Citrix Command Center Cipher Suites

I recently installed and configured Citrix Command Center on a client to monitor and configure their NetScaler appliances.

When I opened the management page with Chrome, I got a message that the server was using a weak DH public key.

Since the guys didn't seem to be very helpful with issuing a certificate from their CA, I decided to disable the Diffie-Hellman cipher suites used by Command Center as a workaround.

To do that, you have to edit some apache configuration files.

The first step is to stop the Command Center service. Then make a backup copy of the following files:
1. CommandCenterInstallDirectory\apache\tomcat\conf\backup\server.xml
2. CommandCenterInstallDirectory\conf\transportProvider.conf

Search the server.xml file for "ciphers" to get to the part where the cipher suites are defined and then remove all the DH ciphers.
 
Set the same ciphers on the <CipherSuites></CipherSuites> part of the transportProvider.conf file.

Start the Command Center service and everything should be OK.

This is only a work around to get things going, not a solution. You should replace the certificate with a certificate from your CA to provide efficient security.

Popular posts from this blog

Syslog Message Collection for OMS from sources that do not support the agent

Generating Alerts On OMS

How to Configure Message Forwarding on a Mailbox Level