StoreFront SSL
Requirements
- StoreFront website must be up and running in http
- Joined to the domain
- Certificate Authority configured and Root CA certificate must be trusted on all servers and clients
- Web enrollment must be available
Lab Configuration
- Two servers with StoreFront installed (SF01/SF02).
- SF02 is the primary StoreFront server
- SF01 is the secondary StoreFront
- DNS Record: storefront.citrixguru.lab pointing to SF02.
- No load balancing at this time
- Certificate Authority: citrixguru-CA (Standalone)
- Procedure: https://mizitechinfo.wordpress.com/2013/08/29/step-by-step-deploying-a-standalone-root-ca-in-server-2012-r2-part-1
- Installed on a dedicated server
- Root CA is deployed by GPO on all servers and clients
- Certificate Issuing : citrixguru-IssuingCA (Entreprise Subordinate)
- Procedure: https://mizitechinfo.wordpress.com/2013/08/31/step-by-step-deploying-an-enterprise-subordinate-ca-in-server-2012-r2-part-2
- Installed on the domain controller (DC.citrixguru.lab)
- Web Enrollment is installed: https://dc.citrixguru.lab/certServ.
StoreFront SSL Configuration
There is multiple methods available to generate certificate (via IIS domain certificate creation, IIS domain certificate request, Certificate web enrollment, etc).
In this lab, we will create the certificate using the Certificate Web Enrollment website.
Create template
The default Web Server template does not let you export the Certificate Private key which is needed for this lab.
Original procedure on Technet.
Connect to the Enterprise issuing CA (DC.citrixguru.lab) and open the Certification Authority console. Expand the certification authority so that you can see Certificate Templates.
Right-click Certificate Templates and then click Manage. If you don’t see these options, then run the following command: certtmpl.msc to open the Certificate Templates console.
In the details pane of the Certificate Templates console, right-click the Web Server template and then click Duplicate Template. If you are prompted to select a template version, select 2003 and then click OK.
https://www.citrixguru.com/2015/11/15/lab-part-15-configure-ssl-in-storefront/