Installing Root Certificates on Clients | Citrix Systems 10 instruction

8

Integrating the Client with Security Solutions

61

Presentation Server documentation and SSL Relay documentation for details.

2.Install the equivalent root certificate on the client. See “Configuring SSL/ TLS” on page 60.

3.Configure a connection, or all connections, to connect to the server using SSL/TLS. See “Configuring SSL/TLS” on page 60.

Installing Root Certificates on Clients

To use SSL/TLS to secure communications between SSL/TLS-enabled clients and the server, you need a root certificate on the client that can verify the signature of the Certificate Authority on the server certificate. Mac OS X comes with about 100 commercial root certificates already installed, but if you need to install another certificate, follow the guidelines below.

Obtain a root certificate from the Certificate Authority and place it on each client (the certificate will usually have the extension .crt or .cer). This root certificate is then used and trusted by the client.

Depending on your organization’s policies and procedures, you may want to install the root certificate on each client instead of directing users to install it. The easiest and safest way is to add root certificates to the Mac OS X keychain; alternatively place root certificates in a certificates folder in the folder containing your client.

Important: The following steps assume your organization has a procedure in place for users to check the root certificate before they install it.

To add a root certificate to a keychain

1.Double-click on the file containing the certificate. This will automatically start the Keychain Access application.

2.In the Add Certificates dialog box, choose X509Anchors (if using Mac OS 10.4 Tiger) or System (if using Mac OS 10.5 Leopard) from the Keychain pop-up menu. Click OK.

3.Type your password in the Authenticate dialog box and click OK. The root certificate is installed and can be used by SSL-enabled clients and by any other application using SSL.

Configuring the Client to Use SSL/TLS

The following section explains how to configure the client to use SSL/TLS.

Image 61

Citrix Systems 10 manual Installing Root Certificates on Clients, Configuring the Client to Use SSL/TLS

Contents

Citrix Presentation Server Client for Macintosh, Version Copyright and Trademark Notice Contents Chapter Chapter Configuring the User Interface Index Before You Begin How to Use this GuideWho Should Use this Guide Accessing Product Documentation Before You Begin Client for Macintosh Administrator’s Guide Architecture Overview Using the Client New Features at This Release Client for Macintosh Features User Interface Features Connection Features Security Features Performance Improvement Features Mapping FeaturesPage Client for Macintosh Administrator’s Guide To install the client from the Citrix Web site Installing the Client for MacintoshDeploying the Client for Macintosh System Requirements Uninstalling the Client for Macintosh About Connection Files Configuring Connections to Servers and Applications To start the ICA Client Editor Starting the ICA Client Editor To create a connection file Creating a Basic Connection File Identifying a Desktop or Application to Connect to Server Address box To configure a master browser for an individual connection Choose either Server or Published Application To find the application or desktop to connect to To configure a business recovery server group Configuring Business Recovery and Server Groups Mapping Client Drives Mapping Client Devices Drive Mapped to To turn drive mapping off for a specific connection file Mapping Client COM Ports To map a client COM port Mapping Client Audio To turn audio mapping on for a specific connection To turn client audio on or off on a server Opening a File in a Specific Application Configuring the ServerExtended Parameter Passing Server Drive Mapping Client Drive Mapping Configuring the ClientAssociating the file type Configuring Connections to Servers and Applications Client for Macintosh Administrator’s Guide To start an ICA session Starting an ICA Session To specify application properties for a connection file Opening a Specific Application Using a Connection File Printing To print using the Macintosh Print dialog boxTo turn printing off for a specific connection file Session Reliability Reconnecting to Servers after a DisconnectionTo turn session reliability on for a specific connection PC key Macintosh options Making Keystrokes with Macintosh Keyboards Choose Keyboard Send Function Key Control/Alt About Client Keyboard Support Option-Escapeequal sign Using a Mouse To configure the default window properties Configuring the User InterfaceWindow Properties To specify the window properties for a particular connection Showing and Hiding the Menu Bar and Dock Configuring Hotkeys Configuring Sound Support Audio MappingTo configure the default alert beep setting Playing Windows Alert Beeps To change the default hotkeys Using Japanese Hotkeys To configure default keyboard layout and type settings Using Japanese KeyboardsTo map Kotoeri hotkeys To enable the Kanji Bango hotkey and Caps Lock key Solving Japanese Keyboard Problems Compressing Data Improving PerformanceCaching Images To configure the default settings for disk caching Reducing Display Latency Improving Performance Over a Low-Bandwidth Connection Changing Your Client Configuration Changing the Way You Use the Client Client for Macintosh Administrator’s Guide Configuring the Client to Work with a Proxy Server Integrating the Client with Security SolutionsSpecifying the Proxy Server Manually Detecting Proxy Details Automatically Click Firewall Settings Secure Gateway Integrating the Client with the Secure Gateway or SSL Relay SSL Relay Configuring SSL/TLS Configuring the Client to Use SSL/TLS Installing Root Certificates on Clients Connecting to a Server through a Firewall Using Encryption Client for Macintosh Administrator’s Guide Index Client for Macintosh Administrator’s Guide Index67 SSL/TLS+HTTPS