I received a call from a client recently. They renewed the SSL certificate on their NetScaler, and while their iOS Receiver users could still authenticate and enumerate applications, they could no longer launch applications and desktops. All intermediate certificates were properly installed and linked.
The issue turned out to be the encryption method - SHA2 - used to hash the digital signature.
While SHA2 certificates have been around for a while, SHA1 certs had been the standard – until now. Microsoft has announced a new policy for CAs (Certification Authorities) who are members of the Windows Root Certificate Program (who issue publicly trusted certificates). The policy dictates that SHA1 certificates will be deprecated on January 1, 2016. After that date, only SHA2 certificates will be allowed to be issued. Unfortunately, the latest iOS (5.8) and Android (3.4) Citrix Receivers (among others) do not support SHA2 certificates when proxied through the NetScaler. See the full Receiver product matrix.
While Citrix has promised a NetScaler upgrade in 2004 Q2 to remedy the issue, if you are supporting remote iOS or Android users through NetScaler and you need to upgrade your SSL certificate, make sure that you purchase a SHA1 cert and not a SHA2 cert.
Note: I do find it curious, however, that Microsoft is still using a SHA1 certificate on their own site. ;-)
Wednesday, May 21, 2014
Friday, May 16, 2014
Didn’t make it to Citrix Synergy this year? Not to worry!
While this year’s session was not videotaped for SynergyTV, you can still download all presentation materials and source code:
(includes speaker notes)
o Demo 1 – The Power of jQuery
o Demo 2 – New StoreFront Skin
o Demo 3 – Adding Help Desk information
o Demo 4 – Alternate Application Views
o Demo 5 – StoreFront Store Customization SDK
You can also view the presentation on !
If you have any questions on the above, you can reach me at Sam.Jacobs@ipm.com