Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

119  Download (0)

Full text

(1)

Learning the Basics of

Citrix Web Interface 4.6,

Citrix Secure Gateway 3.1

and GoDaddy Wildcard

SSL Certificate

Carl Webster

CTP, CCIA, CCEE, CCEA

(2)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 2

Published by Carl Webster

Tullahoma, TN 37388 First published 2011 by Carl Webster

Copyright ©Carl Webster 2011 All Rights Reserved

(3)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 3

Contact Info:

webster@carlwebster.com

Article web site: http://CarlWebster.com

(4)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 4

There are three methods to allow users to access published applications in a XenApp Farm:

• Web Clients (now called XenApp Web Plug-in)

• PNAgent (now called XenApp Plug-in)

• Program Neighborhood

The most popular are the Web Clients and PNAgent. Using the Web Interface without any additional hardware or software requires that a Public IP address be available for every XenApp server in the Farm that serves published applications. To minimize the use of Public IP addresses, ease firewall traversal and provide a secure and encrypted connection between the XenApp servers and client devices, Citrix provides the free Secure Gateway software. The Secure Gateway authenticates users connecting from the Internet and establishes a secure channel between the client devices and the XenApp servers.

In this article, you will learn:

• Install Windows prerequisites for Web Interface

• Install Web Interface 4.6

• Install the Access Management Console Update for Web Interface 4.6

• Create and configure a basic XenApp site

• Test unsecure access to published applications

• Generate certificate request

• Purchase a Wildcard SSL Certificate from GoDaddy

• Complete the certificate request

• Export the SSL Certificate's Private Key for use on additional servers

• Test secure access to published application

• Install and configure Citrix Secure Gateway 3.1

• Test secure internal and external access to published applications

For this article series, a Windows Server 2003 R2 x86 server, with a static IP address, that is not a domain member will be used. Citrix Best Practice is for the Secure Gateway server to be placed in a DMZ. All Windows Updates, with the exception of Microsoft .NET Framework 3.5 Service Pack 1, have been applied. The Web Interface install files are from the XenApp 5 for Server 2003 CD images.

Before beginning, you need to fix a bug in the installation files. The version of the Web Interface that will be installed with XenApp 5 on Server 2003 is not Web Interface 5 but Web Interface 4.6. The Citrix Clients that will be installed are the Version 11 clients. Web Interface 4.6 does not know how to use the Version 11 client files. You need to rename one of the client files to allow Web Interface 4.6 to work properly for this article series. This has been documented in Citrix Support Article CTX118567.

In your Component CD install files for XenApp 5 for Server 2003, double-click the Clients folder (Figure 1).

(5)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 5

Figure 1

Double-click the ica32 folder (Figure 2).

Figure 2

You now see the three Version 11 Citrix Client files (Figure 3).

(6)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 6

Figure 3

The file you need to rename is XenAppWeb.msi. Right-click XenAppWeb.msi and select Copy (Figure 4).

Figure 4

Right-click an empty area just underneath XenAppWeb.msi and select Paste (Figure 5).

(7)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 7

Figure 5

You will now have a file named Copy of XenAppWeb.msi. Right-click that file and select Rename (Figure 6).

Figure 6

Rename the file to ica32web.msi (Figure 7).

(8)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 8

Figure 7

You have completed the steps documented in CTX118567. You are now ready to begin installing the Windows prerequisites for Web Interface 4.6.

Web Interface 4.6 requires the following Windows components:

• Application Server

• IIS

• ASP.NET

Installing Web Interface 4.6 form the CD's Autorun.exe will install .NET Framework 2.0, Visual J# 2.0 and ASP.NET 2.0.

Click Start, Control Panel, Add or Remove Programs (Figure 8).

(9)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 9

Figure 8

Click Add/Remove Windows Components (Figure 9).

Figure 9

Check Application Server (Figure 10) and then click the Details button.

(10)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 10

Figure 10

Check ASP.NET and then click OK (Figure 11).

Figure 11

Click Next (Figure 12).

(11)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 11

The necessary Windows Prerequisites are installed. After the installation is complete, exit Add or Remove Programs and apply any additional Windows updates except for Microsoft .NET Framework 3.5 Service Pack 1.

