01-05-2021

Citrix Workspace Website



‎Citrix Workspace app lets you access your SaaS, web apps, mobile, virtual apps, files, and desktops to help you be as productive on the go as you are in the office. If your company uses Citrix, you have the freedom to work on your favourite device from wherever you are. Just ask your IT department h. Download Citrix Workspace App, Citrix ADC and all other Citrix workspace and networking products. Receive version updates, utilities and detailed tech information. Citrix Workspace is context-aware, and supports progressive disclosure, meaning that it will only display mobile apps within the mobile workspace and not within the web or desktop Workspace apps. For now, Citrix Secure Hub is still needed to install Mobile apps, but Citrix said that it is working to integrate that application into Citrix. In order to do this, you must first grant Citrix access to the devices. Start by getting logged into Citrix. For information on how to do this, review the following article: Remote Access to CRSI Network from a Windows PC (Citrix Workspace). Once connected click the menu button at the top center of the screen to pull down all of your options.

downloadWhy can't I download this file?

  • Connect via Citrix Gateway even for internal connections. This would ensure connections work fine regardless of Virtual Apps or Desktops versions.
    Deploying SSL/TLS for each Virtual Delivery Agent (VDA) for direct connections. Workspace App for HTML5 supports secure direct SSL/TLS connections with XenApp/XenDesktop 7.6

Read the following articles from the Citrix Blog for more information:

Citrix

Mozilla Firefox

There is a possible workaround for Mozilla Firefox browser.

Note: This workaround has security implications; consult the security specialist of your organization to consider the following configuration.

  1. Enforce secure communications between Workspace App for HTML5 and applications or desktops (for example, using IPSec).

  2. Use Mozilla Firefox only for Citrix Receiver for HTML5 (not for general website use).

  3. Enforce a secure configuration for Firefox.

  4. Enable the Firefox network.websocket.allowInsecureFromHTTPS option.

If the preceding configuration is consistent with the security policy of your organization, an administrator can enable launching applications or desktop using the following steps:

  1. Open a new tab in the Firefox browser.

  2. Type about:config in the address bar.

  3. Double-click network.websocket.allowInsecureFromHTTPS and set the value to true.

Note: This Firefox option might not be supported in Citrix Receiver for HTML5 future versions.

WARNING! This option on Firefox affects the operation of entire Firefox, not just Citrix Receiver for HTML5.

Important Note

As of version 9, Safari browser allows insecure web socket connections. Internet Explorer never allowed non SSL/TLS web socket connections from HTTPS websites. Chrome used to allow it behind a flag, but after the Chrome 44 update, this is no longer supported. Firefox allows it behind a flag (as explained earlier in this article), but it is not recommended. Going forward, only secure (SSL/TLS) web socket connections can be made from Receiver for HTML5.

Problem Cause

When Workspace App for HTML5 is hosted on a https site (default and recommended), non SSL/TLS websocket connections are prohibited by browsers.
In explaining the technical reason behind this it is important to understand the following two principles:
1. As opposed to existing as a separate process, Citrix Workspace App for HTML5 operates within the frame and process space of the browser itself. As such the browser has the ability to enforce certain security parameters.

2. Additionally, when any Workspace App for Windows makes a connection to a VDA for either a published desktop or app, the underlying connection is made to the VDA and not the Storefront server as any kind of intermediate proxy.


This second point is less obvious in the case of Citrix Workspace App for HTML5 because the published desktop or application displays within the browser frame and “appears” to be connected via the Storefront server. Despite this appearance though, the underlying TCP/UDP connection is still between the client and the VDA. If the Storefront base URL is SSL enabled (where it begins with https as is best practice) and the VDA is not SSL enabled (which it is not by default) the browser in this case will prevent the connection due to what it sees as an underlying inconsistency. The inconsistency is that while the URL shown in the browser frame is prefixed with https, the actual underlying connection is not https even though it is not obvious to the user.
There are two solutions for this.
Solution 1 is to enable SSL on the VDA using the following guide:

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/tls.html
This will ensure that the connection path is SSL enabled between the internal client and the VDA.
Solution 2 is to have your connections from the clients first go through a Citrix Gateway. Citrix Gateway will proxy the connections and perform a SSL handshake between the client and the Citrix Gateway. In this scenario there is no inconsistency and connections via HTML5 Receiver will succeed.

Additional Resources

You can now use the Application probing feature to proactively monitor the health of applications enabling you to fix issues before the user actually experiences them. For more information refer to Citrix Documentation - Application probing.
downloadWhy can't I download this file?
  • Citrix Workspace App

Symptoms or Error

This article is intended for Citrix administrators and technical teams only.
Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.
When using StoreFront with or without Workspace App for HTML5 through an HTTPS URL, applications and desktops cannot be started. The following error message is displayed:

“Cannot create a secure connection in this browser. Refer to the Citrix Knowledge Center article CTX134123.”

Solution

Recommended Solution(s) for All Browsers

  • Connect via Citrix Gateway even for internal connections. This would ensure connections work fine regardless of Virtual Apps or Desktops versions.
    Deploying SSL/TLS for each Virtual Delivery Agent (VDA) for direct connections. Workspace App for HTML5 supports secure direct SSL/TLS connections with XenApp/XenDesktop 7.6

Read the following articles from the Citrix Blog for more information:

Mozilla Firefox

There is a possible workaround for Mozilla Firefox browser.

Note: This workaround has security implications; consult the security specialist of your organization to consider the following configuration.

  1. Enforce secure communications between Workspace App for HTML5 and applications or desktops (for example, using IPSec).

  2. Use Mozilla Firefox only for Citrix Receiver for HTML5 (not for general website use).

  3. Enforce a secure configuration for Firefox.

  4. Enable the Firefox network.websocket.allowInsecureFromHTTPS option.

Citrix Workspace Website If the preceding configuration is consistent with the security policy of your organization, an administrator can enable launching applications or desktop using the following steps:

  1. Open a new tab in the Firefox browser.

  2. Type about:config in the address bar.

  3. Double-click network.websocket.allowInsecureFromHTTPS and set the value to true.

Note: This Firefox option might not be supported in Citrix Receiver for HTML5 future versions.

WARNING! This option on Firefox affects the operation of entire Firefox, not just Citrix Receiver for HTML5.

Important Note

As of version 9, Safari browser allows insecure web socket connections. Internet Explorer never allowed non SSL/TLS web socket connections from HTTPS websites. Chrome used to allow it behind a flag, but after the Chrome 44 update, this is no longer supported. Firefox allows it behind a flag (as explained earlier in this article), but it is not recommended. Going forward, only secure (SSL/TLS) web socket connections can be made from Receiver for HTML5.

Citrix workspace web

Problem Cause

When Workspace App for HTML5 is hosted on a https site (default and recommended), non SSL/TLS websocket connections are prohibited by browsers.
In explaining the technical reason behind this it is important to understand the following two principles:
1. As opposed to existing as a separate process, Citrix Workspace App for HTML5 operates within the frame and process space of the browser itself. As such the browser has the ability to enforce certain security parameters.

2. Additionally, when any Workspace App for Windows makes a connection to a VDA for either a published desktop or app, the underlying connection is made to the VDA and not the Storefront server as any kind of intermediate proxy.


This second point is less obvious in the case of Citrix Workspace App for HTML5 because the published desktop or application displays within the browser frame and “appears” to be connected via the Storefront server. Despite this appearance though, the underlying TCP/UDP connection is still between the client and the VDA. If the Storefront base URL is SSL enabled (where it begins with https as is best practice) and the VDA is not SSL enabled (which it is not by default) the browser in this case will prevent the connection due to what it sees as an underlying inconsistency. The inconsistency is that while the URL shown in the browser frame is prefixed with https, the actual underlying connection is not https even though it is not obvious to the user.
There are two solutions for this.
Solution 1 is to enable SSL on the VDA using the following guide:

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/tls.html
This will ensure that the connection path is SSL enabled between the internal client and the VDA.
Solution 2 is to have your connections from the clients first go through a Citrix Gateway. Citrix Gateway will proxy the connections and perform a SSL handshake between the client and the Citrix Gateway. In this scenario there is no inconsistency and connections via HTML5 Receiver will succeed.

Additional Resources

Citrix Receiver

You can now use the Application probing feature to proactively monitor the health of applications enabling you to fix issues before the user actually experiences them. For more information refer to Citrix Documentation - Application probing.