-
Install and configure the NetScaler Gateway appliance
-
Maintain and monitor NetScaler Gateway systems
-
Configure DTLS VPN virtual server using SSL VPN virtual server
-
Integrate NetScaler Gateway with Citrix products
-
Integrate NetScaler Gateway with Citrix Virtual Apps and Desktops
-
Configure settings for your Citrix Endpoint Management Environment
-
Configure load balancing servers for Citrix Endpoint Management
-
Configure load balancing servers for Microsoft Exchange with Email Security Filtering
-
Configure Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering
-
Allow Access from mobile devices with Citrix Mobile Productivity Apps
-
Configure domain and security token authentication for Citrix Endpoint Management
-
Configure client certificate or client certificate and domain authentication
-
-
NetScaler Gateway Enabled PCoIP Proxy Support for VMware Horizon View
-
Proxy Auto Configuration for Outbound Proxy support for NetScaler Gateway
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configure client certificate or client certificate and domain authentication
You can use the NetScaler for Citrix Endpoint Management wizard to perform the configuration required for Citrix Endpoint Management when using NetScaler certificate-only authentication or certificate plus domain authentication. You can run the NetScaler for Citrix Endpoint Management wizard one time only. For information about using the wizard, see Configuring Settings for Your Citrix Endpoint Management Environment.
If you’ve already used the wizard, use the instructions in this article for the addition configuration required for client certificate authentication or client certificate plus domain authentication.
To ensure that the user of a device in MAM-only mode can’t authenticate using an existing certificate on the device, see “NetScaler Certificate Revocation List (CRL)” later in this article.
Configure NetScaler Gateway for client certificate authentication by using the GUI
- Navigate to Traffic Management > Load Balancing > Virtual Servers.
-
Select the virtual server of type SSL, and in the SSL Parameters section set Enable Session Reuse as DISABLED.
- Navigate to NetScaler Gateway > Virtual Servers.
- Select the virtual server of type SSL, and click Edit.
- In the SSL Parameters section, click the edit icon.
-
Select Client Authentication and in Client Certificate, select Mandatory.
-
Create an authentication certificate policy so Citrix Endpoint Management can extract the User Principal Name or the sAMAccount from the client certificate provided by Secure Hub to NetScaler Gateway.
-
Navigate to NetScaler Gateway> Policies> Authentication > CERT.
-
Click the Profiles tab and click Add.
-
Set the following parameters for the certificate profile:
Authentication Type: CERT
Two Factor: OFF (for certificate only authentication)
User Name Field: Subject: CN
Group Name Field: SubjectAltName:PrincipalName
-
Bind only the certificate authentication policy as the Primary Authentication in the NetScaler Gateway virtual server.
- Bind the Root CA certificate to validate the trust of the client certificate presented to NetScaler Gateway.
Configure NetScaler Gateway for client certificate and domain authentication by using the GUI
- Navigate to Traffic Management > Load Balancing > Virtual Servers.
-
Select the virtual server of type SSL, and in the SSL Parameters section set Enable Session Reuse as DISABLED.
-
Go to NetScaler Gateway > Policies > Authentication > Cert.
-
Click the Profiles tab, click Add.
-
Enter the Name of the profile, set Two Factor to ON, and from User Name Field, select SubjectAltNamePrincipalName.
-
Click the Policies tab and click Add.
-
Enter the Name of the policy, from Server select the certificate profile, set the Expression and click Create.
-
Go to Virtual Servers, select the virtual server of type SSL, and click Edit.
-
Beside Authentication, click + to add the certificate authentication.
-
To select the authentication method, in Choose Policy, select Certificate, and in Choose Type select Primary. This binds certificate authentication as the primary authentication with the same priority as the LDAP authentication type.
-
Under Policy Binding, click Click to Select to select the certificate policy created earlier.
-
Select the certificate policy created earlier and click OK.
-
Set the Priority to 100 and then click Bind. Use the same priority number when you configure the LDAP authentication policy in the subsequent steps.
-
On the row for LDAP Policy, click >.
-
Select the policy and then, from the Edit drop-down menu, click Edit Binding.
-
Enter the same Priority value that you specified for the certificate policy. Click Bind.
-
Click Close.
-
Click the edit icon in the SSL Parameters section.
-
Select the Client Authentication checkbox, and in Client Certificate choose Mandatory, and click OK.
- Click Done.
NetScaler Certificate Revocation List (CRL)
Citrix Endpoint Management supports Certificate Revocation List (CRL) only for a third party Certificate Authority. If you have a Microsoft CA configured, Citrix Endpoint Management uses NetScaler to manage revocation. When you configure client certificate-based authentication, consider whether you need to configure the NetScaler Certificate Revocation List (CRL) setting, Enable CRL Auto Refresh. This step ensures that the user of a device in MAM-only mode can’t authenticate using an existing certificate on the device. Citrix Endpoint Management reissues a new certificate, because it doesn’t restrict a user from generating a user certificate if one is revoked. This setting increases the security of PKI entities when the CRL checks for expired PKI entities.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.