NOTE: XenApp was previously known as Presentation Server and before that as MetaFrame. Citrix renamed Presentation Server to XenApp in February 2008. This is very confusing but you will still see references to all three product names in various places. The Citrix web site, MyCitrix.com and tech support articles refer to XenApp. The installation and most product documentation refer to

Presentation Server. Most of the event log entries still refer to MetaFrame. The MetaFrame product name has not been used since 2005. Another point of confusion is the product component name Web Interface. Web Interface has been the component name since sometime between 2001 and 2003. The prior component name was nFuse. You will still see the name nFuse in many Citrix configuration files.

When Citrix released XenApp 5 for Server 2008 they also rebranded Presentation Server 4.5 with Feature Release 1 as XenApp 5 for Server 2003. There is NO core difference between XenApp 5 for Server 2003 and Presentation Server 4.5 with Feature Release 1. Even though you are installing what Citrix calls XenApp 5, ALL the installation screens, prompts and documentation still refer to the product as Presentation Server 4.5.

From your install files for the XenApp 5 for Server 2003 CD1, double-click the Autorun.exe file (Figure 12).

(12)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 12

Figure 12

Click Product installations and updates (Figure 13).

Figure 13

Click Install Citrix Presentation Server 4.5 and its components (Figure 14).

(13)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 13

Figure 14

Click I accept the license agreement (Figure 15) AND scroll all the way down to the end of the Citrix License Agreement or click in the License Agreement box and press Ctrl+End. If you do not scroll to the bottom, you will receive an error. Click OK on the error.

Figure 15

(14)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 14

Click Next (Figure 16).

Figure 16

Click Next (Figure 17).

Figure 17

(15)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 15

In Figure 18 you will not install Citrix Presentation Server, Presentation Server Console or Docuemnt Center.

Figure 18

Left-click each one and select Entire feature will be unavailable (Figure 19).

Figure 19

(16)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 16

Click Next (Figure 20).

Figure 20

Click Next (Figure 21).

Figure 21

Click Next (Figure 22).

(17)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 17

Figure 22

Click Next (Figure 23).

Figure 23

Click Finish (Figure 24).

(18)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 18

Figure 24

After a few minutes, Figure 25 appears. Click Next.

Figure 25

Click Next (Figure 26).

(19)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 19

Figure 26

Click Install the Clients from the Components CD-ROM and click Browse (Figure 27).

Figure 27

Browse to the Components CD and double-click the Clients folder (Figure 28).

(20)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 20

Figure 28

Click OK (Figure 29).

Figure 29

Click Next (Figure 30).

(21)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 21

Figure 30

Click Next (Figure 31).

Figure 31

Click Finish (Figure 32).

(22)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 22

Figure 32

Click Finish (Figure 33).

Figure 33

(23)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 23

Web Interface 4.6 has now been installed. The Management Console Update needs to be installed before any Web Interface sites are created. Go to http://www.MyCitrix.com , login to your account and click Downloads (Figure 34).

Figure 34

Click the dropdown under Search Downloads by Product and select Citrix XenApp (Figure 35).

Figure 35

Scroll down under Components and click on Web Interface 4.6 Access Management Console Extension (Figure 36).

(24)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 24

Figure 36

Click Download (Figure 37).

Figure 37

Click HTTP (Figure 38).

(25)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 25

Figure 38

Click Click here to start the HTTP download (Figure 39).

Figure 39

Save the file to the server's desktop (Figure 40).

(26)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 26

Figure 40

Exit the HTTP download dialog and click Back to results (Figure 41).

Figure 41

Scroll down under Components and click Secure Gateway 3.1 (Figure 42).

(27)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 27

Figure 42

Click Download on the English version (Figure 43).

Figure 43

Check I have read and certify that I comply with the above Export Control Laws and click Accept (Figure 44).

Figure 44

Download the file to the server's desktop (Figure 45).

(28)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 28

Figure 45

Exit the Citrix Download Manager when the download completes.

Exit your Internet browser.

Double-click the 2392.zip file (Figure 46).

Figure 46

Extract the files to C:\AMC4.6.

Click Start, Run, type in c:\amc4.6\2392\CtxInstall.exe and press Enter (Figure 47).

(29)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 29

Figure 47

Click Next (Figure 48).

Figure 48

Click I accept the license agreement and scroll down to the end of the license agreement and then click Next (Figure 49).

(30)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 30

Figure 49

Click Next (Figure 50).

Figure 50

Click Next (Figure 51)

(31)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 31

Figure 51

Click Finish (Figure 52).

Figure 52

Click Start, All Programs, Citrix, Management Consoles, Access Management Console (Figure 53).

