Ask a Question

Advanced Search

Solution ID : SO22538

Last Modified : 04/26/2019

Certificate Signing Request (CSR) Generation Instructions for Citrix Access Gateway 8


This document provides generation instructions for Citrix Access Gateway 8.0. If this document can not be used on the server, RapidSSL recommends contacting the server vendor.

NOTE:  As of 1/1/2016 all public SSL certificates must be issued as SHA-256 with at least a 2048-bit key length.  Please ensure the server can support the standards before requesting a certificate.

To generate a CSR using Access Gateway 8.0 Appliance, follow the steps bellow:

  1. In the GUI configuration tool, go to SSL > CA Tools.
  2. Click Create RSA Key in the right pane .

    NOTE: Do not use the <Certificate wizard> link shown on the SSL page).
  3. Enter the Key Filename.
  4. The Key Size must be at least 2048 bits.
  5. Keep PEM as the key format and select DES3 for the PEM Encoding Algorithm.
  6. Enter the PEM passphrase to protect the private key. Click Create and then Close.

  7. Click Create Certificate Request on the CA Tools page. Enter the file name for the request, provide the file name of the Key created in the previous step, along with the passphrase.
  8. Fill out the distinguished name fields:

    Common name: Enter the fully qualified domain name (FQDN) of the appliance
    Email address: Not recommended.  Enter an email address only if the wizard will not continue without providing an email address.
    Organization Name: Enter the organization.
    Organizational Unit: Enter the department that will use the certificate.
    City: Enter the name of the city in which the organization is located.
    State/Province Name: Enter full name of the state or province where the organization is located.
    Country Name: Select the country, where the organization is registered.
  9. Click Create and then click Close.
  10. The [filename.csr] file now resides on the appliance in the /nsconfig/ssl directory.  This file can then be transferred to a workstation. Use WinSCP or any other secure FTP client to connect to the Access Gateway. Log on as nsroot.
  11. Verify your CSR
  12. Proceed with Enrolment and paste the the CSR in the enrolment form when required.

Once the SSL certificate has been issued, refer to this link for installation instructions.