AppV 5.1 – Configuring SSL for AppV Management/Publishing and Reporting Services

This is a follow on my previous post – Installing Microsoft App-V 5.1 on Windows Server 2016 and Load Balance AppV 5.1 using Netscaler 11.x/12.x on how to secure the communication within App-V by using SSL instead of the default HTTP

NOTE: Before continuing , please ensure you have a valid certificate authority in the domain to send and authorise the certificate require. No Adjustement to the Load Balancer is required as it is configured with TCP rather than  HTTP.

Configure App-V Web Services for SSL

Step 1: Load Internet Information Services (IIS) on the AppV Server, then Select Server certificates


Step 2: At the Action Panel, Select Create Domain certificate


Step 3: Enter the following information, then Click Next

  • Common Name: LAB-APPV.WILKYIT.COM (the load balanced name of AppV)
  • Organization: WILKYIT.COM
  • Organizational Unit: WILKY
  • City/Locality: BELFAST
  • State/Province: UK
  • Country/Region: GB


Step 4: At Online Certificate Authority, Click Select at Specify Online Certificate Authority


Step 5: Select the appropriate CA, in my case the below is selected.


Step 6: Enter a common friendly name for the certificate and click Finish


Step 7: Confirm the certificate now appears on the Server Certificate list.APPV-SSL7

Step 8: Select Microsoft App-V Management Service under sites, Under Action/Edit Site Click Bindings


Step 8: Select the http site, Click EditAPPV-SSL9

Step 9: Change the Port number to a unused port (in my case 50007). Click OK


Step 10: Confirm setting are applied, Click Add


Step 11: Select the following, then Click OK

  • Type: HTTPS
  • IP Address: All Unassigned
  • Port: 50001 (this is the orginal port configred during installation)
  • Host Name: leave Blank
  • SSL Certificate: LAB-APPV


Step 12: Select the http site configured on Port 50007, Click RemoveAPPV-SSL13

Step 13: Click Yes to confirm binding is being removed.


Step 14: Confirm only binding left is the type: https Port: 50001


Step 15: Repeat the same for the Publishing Service/Reporting Service (Step 1-14)

Publishing Service

Use Unused port 50008 during re-configuration in Step 9

  • Type: HTTPS
  • IP Address: All Unassigned
  • Port: 50002 (this is the orginal port configred during installation)
  • Host Name: leave Blank
  • SSL Certificate: LAB-APPV

Reporting Service

Use Unused port 50009 during re-configuration in Step 9

  • Type: HTTPS
  • IP Address: All Unassigned
  • Port: 50003 (this is the orginal port configred during installation)
  • Host Name: leave Blank
  • SSL Certificate: LAB-APPV

Step 16: Repeat all of the above step on additional App-V Server, exporting the Certificate generated in Step 3-6 as a PFX and importing into the 2nd App-V Server

Confirm SSL communicaiton

Step 1: Access the App-V Management Service on


Step 2: Confirm no certificate warning’s or issues with certificate by click the Lock icon on URL bar


Step 3: Confirm with the Publishing/Reporting services as well.



  1. Hi,

    Thanks for writing this. I found your blog very useful.

    When I implemented this I got event ID 102 (warning), and 103 (error) on my Publishing Server, and my clients didn’t get packages. The message was “Message: DownloadMetadataError (URL: http://localhost:50001/Publishing/Metadata/)” where you can see the URL is wrong as it should be https. Another blog suggested changing HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Server\PublishingService\PUBLISHING_MGT_SERVER to the FQDN (, and that seems to work.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s