(32)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 32

Figure 53

Click Next (Figure 54).

Figure 54

The Presentation Server components should not be installed on either a Web Interface or Citrix Secure Gateway server.

(33)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 33

Uncheck Presentation Server and click Next (Figure 55).

Figure 55

Select Do not contact servers running the configuration service and click Next (Figure 56).

Figure 56

Click Next (Figure 57).

(34)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 34

Figure 57

Click Finish (Figure 58).

Figure 58

Click Web Interface and then in the middle column under Common Tasks, click Create Site (Figure 59).

(35)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 35

Figure 59

Select Access Platform site and click Next (Figure 60).

Figure 60

Check Set as the default page for the IIS site (if Web Interface is the only application on the server using IIS) and click Next (Figure 61).

(36)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 36

Figure 61

Select Local file(s) and click Next (Figure 62).

Figure 62

Click Next (Figure 63).

(37)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 37

Figure 63

Click Next (Figure 64).

Figure 64

Leave Configure this site now checked and click Finish (Figure 65).

(38)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 38

Figure 65

Click Next (Figure 66).

Figure 66

Enter your Farm name, add your XenApp servers and click Next (Figure 67).

(39)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 39

Note: The servers entered here are used to Load Balance the XML Service. If only one server is entered here and that server goes offline, then the Web Interface site has no server to retrieve the list of published applications from. The first server in the list is usually the Zone Data Collector, especially if it is dedicated to that role.

Figure 67

Click Next (Figure 68).

(40)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 40

Figure 68

Click Next (Figure 69).

Figure 69

Click Finish (Figure 70).

(41)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 41

Figure 70

Open your Internet browser on type in http://localhost and press Enter. After a few seconds, the Web Interface site should be displayed (Figure 71).

If the Web Interface site is not the default IIS site, then type in http://servername/Citrix/AccessPlatform and press Enter.

(42)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 42

Figure 71

Enter your login information and the Client Detection screen should be displayed (Figure 72).

Figure 72

Click Detect Clients and the Download Client Software page is displayed (Figure 73).

(43)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 43

Figure 73

Click Download and the ica32web.msi client file starts to download (Figure 74). Click Run.

Figure 74

Click Close when the Client Software has completed installing (Figure 75).

(44)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 44

Figure 75

Click Successful (Figure 76).

Figure 76

Your published applications are displayed (Figure 77).

(45)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 45

Figure 77

You have now verified a successful install and configuration of Web Interface. Log off the Web Interface, exit your Internet browser and exit the Access Management Console.

Why use a Wildcard SSL Certificate?

1. Using GoDaddy's pricing of a Standard SSL Certificate for one year for $29.99 and a Standard Wildcard SSL Certificate for one year for $199.99, you need seven sub-domains to get your investment back.

2. If you do not know what your sub-domains will be named and you know you will have several, it may make sense to use one.

3. You just don't want to be bothered with keeping track of which certificate files go with which sub-domain on what server.

4. You just want to be cool and impress your friends at parties (pretty lame reason but some of us need something to impress the women).

You are at the server's desktop (Figure 78).

(46)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 46

Figure 78

Click Start, Administrative Tools, Internet Information Services (IIS) Manager (Figure 79).

Figure 79

Expand Web Sites (Figure 80).

(47)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 47

Figure 80

Select Default Web Site (Figure 81).

Figure 81

Right-click Default Web Site and then click Properties (Figure 82).

(48)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 48

Figure 82

Click the Directory Security tab and then click Server Certificate... (Figure 83).

Figure 83

The Web Server Certificate Wizard starts. Click Next (Figure 84).

(49)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 49

Figure 84

Select Create a new certificate and click Next (Figure 85).

Figure 85

Click Next (Figure 86).

(50)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 50

Figure 86

You can type in any name for the new certificate on Figure 87. I use *.domain.tld or for my certificate,

*.websterslab.com. Leave the Bit length at 1024. Click Next.

Figure 87

(51)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 51

You can enter anything for Organization and Organizational unit (Figure 88). They should either be very easy for you to remember or should be documented in your Change Control processes. If you ever need to rekey your certificate, you will need this information. If what you enter during the GoDaddy rekeying process does not match what you enter here, the rekeying will not be allowed by GoDaddy. I prefer to keep everything simple and enter *.domain.tld or for my certificate, both fields will be

*.websterslab.com.

