- Configure StoreFront using the configuration files
- Configure Citrix Receiver for Web sites using the configuration files
This article describes additional configuration tasks that cannot be carried out using the Citrix StoreFront management console.
StoreFront provides the option to digitally sign ICA files so that versions of Citrix Receiver that support this feature can verify that the file originates from a trusted source. When file signing is enabled in StoreFront, the ICA file generated when a user starts an application is signed using a certificate from the personal certificate store of the StoreFront server. ICA files can be signed using any hash algorithm supported by the operating system running on the StoreFront server. The digital signature is ignored by clients that do not support the feature or are not configured for ICA file signing. If the signing process fails, the ICA file is generated without a digital signature and sent to Citrix Receiver, the configuration of which determines whether the unsigned file is accepted.
To be used for ICA file signing with StoreFront, certificates must include the private key and be within the allowed validity period. If the certificate contains a key usage extension, this must allow the key to be used for digital signatures. Where an extended key usage extension is included, it must be set to code signing or server authentication.
For ICA file signing, Citrix recommends using a code signing or SSL signing certificate obtained from a public certification authority or from your organization's private certification authority. If you are unable to obtain a suitable certificate from a certification authority, you can either use an existing SSL certificate, such as a server certificate, or create a new root certification authority certificate and distribute it to users' devices.
ICA file signing is disabled by default in stores. To enable ICA file signing, you edit the store configuration file and execute Windows PowerShell commands. For more information about enabling ICA file signing in Citrix Receiver, see ICA File Signing to protect against application or desktop launches from untrusted servers.
<certificateManager> <certificates> <clear /> <add ... /> ... </certificates> </certificateManager>
<certificateManager> <certificates> <clear /> <add id="certificateid" thumb="certificatethumbprint" /> <add ... /> ... </certificates> </certificateManager>
Where certificateid is a value that helps you to identify the certificate in the store configuration file and certificatethumbprint is the digest (or thumbprint) of the certificate data produced by the hash algorithm.
<icaFileSigning enabled="False" certificateId="" hashAlgorithm="sha1" />
Add-PSSnapin Citrix.DeliveryServices.Framework.Commands $certificate = Get-DSCertificate "certificatethumbprint" Add-DSCertificateKeyReadAccess -certificate $certificates -accountName “IIS APPPOOL\Citrix Delivery Services Resources”
Where certificatethumbprint is the digest of the certificate data produced by the hash algorithm.
By default, file type association is enabled in stores so that content is seamlessly redirected to users' subscribed applications when they open local files of the appropriate types. To disable file type association, you edit the store configuration file.
<farmset ... enableFileTypeAssociation="on" ... >
When Citrix Receiver users log on to a store, no title text is displayed on the logon dialog box, by default. You can display the default text “Please log on” or compose your own custom message. To display and customize the title text on the Citrix Receiver logon dialog box, you edit the files for the authentication service.
@* @Heading("ExplicitAuth:AuthenticateHeadingText") *@
Citrix Receiver users see the default title text “Please log on”, or the appropriate localized version of this text, when they log on to stores that use this authentication service.
<data name="AuthenticateHeadingText" xml:space="preserve"> <value>My Company Name</value> </data>
To modify the Citrix Receiver logon dialog box title text for users in other locales, edit the localized files ExplicitAuth.languagecode.resx, where languagecode is the locale identifier.
By default, Citrix Receiver for Windows stores users' passwords when they log on to StoreFront stores. To prevent Citrix Receiver for Windows, but not Citrix Receiver for Windows Enterprise, from caching users' passwords, you edit the files for the authentication service.
@SaveCredential(id: @GetTextValue("saveCredentialsId"), labelKey: "ExplicitFormsCommon:SaveCredentialsLabel", initiallyChecked: ControlValue("SaveCredentials"))
<!-- @SaveCredential(id: @GetTextValue("saveCredentialsId"), labelKey: "ExplicitFormsCommon:SaveCredentialsLabel", initiallyChecked: ControlValue("SaveCredentials")) -->
Citrix Receiver for Windows users must enter their passwords every time they log on to stores that use this authentication service. This setting does not apply to Citrix Receiver for Windows Enterprise.
Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it.
By default, Citrix Receiver for Windows automatically populated the last username entered. To supress population of the username field, edit the registry on the user device: