This document provides installation instructions for Citrix Secure Gateway 8. If you are unable to use these instructions for your server, Symantec recommends that you contact Citrix.
Step 1. Obtain the SSL Certificate
Download the certificate from the Symantec Trust Center by following the steps from this link: SO8061
When downloading the certificate select Apache as the server platform and HTTP as the server version.
FOR PARTNERS/RESELLERS: The Symantec certificate will be sent by email.Copy and paste the certificate into a text file using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters.
The text file should look like:
Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
Save the file as ssl_certificate.crt
NOTE: It is recommended to use the same filename you have given to the Private Key when you generated the CSR for this certificate.
Step 2. Install the SSL Certificate
- Using WinSCP or any other secure FTP client, connect to the Access Gateway and log on as nsroot.
- Upload the agee.cer file to the /nsconfig/ssl directory
- In the GUI configuration manager, go to SSL > Certificates and click Add.
- In the Certificate-Key Pair Name field, type a descriptive name for this certificate entity, for example: access.symantec.com
- For File Location select the Remote System radio button.
- For Certificate Filename, click Browse and locate the ssl_certificate.crt file you obtained in Step 1
- For the Key Filename browse to the corresponding Private Key and enter the PEM passphrase
- Keep PEM selected as the format.
- Click Install and then Close.
- After a few seconds, the certificate entity should appear in the background. Click Close. Your certificate can now be used.
Step 3. Download the Root and Intermediate CA Certificate
NOTE: The Intermediate CA file will be included with the certificate when downloaded from the Symantec Trust Center in step 1.
- Download the Root CA certificate for your SSL product from this link: SO4785
For Partners/Reseller: Download the Intermediate CA certificate from this link: INFO657
Open a Notepad and paste the Intermediate CA and the Root CA in the following order:
The Intermediate CA certificate on the top, followed by the Root CA at the bottom.
Ensure that any additional characters or line breaks have been added
Save ther file as Intermediate.crt
Step 4. Install the Root and the Intermediate CA certificates
- Using WinSCP transfer the intermediate certificate to the /nsconfig/ssl directory
- Log in to the Configuration utility of the appliance.
- Expand the SSL node.
- Click Certificates.
- On the SSL Certificates page, click Add.
- Specify the appropriate values in the various fields of the Install Certificate dialog box. The following screenshot displays the sample values for your reference:
- Click Install.
- On the SSL Certificates page, select the server certificate to which you want to link the intermediate certificate.
NOTE: Link the server certificate to the Intermediate CA certificate.
- Click Link.
- From the CA Certificate Name list, select the required intermediate certificate, as shown in the following screenshot:
- Verify the certificate installation using the DigiCert Installation Checker
This solution is referenced from the Citrix Support