Citrix Session Remote Start

Certificates

March 12, 2025

Contributed by:

Install SSL Certificate for Accessing StoreFront

During the use of Session Remote Start, a large number of calls to StoreFront’s API are required. Therefore, we need to install StoreFront’s certificate on the Session Remote Start server to ensure that Session Remote Start can successfully access StoreFront’s Web APIs.

Note:

Session Remote Start is hosted on IIS and runs under a different identity than the user installing the certificate. Ensure that the Session Remote Start service has the necessary permissions to load the certificate.

Citrix recommends installing the certificate under Local Machine to allow access for all users.

The IIS identity under which Session Remote Start is running must be able to visit the StoreFront URL of Receiver for Web Site without warning. (For example, https://storefront.rl011.local/Citrix/srsWeb)

Import SSL certificate for Session Remote Start to IIS Manager

Note:

Ignore this step if your Default Web Site is already configured.

Securing access and encrypting traffic with SSL certificates is the preferred way of deploying Session Remote Start. Follow the steps below to achieve:

Open up IIS Manager, select the Session Remote Start Server name, and open the Server Certificates.
Click Import… in the Actions panel on the right.

The settings shown for Select Certificate store and Allow this certificate to be exported in the images are recommended for enhanced security. If Web Hosting is selected, ensure to import the full certificate chain.

Also, ensure that the Session Remote Start service IIS identity has the necessary permissions to load the certificate.

Create HTTPS Binding

Note:

Ignore this step if your Default Web Site is already configured.

Create HTTPS binding in IIS Manager.

HTTPS binding in IIS Manager

Open the IIS Manager, click Default Web Site under Sites.
On the right panel, under Actions > Edit Site, click Bindings.
Click Add.
Under the Add Site Binding screen.
- Select the type as https.
- Set https port to 443.
- Enter the IP address and host name of Session Remote Start server respectively.
- Start server respectively in the respective fields.
- Click OK.
- Click Edit on the newly created Binding.
- Select the SSL certificate.

Note:

For the Binding settings, it is considered that the third-party authentication service and StoreFront use the same network connection for Session Remote Start. If they don’t, then remove any IP address and hostname restrictions and clear the Require Server Name Indication check box to avoid connection issues.

Require SSL

In IIS Manager, select the Session Remote Start Site, and double-click SSL Settings.
On the SSL Settings page, select Require SSL check box and under Client certificates, select Accept and click Apply.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Certificates

March 12, 2025

Contributed by:

Certificates

Install SSL Certificate for Accessing StoreFront

Import SSL certificate for Session Remote Start to IIS Manager

Create HTTPS Binding

Require SSL

In this article