Ask a Question

Advanced Search

Solution ID : SO22357

Last Modified : 05/31/2019

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Citrix Access Gateway 8.0


This document provides generation instructions for Citrix Access Gateway 8.0. If you are not able to perform the steps on the server, DigiCert recommends to contact the server vendor.

NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

To generate a CSR using Access Gatway 8.0 Appliance, follow the steps bellow:

  1. In the GUI configuration tool, go to SSL > CA Tools.
  2. Click Create RSA Key in the right pane (do not use the <Certificate wizard> link shown on the SSL page).
  3. Enter the Key Filename e.g. filename.key.
  4. The Key Size must be at least 2048 bits.
  5. Keep PEM as the key format and select DES3 for the PEM encoding algorithm.
  6. Enter the PEM passphrase to protect the private key. Click Create and then Close.

  7. Click Create Certificate Request on the CA Tools page. Type e.g. filename.csr for the request file name and filename.key for the key file name. Re-enter the PEM passphrase you created in the previous step.
  8. Fill out the distinguished name fields:

  • In Common name type the host name or the fully qualified domain name (FQDN) of the appliance as it appears on the Networking panel.
  • In Email address (optional) type the email address for the contact person at your company.
  • In Organization name type the name of your company or organization.
  • In Organizational unit type the name of the department that will use the certificate.
  • In City type the name of the city in which your company or organization is located.
  • In State or Province type the full name of the state or province where your company is located.
  • In Country select the country, where the organization is registered.


  1. Click Create and then click Close.
  2. The filename.csr file now resides on the appliance in the /nsconfig/ssl directory. This file can then be transferred to a workstation.
    Use WinSCP or any other secure FTP client to connect to the Access Gateway. Log on as nsroot.
  3. Verify your CSR
  4. Proceed with Enrolment and paste the the CSR in the enrolment form when required.

Once the SSL certificate has been issued, follow the steps from this link to install it on the server.

Citrix Access Gateway

         This solution is referenced from the Citrix Support