You can integrate
Receiver with the Secure Sockets Layer (SSL) Relay service. Receiver X1 for Mac
12.0 supports TLS 1.0, 1.1 and 1.2
Security (TLS) is the latest, standardized version of the SSL protocol. The
Internet Engineering Taskforce (IETF) renamed it TLS when it took over
responsibility for the development of SSL as an open standard.
TLS secures data
communications by providing server authentication, encryption of the data
stream, and message integrity checks. Some organizations, including U.S.
government organizations, require the use of TLS to secure data communications.
These organizations may also require the use of validated cryptography, such as
Federal Information Processing Standard (FIPS) 140. FIPS 140 is a standard for
By default, Citrix
SSL Relay uses TCP port 443 on the Citrix server for TLS-secured communication.
When the SSL Relay receives a TLS connection, it decrypts the data before
redirecting it to the server, or, if the user selects TLS+HTTPS browsing, to
the Citrix XML Service.
You can use Citrix
SSL Relay to secure communications:
- Between a TLS-enabled
Receiver and a server.
- With a server running the
Web Interface, between the XenApp server and the Web server.
about configuring and using SSL Relay to secure your installation or
configuring your Web Interface server to use TLS encryption, see the
and enabling Receiver for TLS
There are two main
steps involved in setting up TLS:
- Set up SSL Relay on your
XenApp or XenDesktop server and your Web Interface server and obtain and
install the necessary server certificate. For more information, see the
- Install the equivalent root
certificate on the user device.
root certificates on user devices
To use TLS to
secure communications between TLS-enabled Receivers and the server farm, you
need a root certificate on the user device that can verify the signature of the
Certificate Authority on the server certificate.
Mac OS X comes
with about 100 commercial root certificates already installed, but if you want
to use another certificate, you can obtain one from the Certificate Authority
and install it on each user device.
Depending on your
organization’s policies and procedures, you may want to install the root
certificate on each user device instead of directing users to install it. The
easiest and safest way is to add root certificates to the Mac OS X keychain.
To add a root
certificate to the keychain
- Double-click the file
containing the certificate. This automatically starts the Keychain Access
- In the
Certificates dialog box, choose one of the following from the
Keychain pop-up menu:
- login (The
certificate applies only to the current user.)
- System (The
certificate applies to all users of a device.)
- Type your password in the
Authenticate dialog box and then click
certificate is installed and can be used by SSL-enabled clients and by any
other application using SSL.