Home > Citrix, VDI in a Box > Disabling HTTPS redirection for Citrix VDI in a Box web access.

Disabling HTTPS redirection for Citrix VDI in a Box web access.

Update: 22/08/2012 For VDI in a Box 5.1

One of my dislikes for VDI in a Box is the SSL redirection that takes place as soon as you attempt to log in to the web access portal.

SSL redirection I can live with, but the self signed certificate in VDI in a box can’t even be trusted and added as a known host due to the spaces in the name.

So, if you are doing a proof of concept and like me, can’t be arsed fighting with certificate import on these devices, here’s a quick tip to flat out turn off the SSL redirection for desktop logins.

Fire up winscp, and log into the VDI in a box appliance.

Navigate to /home/kvm/kvm/install/servlet_container/webapps/dt/web-inf

take a copy of the web.xml (you’ll thank me if you balls this up)

edit the Web.xml file and remove the highlighted section below:

Save the file

Putty / SSH to the device and issue a “tc_start” to restart tomcat

Note: For VDI in a Box 5.1, I’ve found early copies of the appliance didnt contain this command. If tc_start is not available, reboot the virtual machine via the console or web gui.

Now browse to the http address, tada! No more silly ssl errors.

NOTE: the admin console will still redirect, if you wish to disable this too, remove the following if statement from /home/kvm/install/serlet_container/webapps/admin/index.jsp

  1. alozzy
    May 22, 2012 at 10:13 pm

    For those that do want to use an SSL certificate at zero cost, have a look at cacert.org. You’ll just need to import the root certificate into your web browser – not a big deal for testing purposes.

  2. Art Corsai
    June 5, 2012 at 6:42 pm

    Thanks, got that going for our test setup, now if there was a way to get rid of the ssl requirement for the Citrix Receiver setup for testing ( but enabled for production)

  3. Ken Sheppard
    August 23, 2012 at 7:02 pm

    Thanks for the advice. But to clarify this modification, will this simply disable the internal https redirection for ViaB or will this also disable the external redirection as well that is published via CAG?

    • August 23, 2012 at 7:04 pm

      Hi ken,

      This should only disable the internal traffic, the access gateway will still tunnel via ssh.

      That being said, I haven’t tested it, do backup the file before hand.

  4. Joel
    August 24, 2012 at 5:03 pm

    This did not work. I can now get to the vdi site by using http:// however I cannot log on with any users; it tells me my credentials are invalid. The receiver will not connect either.

    I restored the web.xml file back to its default state and now cannot connet to any desktops.

    I’ve done this fix twice, just to make sure I wasn’t crazy and have gotten the same results.

    The only option is to have a CA issue you a certificate.

    • August 24, 2012 at 5:17 pm

      Hi Joel,

      Very sorry it didn’t work for you, it’s worked a number of times for me in my lab without issue.

      If you would prefer to take this offline my email address is on the about page above.

  5. will t
    September 25, 2012 at 3:18 pm

    I would make sure you do the command tc_start afterwards for the change to take effect.

    • September 25, 2012 at 5:26 pm

      Thanks!

      For some strange reason tc_start wasn’t present in the pre release, but yes it’s definitely there now.

      I’ll amend the article.

      A

  6. Ken Sheppard
    October 19, 2012 at 3:53 pm

    Andrew, is the procedure the same for ViaB 5.0.2? I have one client that is still running this version and not 5.1.

    Thanks.
    Ken

    • October 19, 2012 at 4:59 pm

      Hi ken,

      Should be fine, just backup the file before changes.

      A

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: