STIGQter STIGQter: STIG Summary: Citrix Virtual Apps and Desktop 7.x License Server Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

Citrix License Server must protect the authenticity of communications sessions.

DISA Rule

SV-234224r628795_rule

Vulnerability Number

V-234224

Group Title

SRG-APP-000219

Rule Version

CVAD-LS-000480

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

1. Copy a valid server certificate file and server certificate key file into the \\Citrix\Licensing\LS\conf\ folder of the License Server installation directory.

2. Click "Administration" and select the "Server Configuration" tab.

3. Click the "Secure Web Server Configuration" bar.

4. Select "Enable HTTPS (Default 443)".

5. Enter a port for the HTTPS communication.

6. Enter the location of the server certificate file and the server certificate key file.

7. Stop and restart the Citrix Licensing service from the services control panel of the machine running the license server.

Check Contents

Look in \\Citrix\Licensing\LS\conf\ folder of the License Server installation directory for cert file/cert key file.

Open the License Management Console, click "Administration", and select the "Server Configuration" tab.

Click the "Secure Web Server Configuration" bar and verify "Select Enable HTTPS (Default 443)" is selected.

If "Select Enable HTTPS (Default 443)" is not selected, this is a finding.

NOTE: The user may be prompted to log in after "Administration".

Vulnerability Number

V-234224

Documentable

False

Rule Version

CVAD-LS-000480

Severity Override Guidance

Look in \\Citrix\Licensing\LS\conf\ folder of the License Server installation directory for cert file/cert key file.

Open the License Management Console, click "Administration", and select the "Server Configuration" tab.

Click the "Secure Web Server Configuration" bar and verify "Select Enable HTTPS (Default 443)" is selected.

If "Select Enable HTTPS (Default 443)" is not selected, this is a finding.

NOTE: The user may be prompted to log in after "Administration".

Check Content Reference

M

Target Key

5257

Comments