Ask a Question

Advanced Search

Solution ID : SO22359

Last Modified : 05/31/2019

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Citrix Secure Gateway


This document provides instructions for generating a Certificate Signing Request (CSR) for Citrix Secure Gateway using IIS7 Manager. If you are unable to use these instructions for your server, DigiCert recommends that you contact Citrix.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

To generate the Certificate Signing Request CSR for Microsoft IIS 7.0, perform the following steps:

NOTE: All certificates that will expire after December 2013 must have a 2048 bit key size.

  1. Choose Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. In the IIS Manager, choose your server name
  3. In the Features pane (the middle pane), double-click the Server Certificates option located under the Security heading.

  4. To begin the process of requesting a new certificate, from the Actions pane, choose Create Certificate Request option as shown below:

  5. The first screen of the wizard asks for details regarding the new site:

    All the fields need to be filled in. In order to fill in this form consider:
    • Common Name: The fully-qualified domain name to which your certificate will be issued.
    • Organization: The full legal name of your company.
    • Organizational Unit: Use this field to differentiate between divisions within an organization.
    • City or Locality: Usually the city of your organization's main office, or a main office for your organization.
    • State or Province: Enter the full name of your state or province. 
      Note: Make sure the State or Province is not abbreviated (e.g. California).
    • Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).


  1. Click Next to continue.
  2. The next screen of the wizard asks you to choose cryptography options. The default, Microsoft RSA SChannel Cryptography Provider is fine. Select a key-bit length of 2048. 

  3. Click Next to continue.
  4. Finally, provide a filename to which to save the certificate request.  You will need the contents of this file in the next step, so make sure you know where to find it. To change the location of where you wish to save the CSR, select the box with the 3 periods next to the file name.

  5. Verify your CSR
  6. Proceed with Enrolment. 
    NOTE: During the enrolment open the file you created from the above steps and copy the contents into the enrollment form 
    when requested for the CSR.

Once the certificate has been issued, follow the steps from this link to install the certificate on your server: SO22358