How to Export and Install an SSL Certificate for StoreFront to Use HTTPS

How to Export and Install an SSL Certificate for StoreFront to Use HTTPS

book

Article ID: CTX206492

calendar_today

Updated On:

Description

This article explains how to export your existing SSL certificate, import the certificate to another StoreFront server, bind the certificate to Internet Information Services (IIS), and configure StoreFront for HTTPS connections. This article assumes the following typical scenarios:

  • You have created an SSL certificate on the first server in a StoreFront server group, and you wish to export the certificate for use on the remaining servers in the the group. (Read CTX200292 to generate and install an SSL certificate on a StoreFront server if you don't have any SSL certificate for your StoreFront server.)
  • You have a wildcard certificate for your domain and wish to use it for your StoreFront server(s). In this article, a wildcard certificate for *.mycitrixtraining.net is used to configure the StoreFront base URL to use HTTPS (https://storefront.mycitrixtraining.net).

Note: If your certificate is not a wildcard certificate, the common name of the certificate must match the Base URL of your StoreFront server group.
e.g. If your StoreFront base URL is http://storefront.yourcompany.com and you don't want to create a wildcard certificate, then the common name should be:
User-added image
For a wildcard certificate, the common name can be *.yourcompany.com in this scenario.

 

 

Instructions

Overview diagram of exporting and installing SSL certificate for StoreFront to use HTTPS

User-added image
Export your certificate

If you already have your SSL certificate in a .pfx file, skip to Import your certificate.
1. On the server containing the certificate you wish to export, click the Windows icon (User-added image) and type mmc.
Note: The screenshots used in this article were taken on a Windows Server 2012 R2. Images may differ.
2. Click mmc. This opens the Microsoft Management Console.
User-added image
3. Click File | Add/Remove Snap-in.
User-added image
4. Select Certificates, then click Add >.
User-added image
5. Select Computer account, and click Next >.
User-added image
6. Click Finish.
User-added image
7. The Certificates snap-in has been loaded. Click OK.
User-added image
8. Expand Certificates then Personal. Click on Certificates.
User-added image
9. Right-click on the certificate to export, and select All Tasks, then Export...
User-added image
10. Click Next.
User-added image
11. Select Yes, export the private key, then click Next.
User-added image
12. Click Next.
User-added image
13. Select the Password: checkbox, then enter and confirm a password to protect the private key. Click Next.
User-added image
14. Select a location for the certificate. Click Next.
User-added image
15. Click Finish.
User-added image
16. Click OK. This creates a .pfx (Personal Information Exchange) file containing the password-protected private key of the certificate.
 User-added image

 Import your certificate

1. Copy the .pfx to the StoreFront server, or map a drive to the file’s location.
2. Start the Microsoft Management Console (MMC), and add the Certificates snap-in (see steps 1 to 7 above).
3. Expand Certificates, right-click Personal, select All Tasks, and then click Import...
User-added image
4. Click Next.
User-added image
5. Click Browse... to locate the certificate.
User-added image
6. Change the dropdown to look for *.pfx files.
User-added image
7. Highlight the file and click Open.

User-added image
8. Click Next.
User-added image
9. Enter the password used when the certificate was exported. If you want to be able to export the certificate from this server for use on another server, make sure to select Mark this key as exportable. Click Next.
User-added image
10. Click Next.
User-added image
11. Click Finish.
User-added image
12. Click OK.
User-added image
13. Click Certificates.
User-added image
14. Right-click on the certificate and select Properties (or double-click the certificate).
User-added image
15. Confirm that you have the private key for the certificate. That line must be present for the certificate to function correctly.
User-added image
 

Bind the SSL certificate to IIS

1. Start InetMgr.  
2. Expand IIS Manager, right click on Default Web Site, and click Edit Bindings...
User-added image

3. Click Add...
User-added image
Note: Do not remove the http binding. 

4. Select the Type: dropdown.
User-added image

5. Select https, then select the certificate you just imported. Click OK.
User-added image

6. Click Close.
User-added image

Configure StoreFront to use the SSL Certificate

1. To modify StoreFront to use the SSL certificate, we must change the Base URL. Start StoreFront.

2. StoreFront is not currently using the SSL certificate. Click Server Group in the left pane.
User-added image
 
3. Click Change Base URL.
User-added image

4. Change http: to https: and click OK.
User-added image
User-added image

5. StoreFront is now using the SSL certificate. Repeat on any remaining StoreFront servers in the server group.

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Issue/Introduction

Setting up SSL/HTTPS Connections to be used with Citrix StoreFront 3.x

Additional Information

SSL Binding - https://technet.microsoft.com/en-us/library/hh831632.aspx#SSLBinding
 
Powered by Wolken Software