N Series: Citrix Receiver and Certificates Update
This article is for customers who are experiencing challenges connecting after a change to their Citrix receiver version or update to their environment certificates.
When Citrix released the Linux SoC Receiver version 13.X they changed the standard certificate format required to connect to most Citrix environments. Additionally, the mechanism that brokers the connection from endpoint to server also changed. This broker connection change now requires the complete Citrix URL, instead of the abridged URL that many were used with XenDesktop 6.5.
These changes will sometimes cause users to get "Unknown Error" when attempting to connect to their Citrix Environment with the N-Series end point.
The appropriate certificate type is now PEM, this was changed from CRT, so any CRT certificates that are in use must be removed and replaced with their PEM counterpart. See below on obtaining PEM certs:
- Open a browser, in this case Chrome
- Navigate to your Citrix URL
- Click the Lock in or near the Address Bar
- Click Connection Tab
- Click "Certificate Information"
- Click on the "Certification Path"
- Select the top cert in the list and double click, which should open up a new window
- Click the Details Tab and click "Copy To File"
- Click Next, select "Base-64 encoded X.509 (CER) and click next
- Click Browse and select the location you would like to save the certificate.
Repeat steps 7-10 for each certificate in the list
- Once you have All the certs in the list saved as .CER, rename them by selecting the file, right clicking and select "Rename"
- Rename each certificate file extension from "cer" to "pem" (if you do not see ".cer" after the cert name, you will need to change your Folder Options to show all known file types.
- Upload the certificates to the N500, this can be done on the N500 via FTP, USB or pushed to the N500 from vSpace Management Center.
- To upload certs from the N Series Device via FTP you will need to put the certs on an FTP server
- Open the device settings and navigate to the Security Tab and select Certificates and type out the location of the certificate, including the file name, on the FTP server.
- Load certificates on to root of USB Drive, insert into N Series Device. Navigate to the Security Tab, then Certificates. Type the name of the cert in the location field and click add.
- To upload certs to an N Series device via vSpace Management Center, open the device configuration from the “Manage Device” page, navigate to “Security” and use the upload wizard under the “Certificates” section.
In previous versions of Citrix Receiver the user was able to utilize an abridged URL and the broker would append the default URL to it, it no longer does that. The user must input the complete URL. Below are the are the default URLs, these should work if default settings were used in configuration:
- Storefront: https://fqdn/citrix/store
- Storefront for web: http(s)://fqdn/citrix/storeweb
- Legacy PNA: http(s)://fqdn/citrix/store/pnagent/config.xml
For XenApp 6.5/ XenDesktop 5.6
- For PNA site: http(s)://fqdn/citrix/PNAgent/config.xml
- For Citix Access Gateway: http(s)://fqdn
Updated Jan 25, 2017
Redesigned operation mode selection for Citrix Receiver (from FW 126.96.36.199 Release Notes)
The operation mode selection for Citrix Receiver has been redesigned in the 3.x firmware to make it more clear. Three modes are easily selectable now:
- PNAgent – this mode should be used when Citrix Receiver connects to a Services Site on a Web Interface 5.4 server or to XenApp services of a StoreFront server. URL format: http://WebInterface_FQDN_or_IP/Citrix/PNAgent/config.xml or: https://StoreFront_FQDN/Citrix/Store/PNAgent/config.xml
- StoreFront Client – Citrix Receiver connects to a StoreFront server. It can be a direct connection, or the StoreFront server can be located behind a NetScaler Gateway. URL format: https://StoreFront_FQDN/Citrix/Store/discovery or: https://NetScaler_Gateway_FQDN/
- Web plugin – the device uses its embedded web browser to connect to a website at the specified URL. This website is responsible for authenticating the user and delivering the ICA files describing connection parameters for Citrix Receiver. The specified URL can point to a Citrix Web Interface website, Citrix StoreFront Receiver for Web website, Citrix Access Gateway logon point, Citrix NetScaler Gateway logon page, etc.