I'm trying to get CSG to work. I know Citrix pretty well, but when it comes to this IIS / Certificate stuff I feel rather lost and confused.
Ok so here is my environment:
2 Metaframe servers in the private network. (Windows 2000, Citrix MetaFrame XPa FR3).
IIS with NFuse is running on one MetaFrame server (for use on the internal network). I have also designated this server as the STA server. STA is installed.
Web server in DMZ (Windows 2000 IIS 5). Port 443 and 80 are open to the world on the outside on the firewall.
Between the DMZ and internal network I am allowing traffic on ports 80 (communication to STA), 81 (communication to MetaFrame XML), 1494 (communication to MetaFrame servers).
Ok so here are a few questions that I'm a little unclear on.
I don't care about encrypting traffic between the DMZ and the STA. In this case do I need a certificate on my STA server? I'm assuming no, but I'm not sure.
On the MetaFrame servers do I need to configure an altaddr? I think I do, but because the machine talking to them is the CSG server I would think I need to use two alternate addresses from my DMZ subnet. Or do I still need two external IP's? I'm confused on that one.
My CSG and NFuse (or now Web Interface) are on the same box in the DMZ. I currently have the external company web-site ( hosted on the server. I also have the Terminal Server ActiveX web page (soon to be taken replaced by CSG) hosted (resolved to "ts.domainname.com").
To get to the NFuse login I currently have it configured to go to: "
I've configured CSG to use 443 specifcally on the IP that ts.domainname.com resloves to. Is this kosher even though I'm not using ts.domainname.com as the NFuse login page? And will that work as long as I tell the WIAdmin tool the CSG server is "ts.domainname.com"?
I'm trying to get this working to test without having to purchase another domainname for the time being. Eventually I'll probably make "ts.domainname.com" go straight to the NFuse login page. But for now I'd like to leave it configured like I described above.
Lastly, I've requested a verisign test certificate for my web server. But when I went to install it I received the following error in the wizard:
Failed to Install the Certificate
Cannot find the requested object.
I know that is a lot of questions. I may be way off track and have this setup all wrong. But any help in clarifying what I need to do ASAP would be greatly appreciated!!!
Thanks!
Ok so here is my environment:
2 Metaframe servers in the private network. (Windows 2000, Citrix MetaFrame XPa FR3).
IIS with NFuse is running on one MetaFrame server (for use on the internal network). I have also designated this server as the STA server. STA is installed.
Web server in DMZ (Windows 2000 IIS 5). Port 443 and 80 are open to the world on the outside on the firewall.
Between the DMZ and internal network I am allowing traffic on ports 80 (communication to STA), 81 (communication to MetaFrame XML), 1494 (communication to MetaFrame servers).
Ok so here are a few questions that I'm a little unclear on.
I don't care about encrypting traffic between the DMZ and the STA. In this case do I need a certificate on my STA server? I'm assuming no, but I'm not sure.
On the MetaFrame servers do I need to configure an altaddr? I think I do, but because the machine talking to them is the CSG server I would think I need to use two alternate addresses from my DMZ subnet. Or do I still need two external IP's? I'm confused on that one.
My CSG and NFuse (or now Web Interface) are on the same box in the DMZ. I currently have the external company web-site ( hosted on the server. I also have the Terminal Server ActiveX web page (soon to be taken replaced by CSG) hosted (resolved to "ts.domainname.com").
To get to the NFuse login I currently have it configured to go to: "
I've configured CSG to use 443 specifcally on the IP that ts.domainname.com resloves to. Is this kosher even though I'm not using ts.domainname.com as the NFuse login page? And will that work as long as I tell the WIAdmin tool the CSG server is "ts.domainname.com"?
I'm trying to get this working to test without having to purchase another domainname for the time being. Eventually I'll probably make "ts.domainname.com" go straight to the NFuse login page. But for now I'd like to leave it configured like I described above.
Lastly, I've requested a verisign test certificate for my web server. But when I went to install it I received the following error in the wizard:
Failed to Install the Certificate
Cannot find the requested object.
I know that is a lot of questions. I may be way off track and have this setup all wrong. But any help in clarifying what I need to do ASAP would be greatly appreciated!!!
Thanks!
