N Series: Citrix Receiver and Certificates Update
This article is for customers who are experiencing challenges connecting after a change to their Citrix receiver version or update to their environment certificates.
When Citrix released the Linux SoC Receiver version 13.X they changed the standard certificate format required to connect to most Citrix environments. Additionally, the mechanism that brokers the connection from endpoint to server also changed. This broker connection change now requires the complete Citrix URL, instead of the abridged URL that many were used with XenDesktop 6.5.
These changes will sometimes cause users to get "Unknown Error" when attempting to connect to their Citrix Environment with the N-Series end point.
Certificates:
The appropriate certificate type is now PEM, this was changed from CRT, so any CRT certificates that are in use must be removed and replaced with their PEM counterpart. See below on obtaining PEM certs:
- Open a browser, in this case Chrome
- Navigate to your Citrix URL
- Click the Lock in or near the Address Bar
- Click Connection Tab
- Click "Certificate Information"
- Click on the "Certification Path"
- Select the top cert in the list and double click, which should open up a new window
- Click the Details Tab and click "Copy To File"
- Click Next, select "Base-64 encoded X.509 (CER) and click next
- Click Browse and select the location you would like to save the certificate.
Repeat steps 7-10 for each certificate in the list
- Once you have All the certs in the list saved as .CER, rename them by selecting the file, right clicking and select "Rename"
- Rename each certificate file extension from "cer" to "pem" (if you do not see ".cer" after the cert name, you will need to change your Folder Options to show all known file types.
- Upload the certificates to the N500, this can be done on the N500 via FTP, USB or pushed to the N500 from vSpace Management Center.
- To upload certs from the N Series Device via FTP you will need to put the certs on an FTP server
- Open the device settings and navigate to the Security Tab and select Certificates and type out the location of the certificate, including the file name, on the FTP server.
- Load certificates on to root of USB Drive, insert into N Series Device. Navigate to the Security Tab, then Certificates. Type the name of the cert in the location field and click add.
- To upload certs to an N Series device via vSpace Management Center, open the device configuration from the “Manage Device” page, navigate to “Security” and use the upload wizard under the “Certificates” section.
URL:
In previous versions of Citrix Receiver the user was able to utilize an abridged URL and the broker would append the default URL to it, it no longer does that. The user must input the complete URL. Below are the are the default URLs, these should work if default settings were used in configuration:
XenApp/XenDesktop 7.X
- Storefront: https://fqdn/citrix/store
- Storefront for web: http(s)://fqdn/citrix/storeweb
- Legacy PNA: http(s)://fqdn/citrix/store/pnagent/config.xml
For XenApp 6.5/ XenDesktop 5.6
- For PNA site: http(s)://fqdn/citrix/PNAgent/config.xml
- For Citix Access Gateway: http(s)://fqdn
Updated Jan 25, 2017 Redesigned operation mode selection for Citrix Receiver (from FW 3.0.2.1 Release Notes)
The operation mode selection for Citrix Receiver has been redesigned in the 3.x firmware to make it more clear. Three modes are easily selectable now:
- PNAgent – this mode should be used when Citrix Receiver connects to a Services Site on a Web Interface 5.4 server or to XenApp services of a StoreFront server. URL format: http://WebInterface_FQDN_or_IP/Citrix/PNAgent/config.xml or: https://StoreFront_FQDN/Citrix/Store/PNAgent/config.xml
- StoreFront Client – Citrix Receiver connects to a StoreFront server. It can be a direct connection, or the StoreFront server can be located behind a NetScaler Gateway. URL format: https://StoreFront_FQDN/Citrix/Store/discovery or: https://NetScaler_Gateway_FQDN/
- Web plugin – the device uses its embedded web browser to connect to a website at the specified URL. This website is responsible for authenticating the user and delivering the ICA files describing connection parameters for Citrix Receiver. The specified URL can point to a Citrix Web Interface website, Citrix StoreFront Receiver for Web website, Citrix Access Gateway logon point, Citrix NetScaler Gateway logon page, etc.
Article: 1015
Related Articles
VMC Search results are Truncated (RESOLVED)
Issue: Using VMC 3.7.17.476 witn N-Series 2.4.2.1. When performing a device search for devices such as Retail the search results may not display all devices that meet the search criteria Solution: This problem has been addressed in VMC 3.7.20 Please ...
How do I get support for my N-Series device?
The N-Series product family includes the 400, 500, 500W, and 600. The N-Series 400 has reached its “End of Support” date and is therefore limited to self-help via our KB articles in this portal. The 500, 500W, and 600 will reach end of support ...
Migrating vSpace Management Center 3.6 or 3.7 to later versions of vSpace Management Center
When a update to vSpace Management Center is released it is important to update. Updates contain feature additions, security enhancements and updates as well as bug fixes. The process is simple, see below: Create and save a backup of your current ...
Error: This vSpace Manager has already been registered to an existing NComputing Management Portal customer account using unknown user...
This error may show when trying to register a vSpace Manager to the Management Portal. Please review the following possible scenarios: 1. A secondary Management Portal account is bering used to attempt to register. An NComputing / Management ...
Firmware update availability for N-series devices
N-series devices (N400, N500, N500w, N600) will reach End-of-Life on the following schedule: N400: December 30, 2019. N500: December 31, 2020 N500w: December 31, 2020 N600: December 31, 2020 Firmware for these devices are no longer in development. ...