XenMobile 10 Remote Database Secure Connection (SSL) 

1.    Configuration of XMS from CLI


Our goal here is to provide detailed information on performing the initial XMS initial configurations for remote database with secure connection(SSL). This includes step-by-step instructions (with screenshots).


  1. XMS Virtual Machine
  2. Network details
  3. MS-SQL database server details
  4. Root certificate to connect to database
  5. HTTP/S ports information

Configure XMS from CLI Command Line Interface

Follow the below steps in sequence if you are configuring the XMS for the first time. Before configuring the XMS make sure you have required pre-requisites in place.

  • Open the console of the VM from the hypervisor (XenServer/VMware/Microsoft) and enter a new password for Admin account. This account would be used to login to XMS CLI console

  • Provide the network configuration details as below
  • Use the default password for data protection/encryption by typing ‘y’.
Note: If you need to enter your own password instead of system generated, it should be 12 characters long.
  • Enable FIPS by typing ‘y’, here I have typed ‘n’ for no.
Note: When you enable FIPS mode, you need to manage only remote database and that should be accessible by host name. You will also be prompted to provide the SSL certificate for the remote database.
  • To Configure Remote Database type ‘r’ and hit enter.
  • Depending upon type of database, please select MI SQL or PostgreSQL and type in ‘Y’ to use SSL.
  • Type ‘Y’ to Upload Root certificate to communicate to remote database securely.
  • You can upload Root certificate in two ways:
    1. By opening up the root certificate in a notepad and coping the content into below XMS CLI or
    2. BY importing the certificate from shared location (i.e. using iiS). Please refer to Appendix section of this document.

    Let us first try to import the root certificate by coping the content (i.e. Step 1).

  • Copy and paste the entire root certificate content into below CLI option and hit enter.
  • Enter the SQL/PostGreSQL server FQDN, Port Number, username, password and provide a Database name.
  • After providing the above information please hit ‘Y’ to commit.
  • If you want to enable cluster hit ‘Y’ if not hit ‘N’
  • Enter the FQDN for the XenMobile Server and hit ‘Y’ to commit the changes.
  • Choose the default ports and hit ‘Y’ to commit.
Note: It is recommended to go with default ports. However, if you need to modify the ports, you can go ahead and change them.

  • Enter the passwords for the PKI certificates.

Note: It is recommended to go with one password for all the certificates. However, if you want to enter different passwords for each certificate, type ‘n’ and enter the passwords.

  • Create the administrator account, with which you want to login to XMS server UI
  • If this is a new installation of XenMobile Server, type ‘n’. If this is an upgrade of an existing XenMobile installation, type ‘y’
  • Once the configuration is complete, you will get the login prompt

You can now continue with UI configurations by accessing the XMS via browser. The URL would be https://<hostname>:4443

  • This concludes the document on configuring XMS server SSL communication to remote database.
2.    Appendix

How to import the root certificate for remote database connection from a shared location.

  • First create a IIS website and upload the root certificate into this site by following the steps below:
    • Create a folder in the following location and copy Root.cer certificate into this location on IIS server C:\inetpub\wwwroot\<Folder Name>  (Ex: C:\inetpub\wwwroot\RootCertificate).
    • Go to IIS right click on Default Web Site and Add Virtual directory.
    • Provide an Alias name and browse to the folder created in above step and click ok.
    • Select the Virtual Directory Created in the above step and select Directory browsing and click enable.
  • In the section below where you select Copy or Import, instead of selecting option ‘c’ now, please select option ‘I’ to import the certificate from the above IIS website and enter the URL to download the root certificate.

  • Enter the SQL/PostGreSQL server FQDN, Port Number, username, password and provide a Database name to commit the changes.

Hit Enter key or ‘y’ to continue

Hit Enter key or ‘y’ to continue