Product Documentation

Security

May 22, 2017

Steps you can take to secure the License Administration Console and Web Services for Licensing:

  • Use HTTPS for the console web server communications - HTTPS is the default for new installs. If you are upgrading, you might need to use HTTPS.
  • Require users to log on to the Dashboard.
  • Specify a user session timeout.
  • Change your console password.

Use HTTPS to configure a server certificate file and key file

For new installations, the License Server uses HTTPS by default for both the License Administration Console (port 8082) and for Web Services for Licensing (port 8083). The web browser uses the License Administration Console and Citrix Licensing Manager. The Delivery Controller, Studio, and Director use Web Services for Licensing. For HTTPS, the License Server selects TLS 1.0, TLS 1.1, or TLS 1.2, as determined by the web browser, Delivery Controller, Studio, or Director.

Configuration of TLS version or TLS cipher suites within the License Server itself is not supported.

If you use HTTPS, you must have a valid server certificate. We generate a self-signed certificating during installation, but you can create your own. For more information, see Manually install a certificate used by the Citrix Licensing Manager and Web Services for Licensing.

To require users to log on to the Dashboard

You can optionally secure the Dashboard by forcing users to enter a password. The Administration area is password-protected for all users.
  1. Click Administration and select the Server Configuration tab.
  2. Click the User Interface bar.
  3. Select Require user to log on to view Dashboard.

To specify a session timeout

You can log out users after a specified time of inactivity, ensuring they do not leave the console unattended.

  1. Click Administration and select the Server Configuration tab.
  2. Click the Web Server Configuration bar.
  3. For Session Timeout, type the number of minutes that a user can remain inactive before being logged out of the console. The maximum value is 99999 (69 days, 10 hours, 39 minutes).

Change your console password

You can change your License Administration Console password at any time.

Note: The Windows license server does not support changing Active Directory user and local Windows user passwords. Active Directory users and local Windows users can change their passwords using their native operating systems. On Windows, if you log on as a Locally Managed user and then log on, the Change Password link displays at the bottom right corner.

If you log on as a Windows Active Directory user/admin, the Change Password link does not display at the bottom right corner. It doesn't support Active Directory users.

  1. In the bottom right corner of the console, click Change Password. If you do not see the link, it is because you are in the Dashboard area and you are not required to enter your credentials. Clicking the Administration option causes the link to appear.
  2. Type your old password.
  3. Type to enter and confirm your new password.

If you forget your password, contact the console administrator to assign you a new one.