Ask a Question

Advanced Search

Solution ID : SO22540

Last Modified : 05/02/2018

Intermediate Certificate Authority (CA) Installation Instructions for Citrix Access Gateway 8.0 Enterprise Edition


The SSL certificates are signed by an Intermediate CA using a two-tier hierarchy, which enhances the security of your SSL Certificate.
If the proper Intermediate CA is not installed on the server, your customers will see browser errors and may choose not to proceed further and close their browser.

NOTE: The Intermediate CA 

  • Supplies the necessary chaining to a trusted root in an SSL connection.
  • Must be installed on the server acting as a chain link between the browser root and server certificate.
  • Does not control encryption step-up. This function is controlled by the server software.

Step 1.  Download the Root and Intermediate CA Certificate

  1. Download the Root CA certificate for your SSL product from this link:  SO20329 
  2.  Download the Intermediate CA certificate from this link: INFO158
  3.  Under Separate Intermediate CAs (x.509) column select the Intermediate CA certificate based on your SSL certificate product.
  4. Paste the Intermediate CA and the Root CA on a Notepad in the following order: 
    The Intermediate CA on the top, followed by the Root CA at the bottom.

            -----BEGIN CERTIFICATE-----
                 [ Intermediate CA]
           -----END CERTIFICATE-----
           -----BEGIN CERTIFICATE-----
                        [Root CA]
           -----END CERTIFICATE-----

  1. Ensure that any additional characters or line breaks have been added
  2. Save ther file as Intermediate.crt

Step 2. Install the Root and the Intermediate CA certificates
  1.  Using WinSCP transfer the intermediate certificate to the /nsconfig/ssl directory
  2.  Log in to the Configuration utility of the appliance.
  3.  Expand the SSL node.
  4.  Click Certificates.
  5.  On the SSL Certificates page, click Add.
  6.  Specify the appropriate values in the various fields of the Install Certificate dialog box. 
    The following screenshot displays the sample values for your reference:


  1. Click Install.
  2.  On the Certificates page, select the server certificate to which you want to link the intermediate certificate.
  3. Click Link.


  1. From the CA Certificate Name list, select the required intermediate certificate, as shown in the following screenshot:


  1. Verify the installation of the certificate chain using our RapidSSL SSL Installation Checker

Citrix Support

           For more information refer to Citrix Support