Hi John, Usually CSG clients are not part of MetaFrame domain, so cert from publisher should be manually exported to that client. The same thing is valid for CSG box. If windows clients are part of the same Active Directory, authorative certs will be automatically uploaded to the client at login. Although IIS is not required for CSG (on not even recommended to be installed on the same box to be exact) it is the easiest to reuse certs requested by IIS from your Certificate Server with CSG assuming you will turn IIS off or use it on another IP with socket pooling disabled. Nice thing to remember is capability of Java ICA implementation to deliver publishers certs automatically with Java applet - this is the case when you can get away with homegrown certs on Internet! ALEX >From: "John Price" <JPrice@xxxxxxxx> >Reply-To: thin@xxxxxxxxxxxxx >To: <thin@xxxxxxxxxxxxx> >Subject: [THIN] SCG and certs >Date: Mon, 25 Nov 2002 12:49:05 -0500 > > >I need help with Certs, as I am not to familiar with them. > >I have a CSG environment set up. IIS, NFuse, and STA on srv1. Gateway >on srv2, and metaframe on srv3. > >I have my own Certificate Authrority. What certs do I need and where? > >I have created a Server Authentication cert for srv2, and I have >downloaded and installed the CARoot cert on a client computer. I get the >NFuse page, I can log in and get my list of published apps, but when I >try to launch an app, I get an error; "The server certificate received >is not trusted (SSL error 61)". > >This is the contents of the launch.ica file, with names changed to >protect, well, me! > >******************************************************** >[Encoding] >InputEncoding=ISO8859_1 > >[WFClient] >Version=2 >ClientName=domain-user > >RemoveICAFile=yes > >[ApplicationServers] >Microsoft Word= > >[Microsoft Word] >Address=;10;STA01;56CCE14FC7AFEF89CB65472FAFA73E81 >InitialProgram=#Microsoft Word >LongCommandLine="" >DesiredColor=2 >TransportDriver=TCP/IP >WinStationDriver=ICA 3.0 > >AutologonAllowed=ON >Username=user >Domain=\6E0A4622033B84F7 >ClearPassword=3FB7EEF4262153 > >ClientAudio=On > >DesiredHRES=4294967295 >DesiredVRES=4294967295 >ScreenPercent=95 >TWIMode=On > >SSLEnable=On >SSLProxyHost=gateway.company.com:443 >BrowserProtocol=HTTPonTCP >HTTPBrowserAddress=! >SSLCiphers=all >SecureChannelProtocol=Detect > >SessionsharingKey=2-basic-basic-domain_user-farm > >[EncRC5-0] >DriverNameWin16=pdc0w.dll >DriverNameWin32=pdc0n.dll > >[EncRC5-40] >DriverNameWin16=pdc40w.dll >DriverNameWin32=pdc40n.dll > >[EncRC5-56] >DriverNameWin16=pdc56w.dll >DriverNameWin32=pdc56n.dll > >[EncRC5-128] >DriverNameWin16=pdc128w.dll >DriverNameWin32=pdc128n.dll > >[Compress] >DriverNameWin16=pdcompw.dll >DriverNameWin32=pdcompn.dll >************************************************ > >*********************************************** >This Weeks Sponsor >OneApp Total Control >Control, Secure and Audit your Thin Client Systems >http://www.oneapp.co.uk > >*********************************************** >For Archives, to Unsubscribe, Subscribe or >set Digest or Vacation mode use the below link. > >http://thethin.net/citrixlist.cfm _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 *********************************************** This Weeks Sponsor OneApp Total Control Control, Secure and Audit your Thin Client Systems http://www.oneapp.co.uk *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm