Product Documentation

System requirements and compatibility

Aug 07, 2017

Requirements

  • Windows 10 operating system.

Compatibility matrix

Compatible devices

IoT-compatible devices

Surface PC

Thin client

Phones

Surface Hub

Windows 10 S devices

Citrix Receiver for UWP is also compatible with all currently supported versions of XenApp, XenDesktop, StoreFront and NetScaler Gateway as listed in the Citrix Product Lifecycle Matrix.

Connections, Certificates, and Authentication

Connections

  • HTTPS store
  • NetScaler Gateway 11.1 and 11.0

Secure connections

TLS

You can launch apps and desktops from Citrix Receiver for UWP only if the VDA is configured for TLS connections.  For more information about configuring TLS on the VDA, see Transport Layer Security (TLS).

When TLS is configured on the VDA, the first connection attempt occurs using TLS 1.2. If TLS 1.2 is not supported, the connection falls back to TLS 1.1 or eventually TLS 1.0.  When a wildcard certificate is configured, the TLS connection to the VDA is successful.

The Server certificate is verified with RSA 2048-bit key length and SHA 256 algorithm.

By default, the connection between the user device and NetScaler Gateway uses TLS.

The root certificate must be in the local key store so that the remote gateway's certificate can be verified when a connection attempt occurs. If Citrix Receiver for UWP cannot verify the certificate, it displays a corresponding warning. If you continue through the warning, the list of applications is displayed; however, the applications do not launch.

The device must be configured with the correct date and time because Windows checks the certificate date against the device date.

Note

Citrix Receiver for UWP does not validate certificates. It is an SSL connection only if it is validated and trusted by the operating system.

Certificates

  • Private (self-signed)
  • Intermediate
  • Wildcard 

Private (self-signed) certificates

If a private certificate is installed on the remote gateway, the root certificate of the organization's certificate authority must be installed on the user device. This ensures successful access to virtual desktops and applications using Citrix Receiver for UWP.

To install a self-signed certificate, download the certificate on the device and run the following command from a command line:

certutil –f –addstore –user root NameOfCert.cer

Administrator-level credentials are required to run the above command.

Intermediate certificates and NetScaler Gateway

If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the NetScaler Gateway server certificate. For more information on configuring certificate, see Knowledge Center article CTX122955

Wildcard certificates

Wildcard certificates are used in place of individual server certificates for any server within the same domain. Citrix Receiver for UWP supports wildcard certificates.

Authentication

For connections to virtual desktops and apps, Citrix Receiver for UWP supports StoreFront and Web Interface.

  • XenApp and XenDesktop 7.13 and later
  • StoreFront 2.1, 2.0 (recommended), or StoreFront 1.2
    Provides direct access to the store.
  • StoreFront configured with Receiver for website
    Provides access to the store from a web browser. On a session, the user is prompted to open an ICA file to continue.

Connections

Citrix Receiver for UWP supports HTTPS through any of the following configurations.

  • For LAN connections:
    • StoreFront using https.
      Note: Only HTTPS store configuration is supported. HTTP store configuration is not supported.
  • For secure remote or local connections:
    • Citrix NetScaler Gateway 11.1 and 11.0

About secure connections and SSL certificates

TLS

You can launch apps and desktops from Citrix Receiver for UWP only if the VDA is configured for TLS connections.  For more information about configuring TLS on the VDA, see Transport Layer Security (TLS).

When TLS is configured on the VDA, the first connection attempt occurs using TLS 1.2. If TLS 1.2 is not supported, the connection falls back to TLS 1.1 or eventually TLS 1.0.  When a wildcard certificate is configured, the TLS connection to the VDA is successful.

The Server certificate is verified with RSA 2048-bit key length and SHA 256 algorithm.

By default, the connection between the user device and NetScaler Gateway uses TLS.

The root certificate must be in the local key store so that the remote gateway's certificate can be verified when a connection attempt occurs. If Citrix Receiver for UWP cannot verify the certificate, it displays a corresponding warning. If you continue through the warning, the list of applications is displayed; however, the applications do not launch.

The device must be configured with the correct date and time because Windows checks the certificate date against the device date.

Citrix Receiver for UWP does not validate certificates. Its an SSL connection only if it is validated and trusted by the operating system.

Private (self-signed) certificates

If a private certificate is installed on the remote gateway, the root certificate of the organization's certificate authority must be installed on the user device. This ensures successful access to virtual desktops and applications using Citrix Receiver for UWP.

To install a self-signed certificate, download the certificate on the device and run the following command from a command line:
certutil –f –addstore –user root NameOfCert.cer

Administrator-level credentials are required to run the above command.

Intermediate certificates and NetScaler Gateway

If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the NetScaler Gateway server certificate. For more information on configuring certificate, see Knowledge Center article CTX122955

Wildcard certificates

Wildcard certificates are used in place of individual server certificates for any server within the same domain. Citrix Receiver for UWP supports wildcard certificates.

Authentication

Authentication to StoreFront

  • Domain
  • Security token*
  • Two-factor authentication (Domain plus Security token)*

* Available only in deployments that include NetScaler Gateway.

Authentication to Web Interface

Web Interface uses the term "Explicit" for domain and security token authentication.

  • Domain
  • Security token*
  • Two-factor authentication (domain plus security token)*

* Available only in deployments that include NetScaler Gateway, with or without the NetScaler Gateway plug-in installed on the device

Citrix Receiver for UWP automatically detects authentication requirements (password or password + passcode) and displays authentication prompts accordingly. If protocols require another method of authentication, Citrix Receiver for UWP requests for a password by default.

After authenticating a user, Citrix Receiver for UWP saves user account details. The account name is My Virtual Apps.

Citrix Receiver for UWP supports the storage of only the domain and user name of a single account. Multiple accounts and the storage of passwords and passcodes are not supported. You can edit or remove the user account from the Settings option.