When you configure NetScaler Gateway for testing you probably do like me and configure HTTP (80) for everything instead of HTTPS (443) which is a little bit more work.
The main reason why you would and should switch to HTTPS is not because of security, but User Experience. You see, for users to be able to change expired passwords through NetScaler you need to use Secure LDAP (636). Let’s get started!
The first thing you need to do is to setup Active Directory Certificate Services, Create a Domain Certificate and export it. The blog post Securing Citrix X1 StoreFront with Powershell will show you how.
Open Citrix Studio – StoreFront – Server Group – Change Base URL and change from HTTP to HTTPS.
Citrix Studio – StoreFront – Stores – Manage Delivery Controllers – Edit.
Connect to StoreFront through SSL and verify that your certificate is valid.
After testing that SSL works okay it’s time to configure NetScaler.
Citrix Studio – NetScaler Gateway – Secure Ticket Authority – Edit.
Check the post Convert .PFX Certificate to PEM Format from Carl Stalhood on how to import and install your Domain Certificate on NetScaler.
Navigate to the NetScaler LDAP policy – edit Server and select SSL from the drop-down list.
A tip from David shows that you can also use SSL.
Change STA from HTTP to HTTPS.
Edit the PL_OS Profile.
Edit the PL_WB Profile.
Save the settings and reboot the NetScaler Gateway.
Set your test users password to expired and log in.
And that’s it.