Prerequisites to install Citrix Workspace app
System requirements and compatibility
- This version of Citrix Workspace app requires a minimum of 1 GB RAM.
- .NET Framework minimum requirements
- Self-Service plug-in requires NET 4.6.2. It allows you to subscribe to and launch the apps and desktops from the Workspace for Windows user interface or command line. For more information, see Using command-line parameters.
Citrix Workspace app for Windows is compatible with the following Windows Operating systems and web browsers. It is also compatible with all currently supported versions of Citrix Virtual Apps and Desktops, and Citrix Gateway as listed in the Citrix Product Lifecycle Matrix.
The Citrix Gateway End Point Analysis Plug-in (EPA) does not support Citrix Workspace app for Windows.
|Windows 10 32-bit and 64-bit editions *|
|Windows 8.1, 32-bit and 64-bit editions (including Embedded edition)|
|Windows 7, 32-bit and 64-bit editions (including Embedded edition)|
|Windows Thin PC|
|Windows Server 2016|
|Windows Server 2012 R2, Standard, and, Datacenter editions|
|Windows Server 2008 R2, 64-bit edition|
|Windows Server 2019|
|Windows 10 Enterprise 2016 LTSB 1607|
*Supports Windows 10 Version 1607, 1703, 1709, 1803 and 1809.
|Latest Google Chrome (requires StoreFront)|
|Latest Mozilla Firefox|
|Operating system supported on touch-enabled devices||Operating system supported on VDA|
|Windows 10||Windows 10|
|Windows 8||Windows 8|
|Windows 7||Windows 7|
|Windows 2012 R2|
|Windows Server 2016|
|Windows 2008 R2|
Validating free disk space
The following table provides details on the minimum required disk space to install Citrix Workspace app for Windows.
|Installation type||Required disk space|
|Fresh installation||572 MB|
Citrix Workspace app performs a check to verify whether there is enough available disk space to complete the installation. The verification is performed both during a fresh installation and an upgrade.
During a fresh installation, the installation stops when there is insufficient disk space and the following dialog appears.
When you are upgrading Citrix Workspace app, the installation ends when there is insufficient disk space and the following dialog appears.
- The installer performs the check on the disk space only after extracting the installation package.
- When the system is low on disk space during silent installation, the dialog does not appear but the error message is recorded in the
Connections, Certificates, and Authentication
- HTTP store
- HTTPS store
- Citrix Gateway 10.5 and later
- Web Interface 5.4
- Private (self-signed)
Private (self-signed) certificates
If a private certificate is installed on the remote gateway, the root certificate of the organization’s certificate authority must be installed on the user device from which you are accessing the Citrix resources.
If the remote gateway’s certificate cannot be verified upon connection (because the root certificate is not included in the local Keystore.), an untrusted certificate warning appears. If a user chooses to continue through the warning, the apps are displayed but cannot be launched.
Installing root certificates
For domain-joined computers, you can use Group Policy Object administrative template to distribute and trust CA certificates.
For non-domain joined computers, the organization can create a custom install package to distribute and install the CA certificate. Contact your system administrator for assistance.
Wildcard certificates are used on a server within the same domain.
Citrix Workspace app supports wildcard certificates; however, they must be used in accordance with your organization’s security policy. In practice, an alternative to wildcard certificates is a certificate containing the list of server names with the Subject Alternative Name (SAN) extension. Private and public certificate authorities issue these certificates.
If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the Citrix Gateway server certificate. For information, see Configuring Intermediate Certificates.
Authentication to StoreFront
|Workspace for Web using browsers||StoreFront Services site (native)||StoreFront, Citrix Virtual Apps and Desktops (native)||Citrix Gateway to Workspace for Web (browser)||Citrix Gateway to StoreFront Services site (native)|
|Two-factor authentication (domain with security token)||Yes*||Yes*|
|User certificate||Yes (Citrix Gateway plug-in)||Yes (Citrix Gateway plug-in)|
* With or without the Citrix Gateway plug-in installed on the device.
Citrix Workspace app supports two-factor authentication (domain plus security token) using Citrix Gateway to the StoreFront native service.
Authentication to Web Interface
Citrix Workspace app supports the following authentication methods (Web Interface uses the term Explicit for domain and security token authentication):
|Web Interface (browsers)||Web Interface Citrix Gateway Site||Citrix Gateway to Web Interface (browser)||Citrix Gateway to Web Interface Citrix Gateway Site|
|Two-factor authentication (domain with security token)||Yes*|
|User certificate||Yes (Citrix Gateway plug-in)|
* Available only in deployments that include Citrix Gateway, with or without the associated plug-in installed on the device.
Certificate revocation list
When you enable certificate revocation list (CRL) checking, Citrix Workspace app checks to see if the server’s certificate is revoked. Forcing Citrix Workspace app to check this helps improves the cryptographic authentication of the server and the overall security of the TLS connection between the user device and a server.
You can enable CRL checking at several levels. For example, you can configure Citrix Workspace app to check only its local certificate list or to check the local and network certificate lists. In addition, you can configure certificate checking to allow users to log on only if all the CRLs are verified.
If you are making this change on your local computer, exit Citrix Workspace app. Ensure all the Citrix Workspace components, including the Connection Center, are closed.
For information, see the TLS section.