Jump to content
Welcome to our new Citrix community!

Home lab Netscaler


Recommended Posts

So I have setup a site at home.

Everything is on the same VLAN with ports 80 & 443 exposed via the firewall.

If I put a machine on the same network and hit the VIP of course I can get to the VDA's.

If I put it outside the VLAN I can get to the VIP and can login.

When I click on the VDA icon I get the attached errors.

I am using a "Test" certificate that is generated by the  NS if that matters.


Any ideas?


Link to comment
Share on other sites

3 hours ago, Carl Stalhood1709151912 said:

The Gateway certificate needs to be trusted by the client and the gateway FQDN must match the certificate. In a home lab, you can build a Microsoft CA to generate certificates.


Did you add the Gateway config to your StoreFront server and then enable it on the Store?

Thank you for your help.


As you noted I changed the certificate to my internal CA certificate on the STF and NS.

However, the NS will not allow me to export the STF config as I get "Cannot Download File. Operation not permitted [StoreFront Trust SSL certificate is missing.]"

I removed the gateway and set it up again on the NS using the new certificate.

I have checked IIS and set the bindings to the new certificate.

Still not able to get in for some reason.


Link to comment
Share on other sites

Are you trying to use the "export config" in storefront to import to gateway? Or something on the gateway to go to storefront?

And is this issue still in the configuration phase or are you in the user connection phase?

Even if the export doesn't work, a manual config of gateway and storefront will.


You need a trusted cert on both the gateway vpn vserver AND on the storefront store website.  Be sure gateway has the correct storefront name which matches the storefront fqdn cert AND the base url in the storefront config.


You might need to share more info on your gateway and storefront config for specific troubleshooting.  


The high-level config:

StoreFront needs to be properly configured with controller info (for internal connection and initial store setup).

Then StoreFront needs proper settings for both gateway fqdn and list of STA's and ports/portocols for gateway integration.

Gateway needs a valid cert on its own vserver and the proper storefront fqdn and list of sta's.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...