Solved

SSL revocation issues for devices without internet access

Posted on 2013-10-25
2
469 Views
Last Modified: 2016-10-25
Hi all,

We are using a Citrix NetScaler to provide users with access to a Citrix Web Interface.  We have setup a publicly verifiable SSL from GoDaddy to encrypt traffic on the NetScaler.  From an internet location, this works great.

We also have users that access this same NetScaler location on our LAN.  We do not provide direct internet access to the LAN.  Many of our devices our WYSE terminals (mostly model T50).  These device will not load our Citrix web page as they cannot complete the SSL revocation process.

I am wondering what the best way to resovle this problem would be?  I have considered setting up a different Citrix site, but I was wondering if there was a way to resolve this issue.

Any thoughts?
0
Comment
Question by:Tat4Tat
2 Comments
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 39604264
CRL's are an essential component when using certificates.
if the client can't reach a CRL distribution point, so he should not use this certificate.

i think there are some options:
allow internet-access to the CRL or create a second virtual server at the netscaler and use an internal CA.

(possible you can disable the CRL-checking at the thin-client)
0
 
LVL 33

Accepted Solution

by:
shalomc earned 500 total points
ID: 39607277
You can setup a web server on a VM or internal server, download the CRL to it, and spoof the specific CRL FQDN with your internal DNS. Most if not all CRL are http only so it is easy to get away with it.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question