Issue:
When deploying PKI certificate deployment is un-successful
Following error message seen when looking into Device → Delivery Groups
Mobileconfig sent : PKI Test Policy (Command preparation failed: java.lang.RuntimeException: Could not create mobileconfig PKI Test Policy)
Following error is seen in the XMS logs
Caused by: java.lang.IllegalStateException: Returned certificate is not signed by specified CA: PublicKeyCertificate[{CN=test, DC=test, DC=local}, serial=12345567890, trusted=false, issuer=null]
Cause:
The serial number of the certificate that has singed the CSR does not match the serial number that XenMobile expects.
This is due to a wrong Issuing CA certificate being selected in
Settings → Credential Providers → your credential provider → Distribution
Resolution:
Check the serial number of the serial number of the “issuing” certificate of your CA against the serial number in XenMobile, if mismatched do the following
- Upload the issuing certificate into the certificate store on XenMobile (uploading as “Server” certificate should be sufficent)
- Go to Settings → PKI Entities → Modify your PKI Entity → CA Certificates and select the new certificate
- Go to Settings → Credential Providers → your credential provider → Distribution and select the new certificate in the Issuing CA certificate dropbox
Citrix article available here: