This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Secure HDX (preview)
You can encrypt ICA sessions end-to-end between the Citrix Workspace app (client) and the VDA (session host).
The end-to-end encryption (E2EE) feature allows no intermediate network elements including the Citrix Gateway to decrypt the ICA traffic. It uplifts the secure posture of your environment and is easy to configure and manage.
System requirements
- Linux VDA minimum version 2311
- Delivery Controller minimum version 2308
- StoreFront minimum version 2308
- Citrix Workspace app for Windows minimum version 2308
Configuration
Enable end-to-end encryption
The end-to-end encryption (E2EE) feature is disabled by default. To enable it, set the Secure HDX policy to Enabled in Citrix Studio.
Schedule certificate renewals
The end-to-end encryption (E2EE) feature requires a self-signed certificate and its private key that the ctxcertmgr service on the Linux VDA manages.
A new self-signed certificate is created when the ctxcertmgr service starts or restarts. By default, the ctxcertmgr service renews the certificate (including its private key) every 7 days at the time 2:00 AM. You can also schedule certificate renewals with registry settings similar to the following:
/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\Software\Citrix\SecureHDX" -t "REG_SZ" -v "CaRotationStartDate" -d "2023-10-19" --force
/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\Software\Citrix\SecureHDX" -t "REG_SZ" -v "CaRotationTime" -d "00:45:30" --force
/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\Software\Citrix\SecureHDX" -t "REG_DWORD" -v "CaRotationPeriod" -d "0x00000005" --force
<!--NeedCopy-->
In the above example, the first certificate renewal time is set at 00:45:30 on 2023-10-19. After that, the ctxcermgr service renews the certificate every 5 days at 00:45:30. The scheduled date and time are the date and time on the Linux VDA.
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.