How to create a new self signed certificate for Citrix VDI-in-a-Box

ssh into your vdi-in-a-box server as user kvm

# Make our temp working area

mkdir keystore
cd keystore

# Run the following command which will create a new keystore, new keypair, a self signed cert that will last 10 years.
# Change HOSTNAME to your public DNS name. eg, remote.acme.com

keytool --genkey --dname "CN=HOSTNAME, OU=VDI-in-a-Box, O=YOUR-BUSINESS,  
 L=YOUR-CITY, ST=YOUR-STATE, C=US" --alias HOSTNAME --keyalg RSA --keysize 2048 --validity 3650 
--keystore kmgr.keystore

# cd into /home/kvm/kvm/install/servlet_container/conf

cd /home/kvm/kvm/install/servlet_container/conf

# Backup the old keystore

mv .keystore .Original-keystore

# Backup the server.xml file

cp server.xml server.Original.xml

# edit the server.xml file
# Find the clientAuth line by searching/typing:
# /clientAuth=
# Verify the keystorePass=”password” entry does not already exist in entire Define a SSL HTTP/1.1 Connector on port 8443 section. Add the following line, # replacing “password” with your keystore password:

EG.

    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
               keystoreFile="conf/.keystore"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>

Would look like:

    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
               keystoreFile="conf/.keystore"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
                keystorePass="YOUR-KEYSTORE-PASSWORD"/>

# restart Tomcat

tc_start

Check your new self signed cert is shown in the browser!