Product Documentation

Use SSL on Controllers and change HTTP/HTTPS ports

Nov 05, 2013

The XML Service runs on the Delivery Controller and supports the HTTP and HTTPS protocols.

To use SSL

For HTTPS, the XML Service supports Secure Sockets Layer (SSL) features through the use of server certificates but not client certificates. To use HTTPS, you must obtain, install, and register a server certificate on all Controllers, and configure a port with the SSL certificate.

To change the default HTTP or HTTPS ports

By default, the XML Service listens on port 80 for HTTP traffic and port 443 for HTTPS traffic. Although you can use non-default ports on a Controller for HTTP or HTTPS traffic, be aware of the security risks of exposing a Controller to untrusted networks. Instead of changing the defaults, it is preferable to deploy a standalone StoreFront server.

  1. Run the following command on the Controller: BrokerService.exe -WIPORT http port -WISSLPORT https port

    http port is the port number for HTTP traffic and https port is the port number for HTTPS traffic.

  2. If you want the XML Service to ignore HTTP or HTTPS traffic on the default ports, set the following registry values on the Controller and restart the Broker Service. Both values are located in HKLM\Software\Citrix\DesktopServer\.
    Caution: Editing the registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
    • To ignore HTTP traffic, set XmlServicesEnableNonSsl to 0.
    • To ignore HTTPS traffic, set XmlServicesEnableSsl to 0.