Ask a Question

Solution ID : SO22412

Last Modified : 05/02/2018

Installation instructions for Citrix Access Gateway 8.0

Solution


This document provides installation instructions for Citrix Secure Gateway 8. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Citrix.

Step 1. Obtain the SSL Certificate

    1.    The RapidSSL certificate will be sent by email.
    2.    Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

            The text file should look like:

            -----BEGIN CERTIFICATE-----

                      [encoded data]

            -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.

           NOTE: The certificate can be also downloaded from the RapidSSL User Portal by
           following the steps from this link
: SO16222

           Please select X.509 as a certificate format and copy only the End Entity Certificate.
 
    4.    Save certificate filename with the .txt or .crt extension. For example: public.txt  or public.crt


Step 2. Install the SSL Certificate

    1.    Using WinSCP or any other secure FTP client, connect to the Access Gateway 
           and log on as nsroot.
    2.    Upload the agee.cer file to the /nsconfig/ssl directory
    3.    In the GUI configuration manager, go to SSL > Certificates and click Add.

           
 

    4.    In the Certificate-Key Pair Name field, type a descriptive name for this certificate entity,
           for example: access.company.com
    5.    For File Location select the Remote System radio button.
    6.    For Certificate Filename, click Browse and locate the filename.cer file you obtained in Step 1 
    7.    For the Key Filename browse to the corresponding Private Key and enter the PEM passphrase
 
   8.    Keep PEM selected as the format.
    9.    Click Install and then Close.
  10.    After a few seconds, the certificate entity should appear in the background. Click Close. 
           Your certificate can now be used.
 

Step 3.  Download the Root and Intermediate CA Certificate

    1.    Download the Root certificate for your SSL certificate from this link: SO20329
    2.    Download the Intermediate CA certificate from this link: AR1548
    3.    Paste the Root and Intermediate CA certificates to a Notepad document in the following order:
           The Intermediate CA certificate on the top, followed by the Root certificate at the bottom.

           -----BEGIN CERTIFICATE-----
                  [Intermediate CA]
           -----END CERTIFICATE-----
           -----BEGIN CERTIFICATE-----
                       [Root CA]
           -----END CERTIFICATE-----

    5.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.
    6.    Save the file as intermediate_root.txt

         
Step 4. Install the Root and the Intermediate CA Certificate

    1.    Using WinSCP transfer the intermediate certificate to the /nsconfig/ssl directory
    2.    Log in to the Configuration utility of the appliance.
    3.    Expand the SSL node.
    4.    Click Certificates.
    5.    On the SSL Certificates page, click Add.
    6.    Specify the appropriate values in the various fields of the Install Certificate dialog box.

           The following screenshot displays the sample values for your reference:

           


    7.    Click Install.
  
  8.    On the SSL Certificates page, select the server certificate to which you want to link
           the Intermediate CA certificate.
    9.    Click Link.

          


  10.    From the CA Certificate Name list, select the required Intermediate CA certificate, as shown in the
           following screenshot:

            


  11.    Verify the certificate installation using the RapidSSL Installation Checker.
 

Citrix Support

           This solution is referenced from the Citrix Support