I've been looking into this for a few days but can't seem to find a clear cut answer, hoping someone may shed some light here for me.
I have a request to configure SSL onto a test VDA Delivery Group. This delivery group works fine through the netscaler pre-ssl configuration. I've installed the certificate, run the powershell command, enabled HDXSSL on the delivery group and can access internally via StoreFront with no issues.
The delivery controller also has been secured as well.
I've just checked and can confirm that 443 is not available from the SNIP to the VDA's that have just been setup with SSL. My understanding is that now we will need to send off to the firewall team to have 443 available from SNIP -> VDA's to ensure access. With this being enabled, is 1494 and 2598 no longer required from SNIP -> VDA, or are they still required? Even after running the powershell command I can telnet from the same network segment to
I saw in the Citrix Security Blog that the VDA certificate will need to be trusted by the end user connecting. Is this negated by the Netscaler or must the external client trust the certificate on the VDA itself, not just the Netscaler certificate?
Hoping someone who has implemented this can provide clarity. Network changes require approval and a few days to be processed, I am working to ensure what I have is correct.