STA Server and Citrix

Hi guys!

Im trying to connect to my secure gateway externally.

I can connect through to https://<securegatewayURL> on port 443
This brings up my web interface which is on the same box as the csg.

When I connect and view my certificate, it says the following:

Issued to: <Public IP Address>
Issued by: <internal computer name> eg.testbox.domain.com

The above information - the public ip address is the ip assigned to the internal computer name which is natted on the firewall.
However the FQDN is NOT a registered domain name so externally, I CANNOT type in the FQDN to get to the server eg.https://testbox.domain.com will not work.....I have to type in the public IP address.

Further certificate details:

Subject:
CN = <x.x.x.x>  the public ip address
OU = Simon
O = Simon
L = melbourne
S = vic
C = AU

Issuer:
<internal computer name> eg.testbox.domain.com ( not public ip address)

I click on Yes to accept and I log in to my WI which returns the application sets for me.

Now, whenever I click on an application to launch an ica session, I get the following response.........

"cannot connect to the citrix metaframe server
there is no citrix ssl server configured on the specified address."

Im guessing that when I launch a citrix application, it tries to contact the STA server. I dont understand why it cant connect because the STA server is the SAME machine. Is it because of the certificate?

Im guessing that even though the issuer and system being issued the certificate are the SAME machine, does the FQDN have to be a registered domain name?

On the CSG box, is the following:

Web Interface - port 80
CSG
Certificate Services
IIS with a certificate installed for the default web site.

When I open Certificate Services, the server name is my INTERNAL NAME eg.testbox.domain.com. When I created the certificate to then be issued to IIS

When I set up the Secure Gateway, and it asked for an STA Server, I could not use <public IP address>, I had to use the internal computer name testbox.domain.com. This could be contacted when I ran diagnostics, but Im presuming this has to be a registered domain name as well.

Also, when I launch an application from the web interface, I wanted to see the contents of the ica file.

Here it is ================================================= notepad.ica

[Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_hvx5fp53SRqz0XlEO
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=On
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
CSG Notepad=

[CSG Notepad]
Address=<INTERNAL IP ADDRESS>:1494 -----------------------------------------------------> Is this a problem being the internal IP Address??
AudioBandwidthLimit=2
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPAddress=*:2598
ClearPassword=652D63E994D0FB
ClientAudio=On
DesiredColor=2
DesiredHRES=640
DesiredVRES=480
Domain=\2ED5D310BB3B406A
HTTPBrowserAddress=!
InitialProgram=#CSG Notepad
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLCiphers=all
SSLEnable=On
SSLProxyHost=<INTERNAL FQDN which cannot be entered externally:443> --------------------------> is this a problem? Should this be the PUBLIC IP ADDRESS??
SecureChannelProtocol=Detect
SessionsharingKey=blah blah
TWIMode=On
TransportDriver=TCP/IP
Username=testuser
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

==========================================================

So what I did was in the above, I changed the 2 settings above to the public IP address and then launched the file with the following message:

"Cannot connect to the Citrix Metaframe Server. SSL Error 61. You have not chosen to trust the issuer of the server's security certificate."

I click OK and the session closes.


I have tried installing the certificate on the client pc with no luck, ensuring in the internet options - advanced, all security options for encryption are set correctly. Ive set the altaddress on the csg server.

The only thing I can think of is that there is a problem with the certificate, but I ran the diagnostic tool and it returned all successful.

When a citrix application is launced, does the client have to connect to the CN name as defined in the certificate, and does this CN name HAVE to be a FQDN, not a public IP address, even though in my case, they are the SAME machine?

I cant get the certificate trusted, and Im assuming I have to register this CN name so I can resolve it externally.

Sorry for this huge question.........you guys are fantastic, and I know I have posted a lot of questions......Im close now and will reward you all.

Thank you.

SimonStart Free Trial