Ask a Question

Advanced Search

Solution ID : SO16516

Last Modified : 05/31/2019

Managed PKI for SSL - Installation Instructions for Citrix Access Gateway 4.x


This document provides installation instructions for Citrix Access Gateway 4.x. If you are not able to perform the steps on the server, DigiCert recommends to contact Citrix.

Step 1: Obtain the SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with
    a certificate download link, also attached (cert.cer), as well as in the body of the email itself.
  2. If copying from the body of the email, paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters.
    Confirm that there are no extra lines or spaces in the file.

    The text file should look like:

              [encoded data]
    -----END CERTIFICATE-----

    NOTE: Click here to download the certificate from your Managed PKI for SSL subscriber services page.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
  3. Save the certificate as public.txt.

Step 2: Install the SSL Certificate

  1. Click the Access Gateway Cluster tab.
  2. Under Administration, next to Upload a .crt signed certificate click Browse.

  3. Locate the .crt file that you have saved and click Open.
  4. After the upload is complete, click on the General Networking tab
  5. In External Public IP or FQDN, under Interface 0, type the IP address or FQDN for which the certificate was registered. 

Step 3:  Download the Root and Intermediate CA certificate

         NOTE: Ensure that the approriate Root and Intermediate CA certificates have been downloaded for your SSL product type.
         To check which certificate has been purchased, follow the steps from this link.

  1. Download the Root CA certificate for your SSL product under the Managed PKI for SSL section.
  2. Click on the Managed PKI for SSL tab.
    Select the Intermediate CA certificate based on your SSL certificate product.
  3. Open a Notepad and paste the Intermediate CAs in the following order:
    The Intermediate CA on the top, followed by the Root CA at the bottom.

    [Intermediate CA]
    -----END CERTIFICATE-----
    [Root CA]
    -----END CERTIFICATE-----
  4. Ensure that any additional characters or line breaks have been added
  5. Save the file as Intermediate.crt

Step 4:  Install the Root and the Intermediate CA on Citrix Access Gateway

  1. Click the Access Gateway Cluster tab.
  2. Under Administration, next to Manage trusted root certificates click Browse.

  3. Click Upload Trusted Root Certificate.
  4. Locate the Intermediate.crt file that you have saved in Step 3
  5. Click Open to complete installation.
  6. Verify your installation with the DigiCert Checker.

Citrix Support

         For more information refer to Citrix Support