. This post will cover the detailed steps to create Apple APNS certificate for XenMobile. All you need is just an account with apple and Citrix.


  1. Netscaler or a Windows server with IIS installed for APNS certificate CSR creation.
  2. My Citrix account to sign the CSR from Citrix.
  3. Apple Account for submitting and downloading APNS Certificate.

Note: step1 and part of Step3 can be done on windows server as well over IIS – Create CSR and complete the cert request on the same windows server.

Step 1: Create Key file & CSR from Netscaler

Navigate to Traffic Management – SSL – SSL files – keys

Select Create RSA Key

  • Provide Key file name
  • Key size: 2048 Bits
  • Public Exponent value: F4
  • Key format : PEM
  • Algorithm : DES3
  • Provide PEM passphrase, this is required while completing and exporting certificate request

Select CSR tab – Click Create CSR

Provide the CSR file Name,browse to key file created above, provide the details as shown below. Common name can be MDM url name.

Download the CSR as shown below.

Step 2: Sign the CSR from Citrix

Login to https://tools.xm.cloud.com/ or https://xenmobiletools.citrix.com with mycitrix credentials.

Select request push notification certificate signature.

Select upload CSR and select the CSR file created in step1

Click sign and it will be signed and a .plist file will be downloaded.

Step 3: APNS certificate Generation from Apple portal

Click on apple certificate request portal as shown below.

login to the portal using your apple ID.

Click on create a certificate

Accept to agree the terms

Select choose file and upload .plist file – Click upload

Download the certificate once done.

Step 4: Complete APNS certificate request and Create APNS pfx file

Below steps will complete the certificate request.

Navigate to Traffic management – SSL – Certificates – server certificates – Click install

  • Provide Name: MDM_APNS
  • Certificate File Name:  PEM file download from apple site.
  • Key file: RSA key file created in step1
  • password: password given for key file in step 1.

The certificate can be found under client certificates as shown below.

APNS Certificate is needed on XenMobile server, its not required on Netscaler. So we need to upload in pfx format and import in XenMobile server.

Select SSL and Click on Export certificate

  • Provide a Name for PFX file
  • Certificate file Name: PEM file installed above.
  • Key file: key file created in step 1
  • Export password: this will be used to import in XenMobile server.
  • PEM Passphrase: key file password given in step 1.

The pfx file will be created in netscaler.

Click on manage key files and download the pfx file

select the pfx file and download. This will be imported in XenMobile server.


Hope this post is useful.

Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Automation,Network Virtualization, Digital Workspace, VDI, HCI and Virtualization products from VMWare, Citrix and Microsoft.

Leave a Reply

Your email address will not be published.

Show Buttons
Hide Buttons