Enter your Organization, Organizational unit and click Next.

Figure 88

For Your Site's Common Name, enter *.domain.tld or for my certificate, *.websterslab.com (Figure 89).

(52)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 52

Figure 89

Select your Country/Region, enter your State/province, City/locality and click Next (Figure 90).

Figure 90

(53)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 53

By default, the Certificate Request File Name is saved as c:\certreq.txt. The IIS Certificate Wizard allows you to specify a different location and filename of your choice. Either enter a new file name or accept the default and then click Next (Figure 91).

Figure 91

Verify the information on the Request File Summary page is correct. If anything needs to be corrected, click Back and make any necessary corrections. If all the information is correct, click Next (Figure 92).

(54)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 54

Figure 92

Click Finish to complete the certificate request and generate the file (Figure 93).

Figure 93

(55)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 55

Leave the Default Web Site Properties page up. Click Start, Run and type in the path and filename for your certificate request file. If you accepted the default, type in c:\certreq.txt and press Enter (Figure 94). This will open the file in Notepad (Figure 95Figure 94).

Figure 94

Figure 95

Press Ctrl-A to select the entire certificate request and then press Ctrl-C to copy the file contents to the server's clipboard (Figure 96). Do not change anything in this file. Doing so will invalidate the certificate request process and you will need to start over.

(56)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 56

Figure 96

Exit Notepad, start Internet Explorer and go to http://www.godaddy.com (Figure 97).

Figure 97

Log in to your account, click on SSL Certificates and then under Certificates, click on SSL Certificates (Figure 98).

(57)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 57

Figure 98

Scroll down and under Standard SSL, select Unlimited Subdomains, then the number of years you wish your certificate to be valid and then click Add (Figure 99).

Figure 99

Yu can safely bypass all the extra crap GoDaddy tries to push onl you. Nothing else is needed for your Wildcard SSL Certificate to work with the Citrix Secure Gateway and Web Interface.

Scroll down to the bottom of the screen and click "No thanks. Continue to checkout..." (Figure 100).

(58)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 58

Figure 100

Enter any promo codes you have, select your payment method and check the box by I have read and agree to the terms of the Universal Terms of Service and then click Checkout Now (Figure 101).

Figure 101

Enter the information for your payment method and complete that process (No, I'm not showing you mine!).

When the payment process is complete, click Back to My Account (Figure 102).

(59)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 59

Figure 102

Once back on the main account page, you should have an alert showing to start the process to setup your SSL Certificate. Click the link Click here to begin! (Figure 103).

Figure 103

On the Managing Secure Certificates screen, click the link to "Use Credit" for your new certificate (Figure 104).

Figure 104

The Set up New Certificate wizard starts. Click Continue (Figure 105).

(60)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 60

Figure 105

Back on the Managing Secure Certificates Control Panel, click Manage Certificate (Figure 106).

Figure 106

A new browser window opens up. Select your new certificate, select the option that begins "With a third-party..." and click Request Certificate (Figure 107).

Figure 107

Verify the information is correct in the Step 1 section (Figure 108).

(61)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 61

Figure 108

In the Step 2 section, click in the CSR box and press Ctrl-V (Figure 109). This pastes your certificate request information. Select Microsoft IIS in the dropdown box for "Please select your server software...", check the box to say "I warrant and represent..." and then click Continue.

(62)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 62

Figure 109

Confirm the information is correct and click Confirm (Figure 110). If any of the information is incorrect, click Back and make the necessary corrections.

Figure 110

(63)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 63

Click Done (Figure 111).

Figure 111

You will now receive an e-mail from GoDaddy with instructions for downloading your SSL Certificate.

While I was going through this process, the e-mail was received in less than 10 seconds. When I clicked Done in Figure 111, I was taken to the Secure Certificate Services control panel (Figure 112). Click the link under Common Name (should be *.domain.tld).

Figure 112

The Manage Certificates screen shows you the information for your Wildcard SSL Certificate along with options to Re-key, Revoke or Reissue the certificate (Figure 113).

(64)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 64

Figure 113

Exit all browser windows and click the link in the e-mail you received from GoDaddy to download your certificate files. Make sure that IIS is selected and click Continue (Figure 114).

Figure 114

Click the link to Download Signed Certificate (Figure 115).

(65)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 65

Figure 115

Save the Zip file to a location available to your Web Interface/Citrix Secure Gateway server (Figure 116).

Figure 116

Click Done (Figure 117).

(66)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 66

Figure 117

Exit your Internet browser.

Click Start, Run, type in MMC and press Enter (Figure 118 and Figure 119).

Figure 118

(67)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 67

Figure 119

Click File and Add/Remove Snap-in... (Figure 120).

Figure 120

Click Add... (Figure 121).

(68)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 68

Figure 121

Click Certificates and then click Add (Figure 122).

Figure 122

Select Computer account and click Next (Figure 123).

(69)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 69

Figure 123

Select Local computer and click Finish (Figure 124).

Figure 124

Click Close to close the Add Standalone Snap-in dialog (Figure 125).

(70)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 70

Figure 125

Click OK to return to the main MMC Window (Figure 126).

Figure 126

Click the "+" to expand the Certificates folder (Figure 127).

(71)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 71

Figure 127

Right-click on Intermediate Certification Authorities, choose All Tasks and then click Import... (Figure 128).

Figure 128

Click Next (Figure 129).

(72)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 72

Figure 129

Click Browse... (Figure 130).

Figure 130

Change the "Files of type" dropdown to PKCS #7 Certificates (*.spc, *.p7b) (Figure 131).

(73)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 73

Figure 131

Browse to the location you extracted and saved your certificate files, select your certificate file and click Open (Figure 132).

Figure 132

Click Next (Figure 133).

(74)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 74

Figure 133

Select Place all certificates in the following store and make sure the Certificate store is Intermediate Certification Authorities and click Next (Figure 134).

Figure 134

Click Finish on the Certificate Import Wizard (Figure 135).

(75)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 75

Figure 135

Click OK (Figure 136).

Figure 136

Click the "+" next to Trusted Root Certification Authorities and then click Certificates (Figure 137).

(76)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 76

Figure 137

Scroll down, right-click Go Daddy Class 2 Certification Authority and select Properties (Figure 138).

Figure 138

Select Disable all purposes for this certificate and click OK (Figure 139).

(77)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 77

Figure 139

Click back on the Default Web Site Properties dialog and then click Server Certificate... (Figure 140).

Figure 140

Click Next (Figure 141).

(78)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 78

Figure 141

Select Process the pending request and install the certificate and click Next (Figure 142).

Figure 142

Click Browse... to locate your certificate file (Figure 143).

(79)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 79

Figure 143

Change the Files of type to All files (*.*) (Figure 144).

Figure 144

Find and select your GoDaddy "crt" certificate file and then click Next (Figure 145).

(80)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 80

Figure 145

Citrix Secure Gateway will process all incoming SSL traffic on Port 443 so the SSL Port that IIS uses must be changed. Type in 444 and click Next (Figure 146).

Note: This is one of the most common problems that keeps the Citrix Secure Gateway from working.

Citrix Secure Gateway MUST have Port 443 reserved for its use. IIS MUST use a different Port for SSL.

(81)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 81

Figure 146

Verify the information on the Certificate Summary page is correct and click Next (Figure 147).

Figure 147

Click Finish (Figure 148).

(82)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 82

Figure 148

Click OK (Figure 149).

Figure 149

(83)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 83

To verify the SSL Certificate was installed properly, you may need to create an entry in your Web Interface server's Host file. Click Start, Run and type in Notepad

%systemroot%\system32\drivers\etc\hosts and press Enter (Figure 150).

Figure 150

Go to the bottom of the Hosts file and type 127.0.0.1, press Tab and type in the Fully Qualified Domain Name your users will use to access the Citrix Secure Gateway. For me that is citrix.websterslab.com (Figure 151).

Figure 151

Save the changes and exit Notepad.

Open your Internet browser and go to https://FullyQualifiedDomainName:444. For me, I went to https://citrix.websterslab.com:444 (Figure 152). Note the SSL Padlock icon.

(84)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 84

Figure 152

Click the Padlock icon and click View certificates. (Figure 153).

Figure 153

Click each of the three tabs (Figure 154 through Figure 156).

(85)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 85

Figure 154

Figure 155

(86)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 86

Figure 156

Click OK and then log in to the Web Interface (Figure 157).

Figure 157

(87)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 87

You can test running any published application if you wish. Log off the Web Interface and exit your Internet browser. Go back to the MMC console where you had added the Certificates snap-in (Figure 158).

Figure 158

You will now learn how to export your certificate with its private key so the SSL Certificate can be installed on other servers.

