Ask a Question

Advanced Search

Solution ID : SO25714

Last Modified : 12/24/2018

Installation Instructions for Citrix Secure Gateway on Windows


This document provides instructions for installing SSL certificate into Citrix Secure Gateway using Microsoft IIS 7.0.

Step 1:  Download the SSL Certificate

  1. Download your certificate from the unique secure link we provide your technical contact via order fulfillment email.
  2. The ZIP file you download contain the SSL and Intermediate CA certificate in PKCS#7 file (i.e. ssl_certificate.p7b).
  3. Unzip the files onto the server where you will install the certificate. 

Step 2: Install the SSL Certificate

  1. In Windows, click Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. From the left menu, click the corresponding server name.
  3. In the Features pane (middle pane), under Security, double-click Server Certificates.
  4. From the Actions pane (right pane), select Complete Certificate Request.
  5. Provide the location of the End Entity certificate file (i.e. ssl_certificate.p7b, as described in Step 1) and the friendly name.
    NOTE: Friendly name is a reference name you provide to make it easier to identify the certificate.

    At this point the server may respond with one of the two known errors:

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267) 
    Click SO11614 for the resolution to this message


    Cannot find the certificate request associated with this certificate file. 
    A certificate request must be completed on the computer where it was created.

    Click SO16340 for the resolution to this message.
If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Citrix Secure Gateway.
Step 3: Assign the Certificate to Citrix Secure Gateway
Once the certificate has been installed on the server, you must assign it to the Citrix Secure Gateway. This is done through the Secure Gateway Management Console and not through the bindings in IIS 7.  Assigning the SSL certificate to the bindings in IIS 7 may take your Citrix website offline.

NOTE: Upon completion of this process, you will need to restart your Citrix Secure Gateway.  This will take you Citrix website offline for a minute or so.
  1. In Windows, click Start > All Programs > Click Citrix folder.
  2. In the Citrix folder, click Management Consoles > Secure Gateway Management Console > Secure Gateway Configuration.
  3. On the welcome screen, click OK.
  4. Select the Standard radio button. Click Next.
    NOTE: If you are unsure which certificate to assign or you have more than one, you can highlight a certificate and click on the View button.  This will open a window that contains all of the certificate details for you to compare.
  5. The TCP port should be 443 by default. Click Next.
  6. On the No outbound traffic screen, the radio button is selected by default.  Unless you have a specific configuration, leave it selected and and click Next.
  7. On the Servers running the STA screen, make any necessary changes and click Next.
  8. On the next screen, the Indirect radio button is selected and TCP port is set to 80 by default. Click Next.
  9. On the Logging Parameters screen, select a logging option from the list. Click Next.
On the Secure Gateway configuration complete screen, make sure that the Restart Secure Gateway check box is selected and click Finish.  This will restart your Citrix Secure Gateway. The wizard will close once the Secure Gateway is back online.
Step 4: Verify certificate installation
  1. To verify if your certificate is installed correctly, use the Thawte Installation Checker

For more information, refer to Citrix Support website.