Next generation StoreFront was just released as Technical Preview. The new name is X1 StoreFront and the version number states 220.127.116.11.
In this blog post I’m going to show you how to secure a new Citrix X1 StoreFront installation with SSL and some Powershell.
I’m going to use Active Directory Certificate Services to create my internal SSL certificate. If you don’t have one, you can use the Powershell script below to install and configure Enterprise CA.
Install-WindowsFeature -Name Web-Server -IncludeManagementTools
Open the IIS Management Console – Server Certificates and click Create Domain Certificate.
I’m going to create a wildcard certificate for my domain, so I’m using *.ctxlab.local (internal Domain Name) as the Common name.
Then I select the Online Certification Authority which are the server hosting the Microsoft CA Role.
Now I’m going to Export the Certificate and store it on my file server.
The final step in terms of SSL is to import and bind the certificate to ALL Citrix Delivery Controllers and StoreFront Servers.
Open the IIS Management Console – Server Certificates – Import.
Navigate to Server Name – Sites and right click Default Web Site – Edit Bindings. Click Add – HTTPS and select your SSL certificate.
This can of course be done with Powershell. Make sure to change the path, password and the Thumbprint which you find when you check your certificate details.
certutil -f -importpfx -p $PFXPassword $PFXPath
New-webBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https
get-item cert:\LocalMachine\MY\$strThumb | new-item 0.0.0.0!443
Now it’s time to install Citrix X1 StoreFront. I’m not going to cover the next-next-finish process.
Start Citrix StoreFront and select Create a new deployment.
Let’s test it and see how it looks.
Awesome. Now with this information it’s very easy to add this to my Automation Framework.
That way when I install new Citrix XenApp / XenDesktop Delivery Controllers and Storefront Servers the certificate will be automatically imported and configured.