This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
ICA file signing
StoreFront provides the option to digitally sign ICA files so that versions of Citrix Workspace app that support this feature can verify that the file originates from a trusted source. When file signing is enabled in StoreFront, the ICA file generated when a user starts an application is signed using a certificate from the personal certificate store of the StoreFront server. ICA files can be signed using any hash algorithm supported by the operating system running on the StoreFront server. The digital signature is ignored by clients that do not support the feature or are not configured for ICA file signing. If the signing process fails, the ICA file is generated without a digital signature and sent to Citrix Workspace app, the configuration of which determines whether the unsigned file is accepted.
To be used for ICA file signing with StoreFront, certificates must include the private key and be within the allowed validity period. If the certificate contains a key usage extension, this must allow the key to be used for digital signatures. Where an extended key usage extension is included, it must be set to code signing or server authentication.
For ICA file signing, Citrix recommends using a code signing or SSL signing certificate obtained from a public certification authority or from your organization’s private certification authority. If you are unable to obtain a suitable certificate from a certification authority, you can either use an existing SSL certificate, such as a server certificate, or create a new root certification authority certificate and distribute it to users’ devices.
ICA file signing is disabled by default. To enable ICA file signing, you must install a certificate and configure the store to use that certificate. Signing the ICA file has no effect unless you also configure Citrix Workspace app for Windows to require a certificate, for more information see ICA File Signing.
Note:
The StoreFront and PowerShell consoles cannot be open at the same time. Always close the StoreFront management console before using the PowerShell console to administer your StoreFront configuration. Likewise, close all instances of PowerShell before opening the StoreFront console.
-
On your StoreFront server, open Manage computer certificates.
-
Add your certificate to the Citrix Delivery Services certificate store.
-
Open the certificate, go to the Details tab and record the thumbprint.
-
Enable signing for a store using the Set-STFStoreService PowerShell cmdlet:
$storeService = Get-STFStoreService Set-STFStoreService $storeService -IcaFileSigning $true -IcaFileSigningCertificateThumbprint [certificatethumbprint] $certificate = Get-DSCertificate "[certificatethumbprint]" . "C:\Program Files\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1" Add-DSCertificateKeyReadAccess -certificate $certificates[0] -accountName “IIS APPPOOL\Citrix Delivery Services Resources” <!--NeedCopy-->Where [certificatethumbprint] is the digest (or thumbprint) of the certificate data produced by the hash algorithm.
If you want to use a hash algorithm other than SHA-1, add a parameter -IcaFileSigningHashAlgorithm set to sha256, sha384, or sha512, as required.
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.