AuthorJohannes Norz

Johannes Norz is a Citrix Certified Citrix Technology Advocate (CTA), Citrix Certified Instructor (CCI) and Citrix Certified Expert on Application Delivery and Security (CCE-AppDS). He frequently works for Citrix international Consulting Services and several education centres all around the globe. Johannes lives in Austria. He had been borne in Innsbruck, a small city (150.000 inhabitants) in the middle of the most beautiful Austrian mountains (https://www.youtube.com/watch?v=UvdF145Lf2I)

Changing my Citrix NetScaler VPX based website from http to https and scoring an A+ in SSL labs test

C

Last update: July 12 2018 This blog is about NetScaler versions up to 12. Find later versions here January 2020: It’s pretty outdated by now, as some of the proposed encryption methods are outdated and there are serious concerns about TLS1.0 and TLS 1.1. Read Thomas’s blog from here. Citrix NetScaler load balancing and content switching servers will only score an C in quality labs SSL...

How to get a valide certificate for our NetScaler, if possible for free?

H

This is an updated blog entry. I first posted it on my old and discontinued blog at blog.com for Citrix NetScaler 10, this one is for Citrix NetScaler 11. We all know how to get a private Certificate for free: You just have to set up a Windows Server, add a role, select certificate authority. That’s it. However these Certificates are not trusted by any browser, even worse: they are not trusted by...

Front End Optimization (FEO) on Citrix NetScaler 11

F

Last update: July 7th 2018 (FEO testpage does not exist any more, but I updated the download link) I played round on my Citrix NetScaler with Front End Optimization (FEO) in NetScaler 11 built 63.16 (October 2015). There are several requirements. First of all, FEO is a feature depending on an other feature: Integrated Caching. Integrated Caching has to be set up properly, I have written a blog...

Preparing Citrix NetScaler 11 integrated Caching for Front End Optimization

P

Front End Optimization on a Citrix NetScaler will only work, if caching is set up correctly. This is especially true for image optimization. Usually it’s caching to blame for if image optimization does not work. So what to do? Citrix tells us (edocs.citrix.com): Front end optimization requires the NetScaler integrated caching feature to be enabled. Additionally, you must perform the...

Setting up StoreFront 3.0 for NetScaler 11

S

As soon as our NetScaler Gateway is up and running we need to set up StoreFront to use it. It’s more a kind of introducing the NetScaler Gateway to StoreFront. Other than WebInterface StoreFront is designed to use a NetScaler Gateway, so it’s a rather easy thing to do. Enabling Pass-Through authentication from NetScaler Gateway We open up StoreFront management console and click...

Making a NetScaler Gateway on NetScaler 11 a bit more secure

M

last update February 7th 2017 There are never versions about SSL-settings We have previously created a NetScaler Gateway on our NetScaler 11. That’s great! Time to check if it’s secure. I usually use SSL labs SSL test, a widely used tool to test the security of a website. I have an other blog about NetScaler virtual servers (contentswitching and loadbalancing SSL offloading servers)...

Setting up a NetScaler Gateway on NetScaler 11

S

It is quite easy to set up a NetScaler Gateway on NetScaler 11. It’s quite similar to NetScaler 10.5, but the wizard is much more powerful now! I’ll show you how to do it. Prerequisites I assume you have: a certificate in place. This certificate should be a valid certificate created by a trusted certificate authority. If you don’t know how to get or create a certificate: there...

Enabling ECDHE ciphers in NetScaler 10.5

E

last update: February 7th 2017 Similar but newer posts: Changing my Citrix NetScaler VPX based website from http to https and scoring an A+ in SSL labs test and Making a NetScaler Gateway on NetScaler 11 a bit more secure ECDHE Ciphers, this means, Elliptic curve Diffie–Hellman type of cyphers, add additional security to a NetScaler. If we want to use this kind of cyphers we need to create a DH...

Replacing HTTP server related information using a NetScaler policy label

R

It may not be the strongest security measure, but many administrators are not quite sure about HTTP headers like Server or X-Powered-By. There seems to be just one reason why this header has to be in a HTTP response: It makes life easier for a hacker. So why not just remove it? Or even fake a false server? In fakt there is no technical need for this headers. We have a NetScaler, the ultimate...

Recent Posts

Recent Comments