Storefront monitor not working properly for HTTPS services in 10.5

Now I just recently became aware from Twitter that the 10.5 Netscaler monitor for Storefront is not working properly for HTTPS enabled Storefront servers.

image 

The problem with the monitor is that it uses an IP based check (and not a hostname based check) which would allow the monitor to work properly since the digital certificate it presents does not match its IP-address.

NOTE: This only fails if the monitor is matched against a SSL based service and you have configured the monitor with secure

image

Now in older versions of the monitor it had an own “hostname” parameter, but that is now deprecated. Now all we have is a Store name setting there.

There is a workaround which was listed on the Citrix forums by a member there.

Here’s a workaround:

  1. Edit the file /netscaler/monitors/nssf.pl
  2. At line 23, insert the following before the current ENV line:

$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;

So let’s see if Citrix fixes this issue in the next release! Smilefjes

#citrix, #storefront