Every now and then it’s necessary to actually look into a SSL stream between client and NetScaler to inspect what’s actually happening. I struggled with this topic quite a bit, and documentation (eg. From Citrix) is not always complete. I will not pretend this document covers all, but I had some good successes decrypting traces with the following procedure. If you have any additions please let me know, and I will be happy to add them to this post.
Posts Tagged: SSL
In this tutorial I’ll guide you in securing your management page. The goal of the tut. is making sure the NetScaler Management Page is SSL encrypted and AD Integrated. Meaning you’re able to login with your Active Directory admin account. Let’s go!
This tutorial is about configuring 2-factor authentication on your NetScaler based on user certificates.
At the moment I’m preparing for my CCE exam and one of the things I like to do is perform several setups. For this tutorial I implemented a XenDesktop & XenApp 7.5 server. A StoreFront server and a virtual NetScaler with a developer license. I already have in place a CA for my self signed certs, the domain joined machines automatically trust the Root CA cert and a Domain Controller is in place.
The goal of the tutorial is to get the StoreFront websites running on SSL. The XML traffic should be encrypted and the NetScaler has to connect to the StoreFront servers through SSL. Let’s start!
In some cases it’s necessary to create a pfx file which contains the root and intermediate certificates. We have an application that will not accept the certificate without the certificate chain in there. So here’s how to make that work.
A little article about Certificate requesting and processing with OpenSSL.
Howto fix SSL Error 61 You have not chosen to trust the issuer of the server’s security certificate on Mac OSX Lion
So this one took me some unnecessary time cause of all the posts online with wrong or dated information. If you google you will read a lot about creating appstore\cacert folders via Terminal etc. etc etc. This might work for the older ICA Clients, however for Citrix Receiver it will not.