Ask a Question

Advanced Search

Solution ID : SO6298

Last Modified : 05/20/2019

Installation Instructions for Citrix Secure Gateway on Windows


This document provides instructions for installing SSL Certificates into Citrix Secure Gateway using  IIS 7 Manager. If you are unable to use these instructions for your server, DigiCert recommends that you contact Citrix.

This solution contains two Methods to install your SSL Certificate:

Method 1: Installing the certificate received via e-mail.

Method 2 (recommended) : Installing the certificate downloaded from the Trust Center
Method 1: Download the SSL certificate sent via e-mail
The certificate will be sent via email. The certificate is embedded in the body of the email in plain text.
Copy the certificate text including the header and footer, example:

encoded text

Ensure there are no white spaces, extra line breaks or additional characters.
Use a plain text editor such as Notepad, paste the certificate text and save the file as SSL_certificate.crt


Download and Install the Intermediate CA certificate:
To download and install the Intermediate CA certificate follow the steps from this link: SO13415.


Method 2: Download the SSL certificate from the Trust Center
Download the certificate from the Trust Center by following the steps from this link:  SO8061


Step 2: Install Certificate:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. From the left menu, click the corresponding server name
  3. In the Features pane (middle pane), under Security, double-click Server Certificates
  4. From the Actions pane (right pane), select Complete Certificate Request
  5. Provide the location of the certificate file and the friendly name
    NOTE: Friendly name is a reference name for quick identification of the certificate for the Administrator 

    At this point the server may respond with one of the two known errors:

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267) 
    Click SO10035 for the resolution to this message


    Cannot find the certificate request associated with this certificate file. 
    A certificate request must be completed on the computer where it was created.

    Click SO12089 for the resolution to this message.

 In IIS7, you need to install the certificate and then bind the HTTPS protocol to the site

Step 3: Binding certificate to the web site:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. In the Actions pane, click Bindings.

  4. In the Site Bindings window scroll down, highlight HTTPS and click Remove.

    NOTE: If you wanted to secure traffic between IIS and Citrix Secure Gateway, edit the binding and change the port to 444 or some
    other non-well known TCP port. For best performance, it is only recommended to secure traffic when IIS and CSGare on different

  5. Click OK
Step 4: Configure Citrix Secure Gateway

         To configure Citrix Secure Gateway, perfom the steps from this link: SO17338 

Step 5:  Verify certificate installation:
  1. Verify your installation with the DigiCert SSL Tools.
  2. In some cases you may need to Stop and start your Web server prior to any testing. 
    NOTE: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.

Citrix Support
          For more information, refer to Citrix Support