Jump to content
Welcome to our new Citrix community!
  • 1

SSL cert on Delivery Controllers


Dennis Parker

Question

I understand the process to update the certs based on several guides (links below). One guide says to get the AppID from this command:

   wmic product where "name like 'Citrix Broker Service'" get caption, identifyingnumber

 

But all of the rest of the guides I have found (Including Citrix documentation) say to pull from the registry location: HKEY_CLASSES_ROOT\Installer\Products (find Citrix Broker Service).

 

These two methods, on my DDCs, show different values. Which is the right value to use? Just test and see what works or will either work?

 

https://www.jgspiers.com/securing-ddc-xml-broker-communication-over-https/

https://www.mycugc.org/blogs/harinder-kareer/2019/02/05/bind-your-ssl-server-cert-to-citrix-broker-svc

https://support.citrix.com/article/CTX130213

https://mickderksen.wordpress.com/2016/05/12/how-to-enable-secure-xml-traffic-on-citrix-delivery-controllers/

https://ctxpro.com/securing-citrix-broker-xml-service-without-iis/

 

 

Link to comment

3 answers to this question

Recommended Posts

  • 0

Sorry for the slow response...been away on a family emergency...

 

I appreciate the link to this script. There was another script in the links I provided that should work as well since they both do basically the same thing. Some choices made are different, but the basics of the process are the same.

 

However, this still doesn't exactly answer my question(s). Does it matter which value I use? (understanding the scripts and Citrix recommend using the Registry)

 

 

Link to comment
  • 0

James' post pointing me to Stephane Thirion's link above worked for me. I had no clue you could actually bind a cert to a IP, port, and for a specific App GUID. Make sure you have the cert/key (in my case .pfx file) imported first and making sure the exportable checkbox is checked. Script worked great after some tweaks. I had some trouble with the script not finding the Citrix Broker Service GUID# and cert thumbprint. $Thumbprint = (Get-ChildItem -Path Cert:LocalMachineMy wasn't correct for my 2019 server. I had to change the path to "-Path Cert:LocalMachine\My" (missing that "\" separating LocalMachine and My) and for some reason couldn't find the cert so I just looked at the cert details and copy/paste that as $Thumbprint = "insert thumbprint here" 

After restarting the Citrix Broker Service I checked the STAs on the Citrix Gateway and they were both UP! Sweeeeeet! Apps were showing up in workspace again.   

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...