Click the "+" by Personal and then click on Certificates (Figure 159).

(88)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 88

Figure 159

Right-click your Wildcard certificate, select All Tasks and then click Export (Figure 160).

Figure 160

Click Next (Figure 161).

(89)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 89

Figure 161

Select Yes, export the private key and then click Next (Figure 162).

Figure 162

(90)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 90

Select Include all certificates in the certification path if possible and Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above). Do NOT select Delete the private key if the export is successful. Click Next (Figure 163).

Figure 163

Enter and verify a password (Figure 164). Make sure you remember this password. You will need it when importing into another server.

(91)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 91

Figure 164

Name and save the PFX file and then click Next (Figure 165).

Figure 165

Click Finish (Figure 166).

(92)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 92

Figure 166

Click OK on The export was successful dialog.

Exit the MMC console without saving changes and exit IIS Manager.

You are now at the server's desktop (Figure 167).

Figure 167

(93)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 93

Double-click the CSG_GWY.msi file and click Next (Figure 168).

Figure 168

Select I accept the license agreement and then click Next (Figure 169).

Figure 169

Select Secure Gateway and then click Next (Figure 170).

(94)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 94

Figure 170

Click Next to accept the default installation folder (Figure 171).

Figure 171

Citrix Best Practice is to place the Secure Gateway/Web Interface server in the DMZ and the server should not be a domain member. Since this server is an Internet facing server it should be protected by

(95)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 95

all means possible. This includes using an account that has the least possible privileges and not putting the server on your internal network.

On the Service Account page you have the option of running the Secure Gateway service under Local System or Network Service accounts. What is the difference and which one should be chosen?

According to http://msdn.microsoft.com/en-us/library/ms684190(VS.85).aspx, the Local System account runs at a very high privilege level. The article recommends using the Network Service account if a high privilege level is not needed. The Secure Gateway service does not need, and should not be given, such a high privilege level. According to http://msdn.microsoft.com/en-us/library/ms684272(VS.85).aspx, the Network Service account has very few privileges. You should seriously consider using the Network Service account for the Secure Gateway service. It is very odd that this important decision is not mentioned in the Secure Gateway for Windows Administrator's Guide or any Citrix Support Tech Notes.

Using the Network Service account reduces the attack surface should your Secure Gateway/Web Interface server be hacked. Since this account has no domain privileges it will make it harder for an attacker to compromise your domain.

If you do decide to place the Secure Gateway/Web Interface server on your internal network, then you must use the Network Service account.

Select NETWORK SERVICE from the dropdown list and then click Next (Figure 172).

Figure 172

Verify the install options (Figure 173). If any corrections need to be made, click Back and make the necessary corrections. If everything is correct, click Next.

(96)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 96

Figure 173

Click Finish (Figure 174).

Figure 174

Click OK to start the Secure Gateway Configuration wizard (Figure 175).

(97)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 97

Figure 175

Click OK to start configuring Secure Gateway (Figure 176).

Figure 176

The Standard configuration does not allow us to set, or verify, all the necessary options. Select Advanced and then click Next (Figure 177).

(98)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 98

Figure 177

Select your wildcard certificate and click Next (Figure 178). Click View... to view the information about your certificate. This is the same information that was seen in Figure 154 through Figure 156.

Figure 178

(99)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 99

For "Select secure protocol", select Secure Sockets Layer (SSLv3) and TLSv1. For "Select cipher suite", select All and then click Next (Figure 179).

Figure 179

If you have a single network card with a single IP address, you can select Monitor all IPv4 addresses (Figure 180). If you have multiple network cards and or multiple IP addresses on this server, unselect Monitor all IPv4 addresses, click Add and add the network interface(s) you wish to monitor for TCP port 443 traffic.

Secure Gateway will handle all TCP port 443 traffic and IIS handles SSL traffic on TCP port 444 (or whatever you selected in Figure 146). Enter 443 for the TCP port and then click Next.

Note: IPv6 is only supported under Windows Server 2008.

(100)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 100

Figure 180

Select No outbound traffic restrictions and then click Next (Figure 181).

You can restrict outbound traffic by pointing to another Secure Gateway server configured as a Secure Gateway Proxy (Figure 182) or by restricting traffic by IP Address (Figure 183).

Figure 181

(101)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 101

Figure 182

Figure 183

The Secure Ticket Authority (STA) is installed on every XenApp server. If you have multiple XenApp servers enter as many XenApp servers as you like to provide failover.

