- If you enable this policy setting, you can set options for assigning an SSL to the Citrix VDA.
- If you disable this policy than SSL assignment will be explicitly disabled.
- If you do not configure this policy then the VDA SSL script will be skipped.
Enter the certificate thumbprint you want to be assigned to the VDA in this field. Thumbprints are in the following format:
If you make this field blank the script will attempt to auto-assign a certificate. Auto-assignment is done via 2 methods:
- If the DNS Names List (as found in Subject Alternative Name) has a matching computer name.
- If a certificate has a Subject Name in the format: CN=$FQDN,
Note the comma at the end of the Subject Name and “CN=” at the start. A computer with the name “W2016” and a domain of “contoso.com” would have the following name: CN=W2016.contoso.com,”
The port you want to assign the VDA SSL service(default = 443).
Minimum SSL Version:
The minimum SSL Version you want to allow for your certificate (default = TLS_1.0).
SSL Cipher Suite:
A predefined cipher suite for use with your certificate (default = ALL)
See here for more information: https://support.citrix.com/article/CTX220062
Logging during personlization
The SSL configuration runs during the personalization on computertstartup. For better troubleshooting the logging would be extended. to get all required informations.