Citrix SSL Certificate (FQDN Config)

Posted on 2009-05-12
Last Modified: 2012-06-22
Hello - I have XenApp 5.0 and in the process installing and configuring Citrix Web Interface and Citrix Gateway.

I have a domain registered with godaddy ( that I'd like to use when users connect outside into Citrix applications. I also purchase a SSL certificate/wildcard and have generated a certificate download.

I'm in the process of setting up CSG, however during the IIS Certificate Wizard, in the Common name, I put the domain I registered with godaddy. Not sure if I should have done it this way, but my instructions said that was ok as long as I set it up for DNS to resolve to the Citrix server.

How would I accomplish DNS to resolve to Citrix server?

Which server (XenApp or Web Interface) do I point the domain name to?

I really appreciate all your help.

Question by:nimdatx
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
LVL 37

Expert Comment

by:Carl Webster
ID: 24364527
If your users will hit your server using, then you will need to register an "A" record for CITRIX  with whoever hosts your external DNS.  If the Public IP for your CSG/WI server is, then CITRIX.myrapadocs.coms will resolve to  You will then add into your router/firewall a rule that routes all TCP Port 443 traffic coming in to to the internal IP address of your CSG/WI server.

Author Comment

ID: 24365095
Great. Glad to see you online. It's been a great Citrix adventure.

When you say, your talking about host name of WI or do i use it's internal IP?

AD domain name: rapa.local
Citrix WI host name:
Citrix XenApp host name;

public ip i will use is
I think I understand the AR/routes to CSG/WI server. I will have this completed.
Do I need to do anything on my internal DNS server?


Author Comment

ID: 24365115
Here is the godaddy account information for domain name.
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

LVL 37

Expert Comment

by:Carl Webster
ID: 24365205
However you want you users to connect to your CSG/WI is the external name you will use.  I have customers that use:


Just make you a host name, say citrix, that goes to whatever points to

Then in the users browser from home or on the road they will go to and hit your CASG/WI server.  They will then logon to the site and get access to their published apps.

If I were to ping, it should resolve to

Author Comment

ID: 24365348
This is what I got setup. Note I have not installed CSG yet, but I i think I got routes and godaddy setup.

Host: Citrix Points to:

MX: o @

Do I set anything up on my internal DNS?



Author Comment

ID: 24365387
one more thing...
While setting up IIS certificate, in your site's common name I used and not Is that ok?
LVL 37

Accepted Solution

Carl Webster earned 500 total points
ID: 24365418
If your internal DNS name is then just add an "A" record for Citrix that points to the internal IP address of your CSG/WI server.

If your internal DNS name is not then just add a zone for and then add an "A" record for Citrix that points to the internal IP address of your CSG/WI server.

Obviously Pinging is disabled by your hosting provider but does resolve to from here in middle TN.
LVL 37

Expert Comment

by:Carl Webster
ID: 24365453
ON my wildcard SSL cert, my Common Name is *  I would call GoDaddy and ask them if it makes a difference.  GoDaddy makes it very simple to reissue an SSL cert if yours is indeed wrong.

Author Comment

ID: 24366079
On the secure ticketing authority details, I've entered the FQDN of the XenApp server WIN08CITRIX.RAPA.local:8080 and I'm getting an error:

The server TA specified can not be contacted. To ignore the warning and enterID click continue.

Any Ideas why?

Author Comment

ID: 24366417
I using port 8080 for XML (WINO*CITRIX), port 80 for HTTP, 444 for SSL & 443 for the port that Secure Gateway.

I am confused as to how the CtxSTA.dll is created & where it is supposed to be created by default. I think this is part of my problem but I am not sure how to go about setting it up correctly. When I install CSG I have no /Scripts folder anywhere on the server & the only place I can find any CtxSTA.dll is in C:\Program Files\Citrix\System32 of a Presentation Server.

I don't think this is an XML port issue. I think it has to do with the placement & permissions of this CtxSTA.dll.

Can anyone provide me in the right direction to get this aspect of the CSG install corrected?

LVL 37

Expert Comment

by:Carl Webster
ID: 24366659
should be win08citrix:8080.rapa.local
LVL 19

Expert Comment

ID: 24366703
The STA is your application server (the one running XenApp/Presentation Server).  If your XML port on the application server is set to 8080 then your STA URL should look like this (in the Secure Gateway Configuration application):

FQDN: the FQDN of your terminal server (ex. citrix.mydomain.local)
Path: /Scripts/CtxSTA.dll
ID: (auto, this will fill itself in)
Protocol Settings: (uncheck "Secure traffic...")
TCP port: 8080 (uncheck "Use default")

In your Web Interface configuration, you should have something like this:
Address (FQDN): (FQDN to secure gateway)
Port: 443
Enable Session Reliability (leave unchecked)
Secure Ticket Authority URLs: http://FQDNofTerminalServer.local:8080/scripts/ctxsta.dll

Try these settings.  I am a bit confused though, you say in one post
"I've entered the FQDN of the XenApp server WIN08CITRIX.RAPA.local:8080 "
and then "the only place I can find any CtxSTA.dll is in C:\Program Files\Citrix\System32 of a Presentation Server"

Your STA is the presentation server, not the CSG unless you are running an "All in one".  

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today -

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
Citrix policies are the most efficient method to configure and tune XenDesktop environments, allowing organizations to control connection, security and bandwidth settings based on various combinations of users, devices or connection types.  Citrix …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question