Click Add (Figure 184).

(102)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 102

Figure 184

Enter the Fully Qualified Domain Name (FQDN) of a XenApp server and then click OK (Figure 185).

Figure 185

(103)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 103

If you get an error about The Secure Ticket Authority specified cannot be contacted (Figure 186), there is a name resolution error.

Figure 186

Two possibilities are to add entries for the XenApp servers into the Hosts file on the Secure Gateway server (Figure 187) or to enter the IP address of the XenApp server(s) for the FQDN (Figure 188 and Figure 189).

Figure 187

(104)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 104

Figure 188

Figure 189

Once all the XenApp servers IP addresses or FQDNs have been entered then click Next (Figure 190).

(105)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 105

Figure 190

By default, Secure Gateway is limited to 250 concurrent connections. I would not recommend increasing this limit. If you need more than 250 concurrent connections then you should seriously consider Citrix's hardware solution the Citrix Access Gateway.

Accept the defaults and click Next (Figure 191).

(106)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 106

Figure 191

If you have any hardware load balancing appliances in front of your Secure Gateway/Web Interface server, enter the IP addresses here to exclude them from generating even log entries and then click Next (Figure 192).

Figure 192

(107)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 107

Since the Secure Gateway and Web Interface are installed on the same server, select Indirect:..., check Installed on this computer and then click Next (Figure 193).

Figure 193

Select the level of logging you wish to receive from the Secure gateway service and click Next (Figure 194).

(108)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 108

Figure 194

Check to Start the Secure Gateway service and then click Finish (Figure 195).

Figure 195

To verify the configuration and status of the Secure Gateway click Start, All Programs, Citrix, Management Consoles and then click Secure Gateway Management Console (Figure 196).

(109)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 109

Figure 196

The Secure Gateway Diagnostics runs (Figure 197).

Figure 197

Expand each of the 5 sections to see the information for each (Figure 198 through Figure 202).

(110)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 110

Figure 198

Figure 199

(111)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 111

Figure 200

Figure 201

(112)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 112

Figure 202

Exit the Secure Gateway Diagnostics.

To test external access to published applications, you will need a public DNS name for the server. Mine is citrix.websterslab.com. I use DynDNS to allow the use of a dynamic Public IP address for my lab server. In your router or firewall TCP port 443 must be routed from the Public IP address to the internal IP address of the Citrix Secure Gateway/Web Interface server.

Internet -> Public IP address -> Router/Firewall -> TCP Port 443 -> Private IP address For me:

Internet -> 68.x.y.z -> Router/Firewall -> TCP Port 443 -> 192.168.1.105

Start the Access Management Console. Click Start, All Programs, Citrix, Management Consoles, Access Management Console, expand Web Interface and then click your Web Interface site (Figure 203).

(113)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 113

Figure 203

In the middle column under Common Tasks, click Manage secure client access and then select Edit Gateway settings (Figure 204).

Figure 204

Enter the FQDN that users will use to access the Secure Gateway/Web Interface server, enter the URLs for the XenApp server(s) and then click OK (Figure 205).

(114)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 114

Figure 205

Again under Common Tasks, click Manage secure client access and then select Edit DMZ settings (Figure 206).

Figure 206

Click the Default line and then click Edit... (Figure 207).

(115)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 115

Figure 207

Select Gateway Direct from the dropdown list and then click OK (Figure 208).

Figure 208

(116)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 116

Selecting Gateway Direct will send to the client the external Public IP address of the Secure

Gateway/Web Interface server instead of the internal Private IP address of the XenApp server hosting the published application.

Click OK (Figure 209).

Figure 209

From a computer that is external to your network, go to https://FQDN. For me, this is https://citrix.websterslab.com (Figure 210). Notice the SSL padlock appears.

(117)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 117

Figure 210

Log in to the Web Interface and your published applications are shown (Figure 211).

Figure 211

Test running your published applications to verify they run successfully.

(118)

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

© Copyright 2011 Carl Webster, All Rights Reserved Page 118

To verify the connection is using 256-bit SSL, right-click the Citrix Connection Center icon in the systray and select Open Connection Center (Figure 212).

Figure 212

Click the XenApp server and then click Properties (Figure 213).

Figure 213

The Client Connection Status dialog shows that 256-bit SSL is in use (Figure 214).

Figure

Updating...

References

Related subjects :