How to create a new self signed certificate for Citrix VDI-in-a-Box
ssh into your vdi-in-a-box server as user kvm
# Make our temp working area
mkdir keystore cd keystore
# Run the following command which will create a new keystore, new keypair, a self signed cert that will last 10 years.
# Change HOSTNAME to your public DNS name. eg, remote.acme.com
keytool --genkey --dname "CN=HOSTNAME, OU=VDI-in-a-Box, O=YOUR-BUSINESS, L=YOUR-CITY, ST=YOUR-STATE, C=US" --alias HOSTNAME --keyalg RSA --keysize 2048 --validity 3650 --keystore kmgr.keystore
# cd into /home/kvm/kvm/install/servlet_container/conf
cd /home/kvm/kvm/install/servlet_container/conf
# Backup the old keystore
mv .keystore .Original-keystore
# Backup the server.xml file
cp server.xml server.Original.xml
# edit the server.xml file
# Find the clientAuth line by searching/typing:
# /clientAuth=
# Verify the keystorePass=”password” entry does not already exist in entire Define a SSL HTTP/1.1 Connector on port 8443 section. Add the following line, # replacing “password” with your keystore password:
EG.
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystoreFile="conf/.keystore" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"/>
Would look like:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystoreFile="conf/.keystore" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" keystorePass="YOUR-KEYSTORE-PASSWORD"/>
# restart Tomcat
tc_start
Check your new self signed cert is shown in the browser!