Streaming Linux Desktops using Citrix Provisioning Services 7.12 – Part 1

Self-signed Certificate Creation for the PVS Soap Service

When configuring PVS for streaming Linux desktops, the Linux target devices must be linked to the PVS Soap server via an SSL connection.  The CA cert must be present on both the PVS server and the target device.  In the PVS Configuration Wizard for 7.12, a new prompt was added to choose the proper certificate from the PVSSoap container, specifically for Linux desktops.

Current documentation states that in order to configure this, the Windows SDK must be installed on the PVS server.  The sole purpose of the SDK installation is for the availability of makecert.exe.  The installation of an SDK for this purpose is unnecessary and may introduce security vulnerabilities.  Furthermore, makecert is now deprecated and has been replaced by the PoSh command New-SelfSignedCertificate.

Using the following PoSh command, it is now possible to create the self-signed certificate without installing the SDK and foregoing the use of makecert.exe:

New-SelfSignedCertificate -Type SSLServerAuthentication -Container PVSSoap -Subject "CN=PVS-01.fqdn" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable

Linux - PVSSelfSignedCertPoSh

The generated certificate is untrusted and should be imported into the Trusted Root Certificate Authority.

Following the certificate generation using the PoSh script, the certificate prompt in the PVS Configuration Wizard will populate the appropriate certificate.  To choose the certificate, click on it and ensure that it is highlighted in blue, and continue through the wizard.

Linux - PVSConfigWizardChooseCert

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s