[THIN] Re: SCG and certs
- From: "Alexander Danilychev" <teknica@xxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Mon, 25 Nov 2002 11:53:45 -0800
Hi John,
Usually CSG clients are not part of MetaFrame domain, so cert from publisher
should be manually exported to that client. The same thing is valid for CSG
box. If windows clients are part of the same Active Directory, authorative
certs will be automatically uploaded to the client at login.
Although IIS is not required for CSG (on not even recommended to be
installed on the same box to be exact) it is the easiest to reuse certs
requested by IIS from your Certificate Server with CSG assuming you will
turn IIS off or use it on another IP with socket pooling disabled.
Nice thing to remember is capability of Java ICA implementation to deliver
publishers certs automatically with Java applet - this is the case when you
can get away with homegrown certs on Internet!
ALEX
>From: "John Price" <JPrice@xxxxxxxx>
>Reply-To: thin@xxxxxxxxxxxxx
>To: <thin@xxxxxxxxxxxxx>
>Subject: [THIN] SCG and certs
>Date: Mon, 25 Nov 2002 12:49:05 -0500
>
>
>I need help with Certs, as I am not to familiar with them.
>
>I have a CSG environment set up. IIS, NFuse, and STA on srv1. Gateway
>on srv2, and metaframe on srv3.
>
>I have my own Certificate Authrority. What certs do I need and where?
>
>I have created a Server Authentication cert for srv2, and I have
>downloaded and installed the CARoot cert on a client computer. I get the
>NFuse page, I can log in and get my list of published apps, but when I
>try to launch an app, I get an error; "The server certificate received
>is not trusted (SSL error 61)".
>
>This is the contents of the launch.ica file, with names changed to
>protect, well, me!
>
>********************************************************
>[Encoding]
>InputEncoding=ISO8859_1
>
>[WFClient]
>Version=2
>ClientName=domain-user
>
>RemoveICAFile=yes
>
>[ApplicationServers]
>Microsoft Word=
>
>[Microsoft Word]
>Address=;10;STA01;56CCE14FC7AFEF89CB65472FAFA73E81
>InitialProgram=#Microsoft Word
>LongCommandLine=""
>DesiredColor=2
>TransportDriver=TCP/IP
>WinStationDriver=ICA 3.0
>
>AutologonAllowed=ON
>Username=user
>Domain=\6E0A4622033B84F7
>ClearPassword=3FB7EEF4262153
>
>ClientAudio=On
>
>DesiredHRES=4294967295
>DesiredVRES=4294967295
>ScreenPercent=95
>TWIMode=On
>
>SSLEnable=On
>SSLProxyHost=gateway.company.com:443
>BrowserProtocol=HTTPonTCP
>HTTPBrowserAddress=!
>SSLCiphers=all
>SecureChannelProtocol=Detect
>
>SessionsharingKey=2-basic-basic-domain_user-farm
>
>[EncRC5-0]
>DriverNameWin16=pdc0w.dll
>DriverNameWin32=pdc0n.dll
>
>[EncRC5-40]
>DriverNameWin16=pdc40w.dll
>DriverNameWin32=pdc40n.dll
>
>[EncRC5-56]
>DriverNameWin16=pdc56w.dll
>DriverNameWin32=pdc56n.dll
>
>[EncRC5-128]
>DriverNameWin16=pdc128w.dll
>DriverNameWin32=pdc128n.dll
>
>[Compress]
>DriverNameWin16=pdcompw.dll
>DriverNameWin32=pdcompn.dll
>************************************************
>
>***********************************************
>This Weeks Sponsor
>OneApp Total Control
>Control, Secure and Audit your Thin Client Systems
>http://www.oneapp.co.uk
>
>***********************************************
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link.
>
>http://thethin.net/citrixlist.cfm
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
***********************************************
This Weeks Sponsor
OneApp Total Control
Control, Secure and Audit your Thin Client Systems
http://www.oneapp.co.uk
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
