Overview
This is the eighth post in the Installing and Configuring Citrix XenApp 6.5 Series:
- Install and Configure Citrix XenApp Licensing
- Install and Configure Citrix XenApp 6.5
- Configure Web Interface for Citrix XenApp 6.5
- Publishing Applications with Citrix XenApp 6.5
- Install and Configure Profile Management for Citrix XenApp 6.5
- Add Servers to a XenApp 6.5 Farm
- Configure Pass-through Authentication for Citrix XenApp 6.5
- Install and Configure Citrix Secure Gateway (this post)
Contents
This post contains the following sections:
- Prerequisites for Citrix Secure Gateway
- Installing Citrix Secure Gateway
- Configuring Citrix Secure Gateway
- Configuring Web Interface for Citrix Secure Gateway
Prerequisites for Citrix Secure Gateway
- As this server (CTXGW01) will be in a DMZ and is not joined to the vilab.local domain, you will need to add entries for all other XenApp servers (CTXXA01 and CTXXA02) in the hosts file (c:\windows\System32\drivers\etc\hosts):
- Once you’ve made the changes to the hosts file (you may need to Run as Administrator when starting your favourite text editor to allow saving), it’s a good idea to test connectivity using ping:
- Import an SSL certificate into the Local Computer > Personal > Certificates folder (make sure corresponding Intermediate and Root certificates are present too):
Installing Citrix Secure Gateway
- Insert the XenApp DVD or attach the ISO file to start the installation.
- Select Manually install components:
- Select Common Components:
- Select Secure Gateway:
- Click Next at the Welcome Screen:
- Accept the License Agreement:
- Select Secure Gateway:
- Select Destination Folder:
- Select Network Service:
- Review your choices, then click Next to start installation:
- Once installation is complete, click Finish:
- Click OK to start the Secure Gateway Configuration Wizard:
Configuring Citrix Secure Gateway
- Click OK at the Welcome Screen:
- Select Advanced for the Configuration type:
- Select the SSL certificate you imported earlier:
- Configure the secure protocol settings:
- Choose the port and which IP addresses will listen for connections:
- Configure outbound connections:
- Click Add to select your STA server(s):
- As the first XenApp server we installed has IIS Port Sharing enabled, we can use the default port 80:
- The second XenApp server is using port 8080:
- Click Next once all your servers have been added:
- Configure the connection timeout and concurrent connection limits:
- Exclude devices from logging if needed:
- Enter the FQDN of your Web Interface server, and select Access options:
- Select a logging level. Default is best:
- Click Finish to Start the Secure Gateway:
Configuring Web Interface for Citrix Secure Gateway
- Open the Citrix Web Interface Management console.
- With your XenApp Web Site selected, select Secure Access in the Actions panel:
- We need to change the Access method from Direct to Gateway Direct, so select the Default entry, then click Edit:
- Select Gateway direct from the drop-down menu, then click OK:
- Click Next:
- Specify the external FQDN for your Secure Gateway server – this should be resolvable outside your internal network. Click Next:
- Click Add and add the same servers you entered when installing Secure Gateway. Make sure they’re added in the same order too:
- Once you’ve added your STA servers, click Finish:
- Do the same steps above for the XenApp Services Site:
Hi, Where you import a certificate in, where did you get this certificate from? Was it a local CA or off the net?
Regards
TK
I got a free cert from here: https://www.startssl.com
Isn’t the STA for server ctxxa02 be running on port 8080? Then screen shot under #8 needs to be updated. (Step 7, 8 http://ctxxa02:8080/Scripts/CtxSTA.dll)
That screenshot needs to get updated
Yes it is Kman; look at the next screenshot 😉
What about wild card certs? Is there a special way to apply them for Citrix?
I’m not sure Marc, as I haven’t tried myself, but I presume the procedure is the same.