Updated verion of my set-CTXCloudConnectorToSecureXMLTraffic.ps1 script due to name and location changes of the Citrix Cloud Connector installation.
<#
set-CTXCloudConnectorToSecureXMLTraffic_v03.ps1
v0.3 - New Broker Service Name and Path -> Citrix Remote Broker Provider - x64 - Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
v0.2 - Check for Certificates
v0.1 - Initial Version
https://support.citrix.com/article/CTX221671
netsh http add sslcert ipport=0.0.0.0:443
certhash=PASTE_CERT_HASH_HERE_FROM_NOTEPAD
appid={PASTE_XD_GUID_HERE_BETWEEN{}_FROM_NOTEPAD
Browse to HKEY_LOCAL_MACHINE\Software\Citrix\DesktopServer\
Right-click DesktopServer, select New > DWORD (32-bit) Value
Name: XmlServicesEnableNonSsl
Value Data: 0
#>
# To obtain the Citrix Broker Service GUID on the Cloud Connector, in the Registry Editor, select Find, and search for Citrix Remote Broker Provider - x64.
# The search should return an entry in the following registry location Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
$keys = Get-Item -Path Registry::"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
foreach($key in $keys){
if((get-itemproperty $key[0].PsPath).DisplayName -eq 'Citrix Remote Broker Provider - x64'){
$CtxBrokerServiceValues = ($key.Name).Substring(71,38)
}
}
# Check for Certificates
$certs = (Get-ChildItem Cert:\LocalMachine\My\)
$selectedCert = $null
$certNames = $certs | ForEach-Object { $_.Subject }
write-host "******* Installed Cert Subjects **********" -ForegroundColor Green
$i = 0
foreach($certname in $certnames){
$i++
write-host "$i - $certname"
}
#$certNames
write-host ""
[int]$selectedCertName = Read-Host "Enter the number of the certificate you want to select"
if ($selectedCertName -le $i -AND $selectedCertName -gt 0) {
#$selectedCert = $certs | Where-Object { $_.Subject -eq $selectedCertName }
$selectedCert = $certs[$selectedCertName-1]
$selectedCert
}
else {
Write-Host "Certificate not found." -ForegroundColor Yellow
$selectedCert = $null
break # exit if no certificate is selected
}
# Get CC Computer Certificate Thumbprint
#$certhash = (Get-ChildItem Cert:\LocalMachine\My\).Thumbprint
$certhash = $selectedCert.Thumbprint
# Note: The “Citrix Broker Service GUID” being used to create the SSL binding may change with the Connector upgrades, however, no change is required to the SSL binding.
# The binding would persist through these changes and SSL would continue to be enabled for the XML traffic.
#netsh http add sslcert ipport=0.0.0.0:443 certhash=$certhash appid=$appID
netsh http add sslcert ipport=0.0.0.0:443 certhash=$certhash appid=$CtxBrokerServiceValues
# Allow only secure traffic
$registryPath = "HKLM:\Software\Citrix\DesktopServer"
$Name = "XmlServicesEnableNonSsl"
$value = "0"
New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null