So this is one of those topics why I actually started this blog. I’m preparing our environment for a big upgrade off all Citrix Receivers, implement Storefront and decommission our last two webinterface servers. A nice job which already gave me quite a headache. So in this tut I will try to give you the complete tutorial how to implement NSGW with Storefront so the Receiver can actually SSO, and all traffic is routed through the NetScaler Gateway.
Posts Categorized: Access Gateway
At the moment I’m preparing for my CCE exam and one of the things I like to do is perform several setups. For this tutorial I implemented a XenDesktop & XenApp 7.5 server. A StoreFront server and a virtual NetScaler with a developer license. I already have in place a CA for my self signed certs, the domain joined machines automatically trust the Root CA cert and a Domain Controller is in place.
The goal of the tutorial is to get the StoreFront websites running on SSL. The XML traffic should be encrypted and the NetScaler has to connect to the StoreFront servers through SSL. Let’s start!
Howto fix SSL Error 61 You have not chosen to trust the issuer of the server’s security certificate on Mac OSX Lion
So this one took me some unnecessary time cause of all the posts online with wrong or dated information. If you google you will read a lot about creating appstore\cacert folders via Terminal etc. etc etc. This might work for the older ICA Clients, however for Citrix Receiver it will not.
We’ve recently encountered a problem with this setup. Logon times on our CAG Standard in Double Hop DMZ were real slow.
Loading the page took about 15 seconds, but after logging on people could just wait forever (+1mins) to get their apps.
The 2-part solution to this problem was quite simple, but not that simple to find.
So this is absolutely one of the CAG implementations that can give you a headache. There are some configuration issues, and the config will not work if you mess them up.
In this article the CAG’s will be in double-hop DMZ. The Web interface will be on a separate machine in the second DMZ.The authentication will take place on the WI in the second DMZ.