Manualshelf

Installation guide

ManualsBrandsCitrix Systems ManualsServerCitrix MetaFrame Application for Windows 1.8
11121314151617181920
Configuration and Usage Instructions 15
To configure the SSL Relay, you must complete the following steps:
1. Obtain a server certificate.
2. Change the SSL Relay port number, if necessary.
3. Install a server certificate.
4. Select the ciphersuites to allow. See the application help for the SSL Relay
Configuration tool for instructions.
5. Change the target address or port, or add additional addresses for redundancy.
See the application help for the SSL Relay Configuration tool for instructions.
Obtaining a Server Certificate
Your organization’s security expert should have a procedure for obtaining server
certificates. A separate server certificate is needed for each MetaFrame server on
which you install and run the Citrix SSL Relay. Instructions for generating server
certificates using a number of different Web server products are on the VeriSign
Web site at http://www.verisign.com. The SSL Relay requires certificates to be in
Personal Electronic Mail (PEM) format. If your certificate is in Microsoft Internet
Information Server Version 4 or 5 format, you can use the Citrix keytopem utility
to convert it to PEM format.
Citrix NFuse Version 1.5 includes native support for the following certificate
authorities (CAs):
! VeriSign, Inc., http://www.versign.com
! Baltimore Technologies, http://www.baltimore.com
To use a different CA, you must install a root certificate for the CA on your
NFuse server. See the NFuse documentation for instructions about installing the
root certificate on your NFuse server.
Changing the SSL Relay to Listen on a Different Port
The Citrix SSL Relay uses TCP port 443, the standard port for SSL connections.
Most firewalls open this port by default. You can optionally configure the SSL
Relay to use another port. Be sure that the port you choose is open on any
firewalls between the NFuse-enabled Web servers and the MetaFrame server
running the SSL Relay.
Important Microsoft Internet Information Server, Version 5.0, which is installed
by default on Windows 2000 Servers, allocates port 443 for SSL connections.
When running MetaFrame on Windows 2000 Servers, you must either configure
IIS to use a different port or configure the SSL Relay to run on a different port.
Running any Web server on a MetaFrame server is not recommended.