Product Documentation

System requirements

May 21, 2017

Citrix Receiver for UWP is compatible with the following listed devices. All the devices must be running on Windows 10 operating system:

  • IoT-compatible devices
  • Surface PC
  • Thin client
  • Phones
  • Surface Hub
  • Windows 10 S devices

Server

For connections to virtual desktops and apps, Citrix Receiver for UWP supports StoreFront and Web Interface.

  • XenApp and XenDesktop 7.13 and later
  • StoreFront 2.1, 2.0 (recommended), or StoreFront 1.2
    Provides direct access to the store.
  • StoreFront configured with Receiver for website
    Provides access to the store from a web browser. On a session, the user is prompted to open an ICA file to continue.

Connections

Citrix Receiver for UWP supports HTTPS through any of the following configurations.

  • For LAN connections:
    • StoreFront using https.
      Note: Only HTTPS store configuration is supported. HTTP store configuration is not supported.
  • For secure remote or local connections:
    • Citrix NetScaler Gateway 11.1 and 11.0

About secure connections and SSL certificates

TLS

You can launch apps and desktops from Citrix Receiver for UWP only if the VDA is configured for TLS connections.  For more information about configuring TLS on the VDA, see Transport Layer Security (TLS).

When TLS is configured on the VDA, the first connection attempt occurs using TLS 1.2. If TLS 1.2 is not supported, the connection falls back to TLS 1.1 or eventually TLS 1.0.  When a wildcard certificate is configured, the TLS connection to the VDA is successful.

The Server certificate is verified with RSA 2048-bit key length and SHA 256 algorithm.

By default, the connection between the user device and NetScaler Gateway uses TLS.

The root certificate must be in the local key store so that the remote gateway's certificate can be verified when a connection attempt occurs. If Citrix Receiver for UWP cannot verify the certificate, it displays a corresponding warning. If you continue through the warning, the list of applications is displayed; however, the applications do not launch.

The device must be configured with the correct date and time because Windows checks the certificate date against the device date.

Citrix Receiver for UWP does not validate certificates. Its an SSL connection only if it is validated and trusted by the operating system.

Private (self-signed) certificates

If a private certificate is installed on the remote gateway, the root certificate of the organization's certificate authority must be installed on the user device. This ensures successful access to virtual desktops and applications using Citrix Receiver for UWP.

To install a self-signed certificate, download the certificate on the device and run the following command from a command line:
certutil –f –addstore –user root NameOfCert.cer

Administrator-level credentials are required to run the above command.

Intermediate certificates and NetScaler Gateway

If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the NetScaler Gateway server certificate. For more information on configuring certificate, see Knowledge Center article CTX122955

Wildcard certificates

Wildcard certificates are used in place of individual server certificates for any server within the same domain. Citrix Receiver for UWP supports wildcard certificates.

Authentication

Citrix Receiver for UWP supports these authentication methods when used with StoreFront and NetScaler Gateway:

  • Domain
  • Security token*
  • Two-factor authentication (domain plus security token)*

* Available only in deployments that include NetScaler Gateway.

Citrix Receiver for UWP, when used with Web Interface and NetScaler Gateway, supports the following authentication methods. (Web Interface uses the term "Explicit" for domain and security token authentication.)

  • Domain
  • Security token*
  • Two-factor authentication (domain plus security token)*

* Available only in deployments that include NetScaler Gateway, with or without the NetScaler Gateway plug-in installed on the device.

Citrix Receiver for UWP automatically detects authentication requirements (password or password + passcode) and displays authentication prompts accordingly. If protocols require another method of authentication, Citrix Receiver for UWP requests for a password by default.

After authenticating a user, Citrix Receiver for UWP saves user account details. The account name is My Virtual Apps.

Citrix Receiver for UWP supports the storage of only the domain and user name of a single account. Multiple accounts and the storage of passwords and passcodes are not supported. You can edit or remove the user account from the Settings option.