Product Documentation

Enforce trust relations

May 03, 2013

Trusted server configuration is designed to identify and enforce trust relations involved in Receiver connections. This trust relationship increases the confidence of Receiver administrators and users in the integrity of data on user devices and prevents the malicious use of Receiver connections.

When this feature is enabled, Receivers can specify the requirements for trust and determine whether or not they trust a connection to the server. For example, a Receiver connecting to a certain address (such as https://*.citrix.com) with a specific connection type (such as SSL) is directed to a trusted zone on the server.

When trusted server configuration is enabled, connected servers must reside in a Windows Trusted Sites zone. (For step-by-step instructions about adding servers to the Windows Trusted Sites zone, see the Internet Explorer online help.)

If you connect using SSL, add the server name in the format https://CN, where CN is the Common Name shown on the SSL certificate. Otherwise, use the format that Receiver uses to connect; for example if Receiver connects using an IP address, add the server’s IP address.

To enable trusted server configuration

If you are changing this on a local computer, close all Receiver components, including the Connection Center.

  1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer or by using the Group Policy Management Console when applying domain policies.
    Note: If you already imported the icaclient template into the Group Policy Editor, you can omit Steps 2 to 5.
  2. In the left pane of the Group Policy Editor, select the Administrative Templates folder.
  3. From the Action menu, choose Add/Remove Templates.
  4. Choose Add and browse to the Receiver Configuration folder (usually C:\Program Files\Citrix\ICA Client\Configuration) and select icaclient.adm.
  5. Select Open to add the template and then Close to return to the Group Policy Editor.
  6. Expand the Administrative Templates folder under the User Configuration node.
  7. In the Group Policy Editor, go to Administrative Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver > Network Routing > Configure trusted server configuration.
  8. From the Action menu, choose Properties and select Enabled.