By default in the Citrix Desktop Cloud, all Store Front to ddc communication is accessed through port 80. If you want to change to port 443 encrypted by SSL, you must bind a certificate to port 443.
The binding certificate must first have a certificate. For the steps to create a certificate, please refer to the blog I wrote before about how to configure certificates for StoreFront. If you do n’t know how to create a certificate, please read below.
The
operation method of https://blog.51cto.com/181647568/2478022 is the same, the difference is the domain name. Therefore, when applying for a certificate to write a common name, the domain name of ddc should be filled in.
Another point is that if you try to create a certificate or bind a port on ddc, then know that it is different from the sf server. By default, ddc does not install the iis console. So if you want to complete this operation with a graphical interface, you can install the iis console and bind the certificate to port 443. You can delete it after binding, or you can stay there, this will not affect the work of ddc.
In my test environment, I will have two ddcs, one of which has the iis console installed, while the other has nothing extra installed. The first one is very simple. I applied for a certificate and it was bound to port 443 through binding.
The second method is mainly described here. In the absence of IIS, the operation is completed through the command line. Of course, the certificate is still applied to ca through iis, but the iis console is not installed on ddc, you can find a machine with iis to complete this operation, or you can obtain the certificate by other means. If there is no environment, storefront must be included in the desktop cloud, so we can completely complete the certificate application in storefront and then import it into ddc. 
Suppose you have applied for two ddcs on one iis