Citrix Systems 10 Installing Root Certificates on Clients, Configuring the Client to Use SSL/TLS

Page 61

8

Integrating the Client with Security Solutions

61

Presentation Server documentation and SSL Relay documentation for details.

2.Install the equivalent root certificate on the client. See “Configuring SSL/ TLS” on page 60.

3.Configure a connection, or all connections, to connect to the server using SSL/TLS. See “Configuring SSL/TLS” on page 60.

Installing Root Certificates on Clients

To use SSL/TLS to secure communications between SSL/TLS-enabled clients and the server, you need a root certificate on the client that can verify the signature of the Certificate Authority on the server certificate. Mac OS X comes with about 100 commercial root certificates already installed, but if you need to install another certificate, follow the guidelines below.

Obtain a root certificate from the Certificate Authority and place it on each client (the certificate will usually have the extension .crt or .cer). This root certificate is then used and trusted by the client.

Depending on your organization’s policies and procedures, you may want to install the root certificate on each client instead of directing users to install it. The easiest and safest way is to add root certificates to the Mac OS X keychain; alternatively place root certificates in a certificates folder in the folder containing your client.

Important: The following steps assume your organization has a procedure in place for users to check the root certificate before they install it.

To add a root certificate to a keychain

1.Double-click on the file containing the certificate. This will automatically start the Keychain Access application.

2.In the Add Certificates dialog box, choose X509Anchors (if using Mac OS 10.4 Tiger) or System (if using Mac OS 10.5 Leopard) from the Keychain pop-up menu. Click OK.

3.Type your password in the Authenticate dialog box and click OK. The root certificate is installed and can be used by SSL-enabled clients and by any other application using SSL.

Configuring the Client to Use SSL/TLS

The following section explains how to configure the client to use SSL/TLS.

Page 60 Page 62
Image 61
Page 60 Page 62
Contents Citrix Presentation Server Client for Macintosh, Version Copyright and Trademark Notice Contents Chapter Chapter Configuring the User Interface Index Before You Begin How to Use this GuideWho Should Use this Guide Accessing Product Documentation Before You Begin Client for Macintosh Administrator’s Guide Architecture OverviewUsing the Client New Features at This Release Client for Macintosh FeaturesUser Interface Features Connection FeaturesSecurity Features Performance Improvement Features Mapping FeaturesPage Client for Macintosh Administrator’s Guide To install the client from the Citrix Web site Installing the Client for MacintoshDeploying the Client for Macintosh System RequirementsUninstalling the Client for Macintosh About Connection Files Configuring Connections to Servers and ApplicationsTo start the ICA Client Editor Starting the ICA Client EditorTo create a connection file Creating a Basic Connection FileIdentifying a Desktop or Application to Connect to Server Address box To configure a master browser for an individual connectionChoose either Server or Published Application To find the application or desktop to connect toTo configure a business recovery server group Configuring Business Recovery and Server GroupsMapping Client Drives Mapping Client DevicesDrive Mapped to To turn drive mapping off for a specific connection fileMapping Client COM Ports To map a client COM port Mapping Client AudioTo turn audio mapping on for a specific connection To turn client audio on or off on a serverOpening a File in a Specific Application Configuring the ServerExtended Parameter Passing Server Drive MappingClient Drive Mapping Configuring the ClientAssociating the file type Configuring Connections to Servers and Applications Client for Macintosh Administrator’s Guide To start an ICA session Starting an ICA SessionTo specify application properties for a connection file Opening a Specific Application Using a Connection FilePrinting To print using the Macintosh Print dialog boxTo turn printing off for a specific connection file Session Reliability Reconnecting to Servers after a DisconnectionTo turn session reliability on for a specific connection PC key Macintosh options Making Keystrokes with Macintosh KeyboardsChoose Keyboard Send Function Key Control/Alt About Client Keyboard Support Option-Escapeequal sign Using a MouseTo configure the default window properties Configuring the User InterfaceWindow Properties To specify the window properties for a particular connection Showing and Hiding the Menu Bar and DockConfiguring Hotkeys Configuring Sound Support Audio MappingTo configure the default alert beep setting Playing Windows Alert BeepsTo change the default hotkeys Using Japanese HotkeysTo configure default keyboard layout and type settings Using Japanese KeyboardsTo map Kotoeri hotkeys To enable the Kanji Bango hotkey and Caps Lock key Solving Japanese Keyboard ProblemsCompressing Data Improving PerformanceCaching Images To configure the default settings for disk caching Reducing Display Latency Improving Performance Over a Low-Bandwidth Connection Changing Your Client ConfigurationChanging the Way You Use the Client Client for Macintosh Administrator’s Guide Configuring the Client to Work with a Proxy Server Integrating the Client with Security SolutionsSpecifying the Proxy Server Manually Detecting Proxy Details Automatically Click Firewall SettingsSecure Gateway Integrating the Client with the Secure Gateway or SSL RelaySSL Relay Configuring SSL/TLSConfiguring the Client to Use SSL/TLS Installing Root Certificates on ClientsConnecting to a Server through a Firewall Using Encryption Client for Macintosh Administrator’s Guide Index Client for Macintosh Administrator’s Guide Index67 SSL/TLS+HTTPS
Top Page Image Contents