When trying to launch the applications/ desktops, the users are prompted to select the smart card/ client certificate, however this behavior is not desirable as the users have already selected the certificate while authenticating to the NetScaler Gateway virtual server.
 

To avoid being prompted for the client certificate while trying to launch the applications/ desktops:

1. Create a new virtual server on the NetScaler. This NetScaler Gateway virtual server will have the same IP as the NetScaler Gateway virtual server that has Client Authentication enabled. However, the port will be different, else, it wont allow us to add the virtual server. For example we can use port 444.




2. Now, simply bind the certificate to this virtual server required to bring the NetScaler gateway virtual state to up. We can use the same certificate as used by the other NetScaler gateway virtual server with Client Authentication enabled.

3. Add the Secure Ticket Authority server(s) to the virtual server with no Client Authentication.

4. Make sure that this virtual server has Client Authentication unchecked under SSL Parameters.

4. On the Store Front Server, under Manage NetScaler Gateway Settings, the NetScaler Gateway URL will be set as https://<NGVIPFQDN>:444

---

Problem Cause

The prompt for the certificate comes up while launching the application/ desktop because the SSL Proxy Host that is added by the StoreFront Server is pointing to the NetScaler Gateway virtual server that has Client Authentication enabled.