Is it possible to host another SSL enabled website on the same server that hosts Citrix Web Interface and Citrix Secure Gateway?
Here's the setup: Single W2K3/IIS6 server in the DMZ. It's currently running Citrix WI 5.0 (in the default web site) and Secure Gateway 3.1. I want to run another SSL protected website on that same server. I have a wildcard SSL certificate.
Approach #1 - I tried assigning separate IP addresses to the two websites, but when I did that I got the error "The process cannot access the file because it is being used by another process". When I did the netstat -ano, it indicated that port 443 was being used by ctxsgsvc. Trying to add the ListenOnlyList in the registry (according to
http://support.microsoft.com/kb/890015) didn't work.
Approach #2 - Immediately after trying the above, I tried to disable socket pooling according to
http://support.microsoft.com/kb/813368/en-us. That didn't work either.
Approach #3 - I tried assigning host headers to each of the web sites and using the adsutil.vbs script described here:
http://lanestechblog.blogspot.com/2008/03/creating-self-signed-wildcard-ssl.html. This only resulted in both the default web site (Citrix) and my second web site not being able to start. If I changed the ports on the 2nd web site, it would start, but not the default web site.
At this point, I rolled back the system state on the server in order to get my Citrix to work again. After a bit more testing today, I've made the following observations:
- Citrix Web Interface/Secure Gateway does not work if I assign it a specific IP address through the configuration wizard. It would only work if I told it to monitor all IP v4 addresses.
- Citrix Web Interface/Secure Gateway does not work if I add a host header to the IIS config of the default gateway
So, I'm either missing something in one of my approaches above, or Citrix Web Interface/Secure Gateway commandeers SSL for the entire server and I am not going to be able to run a second SSL secured web site on that same server.
Any suggestions?
