- If you enable this policy setting, you can set options for assigning an SSL to the Citrix VDA.
- If you disable this policy than SSL assignment will be explicitly disabled.
- If you do not configure this policy then the VDA SSL script will be skipped.
Certificate Thumbprint:
Enter the certificate thumbprint you want to be assigned to the VDA in this field. Thumbprints are in the following format:
9fe2c86fc2ca0fffe935d116e568010223fa9881
If you make this field blank the script will attempt to auto-assign a certificate. Auto-assignment is done via 2 methods:
- If the DNS Names List (as found in Subject Alternative Name) has a matching computer name.
- If a certificate has a Subject Name in the format: CN=$FQDN,
Note the comma at the end of the Subject Name and “CN=” at the start. A computer with the name “W2016” and a domain of “contoso.com” would have the following name: CN=W2016.contoso.com,”
SSL Port:
The port you want to assign the VDA SSL service(default = 443).
Minimum SSL Version:
The minimum SSL Version you want to allow for your certificate (default = TLS_1.0).
SSL Cipher Suite:
A predefined cipher suite for use with your certificate (default = ALL)
See here for more information: https://support.citrix.com/article/CTX220062
Logging during personlization
The SSL configuration runs during the personalization on computertstartup. For better troubleshooting the logging would be extended. to get all required informations.
