Solved

Citrix SSL Certificate (FQDN Config)

Posted on 2009-05-12
12
1,426 Views
Last Modified: 2012-06-22
Hello - I have XenApp 5.0 and in the process installing and configuring Citrix Web Interface and Citrix Gateway.

I have a domain registered with godaddy (myrapadocs.com) that I'd like to use when users connect outside into Citrix applications. I also purchase a SSL certificate/wildcard and have generated a certificate download.

I'm in the process of setting up CSG, however during the IIS Certificate Wizard, in the Common name, I put the domain I registered with godaddy. Not sure if I should have done it this way, but my instructions said that was ok as long as I set it up for DNS to resolve to the Citrix server.

How would I accomplish DNS to resolve to Citrix server?

Which server (XenApp or Web Interface) do I point the domain name to?

I really appreciate all your help.

nimdatx
0
Comment
Question by:nimdatx
  • 6
  • 5
12 Comments
 
LVL 36

Expert Comment

by:Carl Webster
Comment Utility
If your users will hit your server using citrix.myrapadocs.com, then you will need to register an "A" record for CITRIX  with whoever hosts your external DNS.  If the Public IP for your CSG/WI server is 20.30.40.50, then CITRIX.myrapadocs.coms will resolve to 20.30.40.50.  You will then add into your router/firewall a rule that routes all TCP Port 443 traffic coming in to 20.30.40.50 to the internal IP address of your CSG/WI server.
0
 
LVL 1

Author Comment

by:nimdatx
Comment Utility
Great. Glad to see you online. It's been a great Citrix adventure.

When you say Citrix.myrapadocs.com, your talking about host name of WI or do i use it's internal IP?

AD domain name: rapa.local
Citrix WI host name:
ecwtrainingdb
Citrix XenApp host name;
WIN08CITRIX

public ip i will use is 75.55.44.91
I think I understand the AR/routes to CSG/WI server. I will have this completed.
 
Do I need to do anything on my internal DNS server?



0
 
LVL 1

Author Comment

by:nimdatx
Comment Utility
Here is the godaddy account information for domain name.
godaddy.jpg
0
 
LVL 36

Expert Comment

by:Carl Webster
Comment Utility
However you want you users to connect to your CSG/WI is the external name you will use.  I have customers that use:

citrix
ctx
remote
ts
apps

Just make you a host name, say citrix, that goes to whatever points to 75.55.44.91.

Then in the users browser from home or on the road they will go to https://citrix.myrapadocs.com and hit your CASG/WI server.  They will then logon to the site and get access to their published apps.

If I were to ping citrix.myrapadocs.com, it should resolve to 75.55.44.91.
0
 
LVL 1

Author Comment

by:nimdatx
Comment Utility
Ok...
This is what I got setup. Note I have not installed CSG yet, but I i think I got routes and godaddy setup.

A
Host: Citrix Points to: 75.54.44.91

MX: o @ citrix.myrapadocs.com

Do I set anything up on my internal DNS?

Thanks,

nimdatx
 
0
 
LVL 1

Author Comment

by:nimdatx
Comment Utility
one more thing...
While setting up IIS certificate, in your site's common name I used myrapadocs.com and not citrix.myrapadocs.com. Is that ok?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 36

Accepted Solution

by:
Carl Webster earned 500 total points
Comment Utility
If your internal DNS name is myrapadocs.com then just add an "A" record for Citrix that points to the internal IP address of your CSG/WI server.

If your internal DNS name is not myrapadocs.com then just add a zone for myrapadocs.com and then add an "A" record for Citrix that points to the internal IP address of your CSG/WI server.

Obviously Pinging is disabled by your hosting provider but citrix.myrapadocs.com does resolve to 75.54.44.91 from here in middle TN.
0
 
LVL 36

Expert Comment

by:Carl Webster
Comment Utility
ON my wildcard SSL cert, my Common Name is *.websterslab.com.  I would call GoDaddy and ask them if it makes a difference.  GoDaddy makes it very simple to reissue an SSL cert if yours is indeed wrong.
0
 
LVL 1

Author Comment

by:nimdatx
Comment Utility
On the secure ticketing authority details, I've entered the FQDN of the XenApp server WIN08CITRIX.RAPA.local:8080 and I'm getting an error:

The server TA specified can not be contacted. To ignore the warning and enterID click continue.

Any Ideas why?
0
 
LVL 1

Author Comment

by:nimdatx
Comment Utility
I using port 8080 for XML (WINO*CITRIX), port 80 for HTTP, 444 for SSL & 443 for the port that Secure Gateway.

I am confused as to how the CtxSTA.dll is created & where it is supposed to be created by default. I think this is part of my problem but I am not sure how to go about setting it up correctly. When I install CSG I have no /Scripts folder anywhere on the server & the only place I can find any CtxSTA.dll is in C:\Program Files\Citrix\System32 of a Presentation Server.

I don't think this is an XML port issue. I think it has to do with the placement & permissions of this CtxSTA.dll.

Can anyone provide me in the right direction to get this aspect of the CSG install corrected?

0
 
LVL 36

Expert Comment

by:Carl Webster
Comment Utility
should be win08citrix:8080.rapa.local
0
 
LVL 19

Expert Comment

by:BLipman
Comment Utility
The STA is your application server (the one running XenApp/Presentation Server).  If your XML port on the application server is set to 8080 then your STA URL should look like this (in the Secure Gateway Configuration application):

FQDN: the FQDN of your terminal server (ex. citrix.mydomain.local)
Path: /Scripts/CtxSTA.dll
ID: (auto, this will fill itself in)
Protocol Settings: (uncheck "Secure traffic...")
TCP port: 8080 (uncheck "Use default")

In your Web Interface configuration, you should have something like this:
Address (FQDN): (FQDN to secure gateway)
Port: 443
Enable Session Reliability (leave unchecked)
Secure Ticket Authority URLs: http://FQDNofTerminalServer.local:8080/scripts/ctxsta.dll

Try these settings.  I am a bit confused though, you say in one post
"I've entered the FQDN of the XenApp server WIN08CITRIX.RAPA.local:8080 "
and then "the only place I can find any CtxSTA.dll is in C:\Program Files\Citrix\System32 of a Presentation Server"

Your STA is the presentation server, not the CSG unless you are running an "All in one".  
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
#CITRIX #XENDESKTOP #POC #Citrix Studio
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now