How to renew Parallels Configuration Manager Proxy PKI certificate

2 users found this article helpful

Information

Parallels Configuration Manager Proxy PKI certificate should be renewed before the end of its validity period. If this certificate will expire, it will not be possible to renew. In this case admin will need to create new certificate, and re-enroll all previously enrolled Macs manually. There is no way to automate this process. The certificate renewal procedure consists of the following steps:

  1. Renewing an existing certificate on the local computer.
  2. Exporting the renewed certificate to a file.
  3. Renewing the certificate in Configuration Manager.
  4. Updating the certificate info in the Parallels Configuration Manager Proxy configuration.

The following describes each step in detail.

Renew a Certificate

To renew a certificate, do the following:

  1. In Windows, go to Start > Run...

  2. Type mmc.exe in the Open box and click OK. This will open the Microsoft Management Console.

  3. In the console, click File > Add/Remove Snap-in to open the Add or Remove Snap-ins dialog.

  4. Click Certificates in the Available snap-ins list.

  5. Click the Add button. Select the Computer account option and click Next.

  6. On the Select Computer page, select Local computer and click Finish.

  7. Click OK to close the Add or Remove Snap-ins dialog.

  8. In the Microsoft Management Console, go to Console Root > Certificates (Local computer) > Personal > Certificates.

  9. Right-click the Parallels Configuration Manager Proxy (PKI) certificate, then click the All Tasks > Advanced Operations > Renew This Certificate with the Same Key... option in the pop-up menu. The Certificate Enrollment wizard opens.

  10. Click Next on the Before You Begin page.

  11. Click Enroll on the Request Certificates page.

  12. Wait for the certificate enrollment process to complete.

  13. Click Finish on the Certificate Installation Result page.

Export the Renewed Certificate

After renewing a certificate, you need to export it to a file, so it can be renewed in Configuration Manager. To export the certificate:

  1. In the Microsoft Management Console, go to Console Root > Certificates (Local computer) > Personal > Certificates.

  2. Right-click the Parallels Configuration Manager Proxy (PKI) certificate, then click the All Tasks > Export... option in the pop-up menu. The Certificate Export Wizard opens.

  3. Click Next on the Welcome page.

  4. Select the No, do not export the private key option and click Next on the Export Private Key page.

  5. Select DER encoded binary X.509 (.CER) and click Next on the Export File Format page.

  6. Type a path and filename for the target certificate file and click Next on the File to Export page.

  7. Review the export summary and click Finish to complete the wizard.

Renew Parallels Proxy Certificate in SCCM

To renew the Parallels Proxy certificate in SCCM, do the following:

  1. In the Configuration Manager console, navigate to Administration > Overview > Security > Certificates.

  2. Right-click the %site-code%, PARALLELS CONFIGURATION MANAGER PROXY (PKI) certificate and click Renew Certificate in the pop-up menu. The Register or Renew ISV Proxy dialog opens.

  3. Make sure that the Renew certificate for an existing ISV proxy option is selected.

  4. Click the Browse button and select the certificate file (the file with the “.cer” extension) that you exported earlier.

  5. Click OK.

Configure Parallels Configuration Manager Proxy

After renewing the certificate in Configuration Manager, the certificate information must be updated in the Parallels Configuration Manager Proxy configuration:

  1. In Windows, go to Start > Run...

  2. Type regedit in the Open box and click OK. This will open the Registry Editor window.

  3. In Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl\Set\services\pma_cm_proxy\Parameters

Note: In PMM v7 registry path is changes as following:

64-bit OS: 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Parallels\Parallels Mac Management for Microsoft SCCM\CmProxy

32-bit OS:

HKEY_LOCAL_MACHINE\SOFTWARE\Parallels\Parallels Mac Management for Microsoft SCCM\CmProxy

4. Change the value of CertificateID to the thumbprint of the renewed certificate (e.g. 152349cbad3047763fc8c4087ad55781f5573601)

5. Restart the Parallels Configuration Manager Proxy service.

Note: Do the following to get the thumbprint:

  1. In the Microsoft Management Console, go to Console Root > Certificates (Local computer) > Personal > Certificates.

  2. Double-click on the Parallels Configuration Manager Proxy (PKI) certificate. This will open the Certificate dialog.

  3. Open the Details tab and find the Thumbprint field

Was this article helpful?

Tell us how we can improve it.