Once again, no sooner had I written an article on the Citrix iPhone Receiver tech preview release and Citrix announce the release of V1.0 at Citrix Synergy. I should have known that was going to happen to be honest!
So I downloaded it as I was keen to see if it worked with my companies existing XenApp 4.5, Web Interface and Secure Gateway configuration. I entered the details of the server, username, password, domain and configured the access gateway settings. Straight away I was prompted to enter my passcode, so far so good I thought. Then the error message “untrusted server certificate” appeared, for some reason I was expecting an error, I just knew it wasn’t going to be that easy.
I’ve been troubleshooting this for a couple of days now, I don’t appear to be the only one having issues as there are a few posts on the Citrix forums on this problem. I’m still actively troubleshooting but I appear to have two specific problems, server certificates on the iphone and the need for a PNAgent site on our external facing web interface server.
I’ve now had a chance to spend some time looking into this and with the help of Scott from Citrix on the Citrix forums I’ve managed to get this working, all be it without the 2 factor authentication that I require. So how did I get it working.
- Create a PNAgent site on your external facing web interface server
- Following the instructions in Thomas Koetzing article on creating an external facing PNAgent site
- Configure the iPhone reciever to connect to https://FQDNofCSG/Citrix/PNAgent/Config.xml
- Turn off the access gateway access, it then uses domain authentication only.
You may also find that you need to install the certificate of your Web Interface server on your iPhone in order to connect. To do this I extracted the certificate and then sent it to my iPhone email, opening the attachment allows you to install the certificate easily.
I’m trying to follow up on the lack of 2 factor authentication with the Citrix guys on the forum, my fear is that if a user selected “logon automatically” then a lost iPhone gives access to your corporate network which could be very damaging indeed.