Part of the most important thing is to secure the web interface, since if users are going to access it from the internet, it is important to know that the HTTP protocol (80 TCP) Not at all secure for password traffic, And anyone can get our passwords, what we will do is secure the web interface using SSL, The Secure Layer, with the HTTPS protocol (443 TCP). For this we need a server certificate, We can achieve this with some Internet certificate authority (for a fee) or else, We install a certificate authority (AC) On the web, you don't need to be on any server with Citrix.

Anyway, if we are going to use Web Interface over the Internet, it is advisable to do so through a CAG or a CSG.

To do this,, The first thing is to install the plugin of “Certificate Server Services” in the “Panel de Control” > “Add or remove programs” > “Add or remove Windows components”. We mark it with a check and an alert will appear that we will respond to “Yes” (It simply indicates that the CA will stop working if we change the server name or remove it from the domain).

Select “Root issuing entity of the company” and “Following”,

The “Common name for the CA” It must be the same as the name of the server where we are installing this component, Click on “Following”,

“Following”,

…

Vale, The CA is already installed, Now we will simply request a certificate from the IIS console. Here we click on “End”,

Open the console: “Beginning” > “Programmes” > “Administrative tools” > “Internet Information Services Management (IIS)”,

We move to “Default Website”, Right button and “Properties”,

From here is where we will request the certificate, from the “Directory Security”, We will install it here but we will not apply SSL security here in case we have a website, To avoid forcing it, let it be encrypted as well. Well, Click on “Server certificate…”

“Following”,

“Create a new certificate” and “Following”,

Since we already have a CA, We select the second option, “Following”,

We give it a descriptive name and “Following”,

Fill in the requested information…

Enter the server name, This is the name from the LAN, We can also use the DNS name it has from the internet.

Fill in the information for the certificate…

We will not change the HTTPS port,

Select our certificate authority and “Following”, It will be the one to which we send this certificate request.

Check that everything is OK,

“End”

Now we will simply enable this security only for the Metaframe directory to avoid modifying any other website. We move to: “Default Website” > “Citrix” > “Metaframe”, Right-click there and “Properties”,

On the “Directory security”, down in “Secure communications” Click on “Modify…”

Here we will require a secure connection, and if it isn't secure, Access will not be allowed. Marcamos los dos checks de “Require secure channel (SSL)” y la de “Require encryption 128 Bit”. Aceptamos todas las ventanas.

Y ya directamente para abrir el interfaz web de Citrix no valdría poniendo http://servidor/citrix/metaframe, si no con HTTPS, https://servidor/citrix/metaframe, veremos que sale abajo en la barra un candado, eso ya nos indica que la conexión es segura y la contraseña viajará por internet cifrada.