Securing Citrix X1 StoreFront with Powershell

Next generation StoreFront was just released as Technical Preview. The new name is X1 StoreFront and the version number states 2.7.0.9.

In this blog post I’m going to show you how to secure a new Citrix X1 StoreFront installation with SSL and some Powershell.

I’m going to use Active Directory Certificate Services to create my internal SSL certificate. If you don’t have one, you can use the Powershell script below to install and configure Enterprise CA.

Configure Microsoft CA with Powershell

Open the IIS Management Console – Server Certificates and click Create Domain Certificate.

I’m going to create a wildcard certificate for my domain, so I’m using *.ctxlab.local (internal Domain Name) as the Common name.

Create Wildcard Domain Certificate StoreFront

Then I select the Online Certification Authority which are the server hosting the Microsoft CA Role.

Create Wildcard Domain Certificate StoreFront Select CA

Create Wildcard Domain Certificate StoreFront Overview

Now I’m going to Export the Certificate and store it on my file server.

Export Wildcard Certificate from IIS

The final step in terms of SSL is to import and bind the certificate to ALL Citrix Delivery Controllers and StoreFront Servers.

Open the IIS Management Console – Server Certificates – Import.

Create Wildcard Domain Import Certificate on StoreFront Servers

Navigate to Server Name – Sites and right click Default Web Site – Edit Bindings. Click Add – HTTPS and select your SSL certificate.

Create Wildcard Domain Certificate StoreFront Edit IIS Bindings

This can of course be done with Powershell. Make sure to change the path, password and the Thumbprint which you find when you check your certificate details.

Certificate Thumbprint

Import and Bind SSL Certificate with Powershell

Now it’s time to install Citrix X1 StoreFront. I’m not going to cover the next-next-finish process.

Start Citrix StoreFront and select Create a new deployment.

Create New X1 StoreFront Deployment

Create New X1 StoreFront Deployment Base URL

Create New X1 StoreFront Deployment Store Name

Create New X1 StoreFront Deployment Delivery Controller

Create New X1 StoreFront Deployment Delivery Controller Overview

Create New X1 StoreFront Deployment Remote Access

Create New X1 StoreFront Deployment Created Successfully

Let’s test it and see how it looks.

Citrix X1 StoreFront Login Page

Citrix X1 StoreFront Application Page

Citrix X1 StoreFront Desktop Page

Awesome. Now with this information it’s very easy to add this to my Automation Framework.

That way when I install new Citrix XenApp / XenDesktop Delivery Controllers and Storefront Servers the certificate will be automatically imported and configured.

One Response to Securing Citrix X1 StoreFront with Powershell

Leave a reply