NetScaler 12.0 with SSL A+ and HTTP2 Support

Leave a Comment / By /

Please refer to the steps below on how to enable XenApp/XenDesktop with NetScaler 12.0 with SSL A+ and HTTP2 support

login to NetScaler via CLI and look for VPN vServer configured

   add vpn vserver **_XD_172.16.1.10_443** SSL 172.16.1.10 443

Replace the vServer with VPN vServer and harden it by following the link below
https://aventistech.com/2018/07/ssl-test-with-a-result-in-netscaler-vpx/

You should get the A+ Score for your XenApp / XenDesktop now

Enable HTTP2
Find the HTTP profile name that associate with the VPN vserver

show VPN vserver
1)      _XD_172.16.1.10_443 (172.16.1.10:443) - SSL     Type: CONTENT
        State: UP
        Down state flush: ENABLED
        Loginonce: OFF
        Disable Primary Vserver On Down : DISABLED
        TCP profile name: nstcp_default_XA_XD_profile
        HTTP profile name: nshttp_default_strict_validation
        Appflow logging: ENABLED
        Authentication : ON
        DeploymentType : ICA_STOREFRONT
        Device Certificate Check: OFF
        CGInfra Homepage Redirect : ENABLED
        Current AAA Sessions: 0
        Total Connected Users: 0
        Icaonlylicense : OFF    IcaProxySessionMigration : OFF
        DoubleHop : DISABLED    Dtls : ON       L2Conn: OFF
        Max Login Attempts: 0    Failed Login Timeout 0
        Fully qualified domain name: citrix.aventistech.info
        Listen Policy: NONE
        IcmpResponse: PASSIVE
        RHIstate:  PASSIVE
        Traffic Domain: 0

Enable HTTP2, Direct HTTP/2 and Direct HTTP/2 using Alternative Service with the following command

set ns httpProfile nshttp_default_strict_validation -http2 ENABLED -http2Direct ENABLED -altsvc ENABLED

Verify the HTTP2 is enabled via https://tools.keycdn.com/http2-test

Reference
1. https://docs.citrix.com/en-us/netscaler/12/system/http-configurations/configuring-http2.html

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top