In depth: SSL certificates and Citrix Secure Gateway (Part One)
In this article I investigate the use of SSL certificates generated with a Microsoft Certification Authority for the interaction with the Citrix Secure Gateway.
You first need to focus our attention on how the SSL certificates. The Secure Socket Layer (SSL) is a protocol created by Netscape to ensure secure communication between web servers and browsers. When the browser requests a secure page, the web server sends its public key with the certificate, the browser checks the validity of the certificate and the web server sends a symmetric encryption key encrypted with the public key of the web server. At this point the web server begins to transmit the information encrypted with the symmetric key, the browser decodes and displays the information.
The pair public key / private key is generated at the same time via an algorithm based on prime numbers: These two keys have the peculiarity of being able to decipher what the other key is encrypted, but at the same time given a key you can not recreate the first.
At this point you just have to clarify why the certificate. In fact during the trasazione with our Web server, we want to be sure about exactly what the web server and not with one who claims to it (the word phishing suggests there anything?). That's what the certificates: the web server's public key is digitally signed by a third party (the CA) declaring that we are actually talking about with that Web server. Modern browsers are released with a number of public keys of some entities that are declared reliable, and that in turn digitally sign the various certificates. When our browser encounters a certificate issued by VeriSign, GeoTrust or another of these Certification Authority, knows that the name written in the SSL certificate is reliable and can verifcare accuracy of the certificate based sul'URL we called on expiration date of the certificate and, in fact, the digital signature.
When we use an internal Certificate Authority, so universally recognized we may receive an error on cerficato due to the fact that the browser does not recognize how we are accessing trusted the CA that signed the certificate. In this case, you must import the CA's public key to ensure that the certificate does not give problems.
This is particularly important when we talk about safety and especially when we use certificates to connect to the Secure Gateway. In fact, the implementation of Citrix provides that the certificate is very valuable to establish a connection to a Presentation Server using Secure Gateway. If the computer you are connecting to does not recognize the CA used to sign the certificate, the connection will fail with an error published application SSL.Chi using a Certification Authority Microsoft Active Directory is somehow an advantage because the CA automatically distributes your public key to all computers in domain. But if we are using the Secure Gateway is likely that those who access our applications not being done by a computer domain. In fact today there are Certification Authority recognized by most browsers / systems that sell certificates for less than 100 € a year (including for esemprio RapidSSL ) and so it is always necessary to ask how much it's worth complicated.
In depth: SSL certificates and Citrix Secure Gateway (second part)
Other articles on similar topics:
- In depth: SSL certificates and Citrix Secure Gateway (second part)
- Vulnerability TSL and SSL protocols: Citrix upgrade the Secure Gateway, NetScaler and Access Gateway Enterprise - Update
- Citrix Secure Gateway version 3.1 is available
- Vulnerability in Citrix Secure Gateway 3.1
- Vulnerability in Citrix Secure Gateway 3.1.4
- Citrix Secure Gateway version 3.1.2 arrives
- Microsoft Virtualization second (first part)
