This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Install a TLS certificate on your server
The Citrix Hypervisor server comes installed with a default TLS certificate. However, to use HTTPS to secure communication between Citrix Hypervisor and Citrix Virtual Apps and Desktops, install a certificate provided by a trusted certificate authority.
This article contains information about how to use certificates in Citrix Hypervisor Center. For information about working with certificates by using the xe CLI, see Hosts and resource pools.
Ensure that your TLS certificate and its private key meet the following requirements:
- The certificate and key pair are an RSA key
- The key matches the certificate
- The key is provided in a separate file to the certificate
- The certificate is provided in a separate file to any intermediate certificates
- The key file must be one of the following types:
- Any certificate files must be one of the following types:
- The key is greater than or equal to 2,048 bits and less than or equal to 4,096 bits in length
- The key is an unencrypted PKCS #8 key and does not have a passkey
- The key and certificate are in base-64 encoded ‘PEM’ format
- The certificate is valid and has not expired
- The signature algorithm is SHA-2 (SHA256)
Citrix Hypervisor Center warns you when the certificate and key you choose do not meet these requirements.
You can use Citrix Hypervisor Center to install a certificate that is on the Citrix Hypervisor Center system into a Citrix Hypervisor server.
To install a certificate on a Citrix Hypervisor server, you must have the Pool Admin role and the Citrix Hypervisor server must not have HA enabled.
Go to the Install Certificates dialog. You can get to this dialog in one of the following ways:
- In the Server menu, select Install Certificates.
- Right-click on the server in the resources pane and choose Install Certificates from the context menu.
- In the General tab of the server, right-click on the Certificates section and choose Install Certificates from the context menu.
- In the Install Certificates dialog, browse to the location of the private key file and select it.
- Browse to the location of the server certificate file and select it.
You can choose to add any number of intermediate certificates from the certificate chain.
- Click Add
- Browse to the location of one or more intermediate certificates and select them.
Citrix Hypervisor Center validates and installs the certificates.
- If there is a problem with a certificate, Citrix Hypervisor Center shows an error message. Attempt to correct the problem and click Install again.
- If the certificate is installed successfully, Citrix Hypervisor Center shows a success message. You can now click Close to close the dialog.
When the certificate on a Citrix Hypervisor server is changed, the server closes any open connections. Citrix Hypervisor Center expects this behavior and reopens the connection with the Citrix Hypervisor server. However, you might have to manually reopen any other connections that were previously open to the server - for example, from another API client or the remote xe CLI.
In the General tab for a Citrix Hypervisor server, a section called Certificates displays the following information for the server:
- The certificate validity period. This text appears red when the certificate is approaching its expiry date.
- The certificate thumbprint
The General tab for a Citrix Hypervisor pool displays the following information for the pool:
- The General section has an entry for Certificate Verification which shows whether certificate verification is enabled or disabled.
- The Certificates section lists the name, validity, and thumbprint for the CA certificates.
Certificate verification is enabled by default on fresh installations of Citrix Hypervisor 8 Cloud and later. For more information, see Certificate verification.
If you upgrade from an earlier version of Citrix Hypervisor, certificate verification is not enabled automatically and you must enable it. Citrix Hypervisor Center prompts you to enable certificate verification the next time you connect to the upgraded pool.
Before enabling certificate verification on a pool, ensure that no operations are running in the pool.
Citrix Hypervisor Center provides several ways to enable certificate verification.
When first connecting the Citrix Hypervisor Center to a pool without certificate verification enabled, you are prompted to enable it. Click Yes, Enable certificate verification.
In the Pool menu, select Enable Certificate Verification.
On the General tab of the pool, right-click the entry Certificate Verification and choose Enable Certificate Verification from the menu.
You can reset the server identity certificate from the Citrix Hypervisor Center or from the xe CLI. Resetting a certificate deletes the certificate from the server and installs a new self-signed certificate in its place.
To reset a certificate in Citrix Hypervisor Center:
- Go to the General tab for the server.
- In the Certificates section, right-click on the certificate you want to reset.
- From the menu, select Reset Certificate.
- In the dialog the appears, click Yes to confirm the certificate reset.
Alternatively, in the Server menu, you can go to Certificate > Reset Certificate.
When you reset a certificate, any existing connections to the server are disconnected — including the connection between Citrix Hypervisor Center and the server.
For information about resetting a certificate by using the xe CLI, see Certificate verification.
When your certificates are nearing their expiry date, Citrix Hypervisor Center shows alerts in the Alerts section of the Notifications tab. You can choose to open the Install Certificates dialog from the action menu of these alerts.
For more information about alerts, see Citrix Hypervisor Center Alerts.
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.