How to Configure Access Gateway and Advanced Access Control to Communicate Securely

RoyATokeshi
May 21, 2006 8:55 pm

Citrix states in their article: CTX109037

Document ID: CTX109037, Created on: Mar 9, 2006, Updated: Mar 9, 2006

Products: Advanced Access Control 4.2, Citrix Access Gateway 4.2

Summary

This document describes how to configure Access Gateway and Advanced Access Control to communicate securely.

Note: This document was written using Windows Server 2003 dialog references. Windows 2000 Server dialogs will be similar but not exactly the same.

Procedure

1. You must create a Server Authentication Certificate for your Advanced Access Control server. Install this certificate to the Local Computer > Personal > Certificates folder. You must also install the Trusted Root Certificate to the Local Computer > Personal > Trusted Root Certification Authorities folder.

2. Modify the Default Web Site on your farm’s Web servers to use the Server Authentication Certificate that you created in step 1.

a. Open IIS Manager on your Advanced Access Control server(s). Expand the Web Sites node, and highlight the Default Web Site. Right-click Default Web Site and select Properties.

b. Click the Directory Security tab.

c. Toward the bottom of that dialog, under Secure Communications, click the Server Certificate radio button.

d. Click Next to begin the wizard. On the second page you are prompted for the method of locating the certificate. Choose Assign an existing certificate and click Next.

e. Select the certificate that you created in step 1 and click Next.

f. Select the port number you wish to use for SSL on this Web site and click Next.

g. Review your settings and complete the wizard by clicking Finish.

h. (Optional) If you wish to make this Web site ONLY listen on your defined secure port, click the Edit radio button under Secure Communications and select the Require secure channel (SSL) check box.

i. Apply settings and close IIS manager.

3. The next step is to modify the Authentication Server Details. This is done in the Citrix Server Configuration utility. This utility is found under Start > All Programs > Citrix > Access Gateway >Server Configuration.

a. Once you have opened the utility, click the Authentication Server Details page. You need to modify the FQDN on this page to reflect the full FQDN of your Web server.

b. On the bottom of the same dialog, select the Secured with HTTPS check box. This will force your logon agent to communicate securely. Ensure that the port number is correct (only if you changed it above, otherwise it defaults to 443).

4. On the Access Gateway appliance, you must have the Trusted Root Certificate installed, as well as its own Server Certificate before continuing. If you already have the Advanced Access Control server added to the Access Gateway, remove it and restart before continuing.

a. In the Access Gateway Administration Tool, under the Access Gateway Cluster tab, expand the This Gateway window. Click the Advanced Options tab.

b. Change the option under Administer the Access Gateway using: to Advanced Access Control…

c. In the Server running Advanced Access Control field, fill in the FQDN of your Advanced Access Control server. Make sure to select the Secure server communication check box under it and click Submit.

d. Restart the Access Gateway as requested and try to access your Advanced Access Control using the FQDN of your Access Gateway.

Notes:

• If you have Web Interface 4.2 Web Resource(s) configured, you must modify the “Manage Access Method” option on each Web Interface Web site to reflect secure communication (https://) with the Advanced Access Control Web server.

• All clients that connect through this secure configuration must have the secure URL listed under trusted sites in their browser.



Primary links

Custom Search

User login

Who's new

  • maczugaher
  • locksgydff
  • isotheces
  • ahundredyears7
  • Jacomijntjefu

Who's online

There are currently 0 users and 4 guests online.

KrissysCorner.com RuthSwensonLaw.com CreativeLizardProductions.com

DISCLAIMER:

None of this has anything to do with us, someone else is responsible for the entire thing, and we have no idea who or why. We do not know anything about it. It may be alien life forms for all we know: we haven't a clue. You cannot blame us for anything that may result from your visit. That was entirely your own personal choice, made by you of your own volition, and without our knowledge. We do not, after all, have any control over you and cannot by any stretch of the imagination be expected to accept or acknowledge, be it legally or morally, any accountability for decisions made by you on an independent basis, utilizing your own free will, and without our intervention. We are therefore in no way, shape, or form answerable to anyone for any consequences arising from the aforementioned or indeed any other actions, similar or otherwise, because it was not us that did, or did not do anything. It is not even remotely our fault, and we are in no way prepared or willing to accept any liability, not even slightly, ever. We are, in fact completely and utterly blameless, in that it is definitely not our concern, and no blame can possibly be laid at our doorstep, even if we had one, the possession of which we hereby reserve as being entirely our own free choice. The onus is not on us at all, and furthermore, never has been. The entire matter is wholly beyond our control, and completely out of our hands, each of which are washed scrupulously clean of the whole business. We are not accountable for anything at all, and we hereby categorically deny all responsibility for all that has ever, or will ever happen. Our innocence is therefore wholly beyond doubt and absolutely unimpeachable, and so cannot, under even the remotest or unlikeliest circumstances, be brought into question. By clicking either on a link on this site, clicking on a link that leads to this site, or by arriving at this site by natural or supernatural means, you are in effect accepting responsibility for the fact that it is all entirely your own fault, down to the most miniscule detail, and that you are wholly accountable for whatever outcome may arise as a consequence of the aforementioned action or actions insofar as they were undertaken personally by you on an entirely voluntary basis and without any persuasion, coercion or influence from any party or parties other than yourself. Don't come sniveling to us, we are only figments of your imagination. I also agree that if I am ever with a contributor to this website during mealtimes I agree to pay for any super-sizing of their meal, or at least a nice dessert or one of those foo-foo drinks with an umbrella or a monkey. By admitting to have seen the worthless spineless drivel on this website (also known as content)

I Agree Wholeheartedly and Without Reservation to the above. (Except maybe for that part about the monkey.)

All Your Base Are Belong To Us.

Soylent Green Is People!

Never make a bet with a Sicilian when Death is on the Line!

No. Really, I do agree.