Ask a Question

Advanced Search

Solution ID : SO22360

Last Modified : 05/18/2018

Managed PKI for SSL - Installation Instructions for Citrix Access Gateway 5.0


This document provides installation instructions for Citrix Access Gateway 5.0. If you are unable to use these instructions for your server, Symantec recommends that you contact the server vendor or the organization, which supports Citrix.

Step 1: Obtain and install  the SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with
    the Certificate attached (cert.cer), as well as in the body of the email itself.
  2. Copy the certificate, imbedded in the body of the email and paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters.
    Confirm that there are no extra lines or spaces in the file.

    The text file should look like:


              [encoded data]

    -----END CERTIFICATE-----

    NOTE: To download the certificate from your Managed PKI for SSL subscriber services page, see solution SO6621
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
  3. Save the certificate as public.txt

Step 2:  Download and install the Intermediate CA Certificate 

  1. Download the Intermediate CA certificate from this link: INFO657
  2. Click on Managed PKI for SSL tab, click on the appropriate link for your SSL Certificate. 
    For example, if you are installing a Premium SSL Certificate, click the Premium Intermediate CA Certificate link.
    NOTE: If you are not sure which certificate you have purchased, follow the steps from this link: SO22021
  3. Copy the Intermediate CA certificate and paste it on a Notepad.
  4. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  5. Save ther file as Intermediate.pem
  6. In the Access Gateway Management Console, click Certificates.

  7. Click Import and then select Trusted (.pem).
  8. In Select file to upload, navigate to the Intermediate.pem file and then click Open.
    When you install an intermediate certificate on Access Gateway, you do not need to specify the private key or a password.
    After the certificate is installed on the appliance, the certificate needs to be linked to the server certificate.

Step 3: Link an Intermediate CA certificates to a SSL server certificate

  1. In the Access Gateway Management Console, click Certificates.
  2. In the Certificates table, select the server certificate to which you want to link an intermediate certificate and then click Add to Chain.

  3. In the dialog box that opens, select a certificate and then click Add for each certificate that you want to add to the chain.
  4. When you are finished building the certificate chain, click Close.

Citrix Support

         For more information refer to Citrix Access Gateway appliance 5.0 product documentation