Jump to content
Welcome to our new Citrix community!

How to revert to http from CLI on the ADM management URL


Recommended Posts

From CLI to make gui http and https:

set ns ip <IPaddress> -gui enabled

# instead of secure only to allow both http/https

 

Next restoring or regenerating the default ns-server-certificate certkey:

It depends on how you modified the management services: a) did you replace default ns-server-certificate binding with a NEW certkey pointing to new files aka <mgmt certkey2>

or b) did you keep using the ns-server-certificate but replace the files it pointed to to your new cert/key files?

 

For option (a):

If you still have the original ns-server-certificate certkey and its files (ns-server.cert and ns-server.key), then just rebind this certkey to all the management services.

 

For option (b):

If you still have the original ns-server.cert and ns-server.key files, then you can just UPDATE the ns-server-certificate certkey in the GUI (or CLI) to point to the original files again. This should still be the certkey bound to all management services.

If you deleted the original files the certkey pointed to (but still have the certkey), the files will be regenerated automatically on next reboot restoring the missing ns-server.cert and ns-server.key files.  So you can still update the existing ns-server-certificate to the original files and reboot.

If you deleted the ns-server-certificate certkey, you will still have its dependent files (ns-server.cert and ns-server.key), but you will have to recreate the default certkey. Then manually bind it to the internal services.  Use procedure in KB article:  CTX122521 (below)

 

In general, good idea to back up config and cert files before changing the management binding AND leaving HTTP access on until you are sure it works (which I know doesn't help you after the issue occurred.)  Hope this helps.

 

These aren't exactly on your specific topic, but do cover changes to the management cert in use.

https://support.citrix.com/article/CTX122521

I prefer keeping the ns-server-certificate in use but pointing to new files because it will atuomatically attach to any new management ips you create. If you create a new certkey, you have to manually bind and not do it wrong.

 

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...