Netscaler 10.5 and Storefront 2.5.2 Configuration 13 Comments

Citrix Netscaler 10.5 is out since a couple of weeks now, and if you want to read what's new about this new release just click on the [link] because there are so many things I won't list everything here. I will use this blog to refresh the "how to" I already did about Netscaler and I will go through the basic setup, certificate request, import and Access Gateway configuration to plug my XenDesktop 7.5 lab. First, you need to download your Netscaler (download if you're using a VPX appliance). You can find the appliance corresponding to your hypervizor : vmware ESX Microsoft Hyper-V Citrix XenServer KVM You can download it here : [link] - myCitrix account is required One you boot up the appliance, after give the basic information like IP address, subnet and getway, you can fireup the GUI through your favorite browser. You need to logon and follow the step by step screenshots : The basic configuration is done. now time to add a certificate for the Access Gateway, creating a private key, a CSR and finally importing the pem certificate.   Don't forget to change the nsroot password. Now the certificate part is done (thanks to Digicert for my lab) you can go ahead to the next step and configure your Strorefront server to create a new store ready to connect with the Netscaler Access Gateway. Storefront part is easy and quick to do, you can now continue by creating the Access Gateway using the new wizard and following these steps : Here you go, just a reboot to have the Access Gateway up and running. I had few issue in the end with Application Firewall with Google Chrome and Safari from a Mac OSx computer, you need to enable the learning mode to check what need to be change in Application Firewall rules and allow connexion to you Access Gateway. You can customize the Netscaler Access Gateway logon page and your Storefront very easily, Eric one of my CTP friends did a very short and nice blog about that [link] and a very detailed blog written by Feng Huang Citrite here [link] This blog will give you a good overview on what needs to be done to set up an Access Gateway with Storefront, for those who don't have time to make test, now you know !

In this post I explain how I tried to troubleshoot this issue, if you need the solution, go at the end of this post. My company (Activlan) had to renew our certificate installed on our Citrix Secure Gateway 3.1.3. As you might know, Citrix has issued some virtual appliance and I had to chose between, Citrix Access Gateway 4.6.2 VPX and Netscaller VPX Express (Free !). My choice was to integrate a Citrix Access Gateway (CAG) mainly because we are using other product to manage VPN to all our customers and I wanted to install what I needed, nothing less, nothing more. So here we go, I got my xva file from MyCitrix account and I just deploy it on our XenServer, very easy, very simple, just some clicks. Once installed and basics configuration set, I had to generate the CSR (Certificate Signing Request) and wait for Verisign to send me the certificate I had to use with the CAG. This was a big adventure and of course I should have read the manual before, and configuration isn't so easy but I guess when you do it all day long you begin to know everything and I can say now, I know how to troubleshoot a CAG from the client side to the Web Interface. This error I got with my Mac didn't show up on my Windows computers. In fact Apple doesn't have a very big list of root certificate install on their OS compare to Windows. Here is the error message I got when I wanted to launch published application (XenApp). I was able to login in the CAG and the Web Interface as well, but not able to launch application. SSL Error 61: You have not chosen to trust "Verisign Class 3 Secure Server CA - G2", the issuer of the server's security certificate. Error number: 183 Sexy message, isn't it ? After searching around a bit I found this thread on Citrix's forums : http://forums.citrix.com/message.jspa?messageID=447656 everything went clear, I didn't had the root certificate on my computer to validate my brand new certificate from Verisign... So I tried to find how to get these root certificates, especially Verisign Class 3 Secure Server CA - G2, the one I needed. I found this Verisign address http://www.verisign.com/repository/roots/pca_certificate.html where you just have to fill a form to get a zip with everything what you might need : As you…