+ Post New Thread
Results 1 to 12 of 12
Thin Client and Virtual Machines Thread, Renew Citrix Security Certificate in Technical; Does anyone know how we install a renewed Citrix security certificate on to the CAG? Users can login fine to ...
  1. #1

    Join Date
    Jan 2008
    Location
    London
    Posts
    43
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Renew Citrix Security Certificate

    Does anyone know how we install a renewed Citrix security certificate on to the CAG?

    Users can login fine to our Citrix website but when they click on a desktop they get the following error message:

    SSL Error 70: The server sent an expired security certificate

    We have the renewed security certificate in a .cer format on one of the Citrix servers. Any help would be great.

  2. #2

    Join Date
    Mar 2006
    Location
    Derbyshire
    Posts
    50
    Thank Post
    19
    Thanked 15 Times in 14 Posts
    Rep Power
    19
    Through a web browser navigate to the IP address of the GAG http://<youripaddress>:9001 and install the the Citrix Access Gateway Admin Tool. The SSL certificate is uploaded via this interface.

  3. #3

    Join Date
    Jan 2008
    Location
    London
    Posts
    43
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We already have the Citrix Access Gateway Admin Tool installed. Where do we go from there?

  4. #4


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    IIRC You can add it in IIS management, default site

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    you might also need to add it to the certificates mmc - under Local computer account>personal> certificates for the CAG to pick it up....

  6. #6

    Join Date
    Mar 2006
    Location
    Derbyshire
    Posts
    50
    Thank Post
    19
    Thanked 15 Times in 14 Posts
    Rep Power
    19
    Click on the Administration Tab in the admin tool and upload a crt signed certificate.

  7. #7


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by bigjb View Post
    Click on the Administration Tab in the admin tool and upload a crt signed certificate.
    I think we must be using different versions - I'm CAG 3.2.0 and don't see Administration Tab at all.

  8. #8

    Join Date
    Mar 2006
    Location
    Derbyshire
    Posts
    50
    Thank Post
    19
    Thanked 15 Times in 14 Posts
    Rep Power
    19
    yep we are using 4.5.8.

  9. #9

    Join Date
    Jan 2008
    Location
    London
    Posts
    43
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ok this is strange. I checked the mms console and it appears that the old certificate is in fact there. However, when i add the new certificate I don't get our website address in the "issued to" section like we previously had (instead I get Verisign appear). Is this normal?

    The other thing is the old certificate only appears to show im the mms console and nowhere else. Not in IIS or on the Gateway Access Management console. Is this normal?

  10. #10


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I'm pretty sure that this is what I followed, then the certificate appeared in CAG

    How To: Install and Configure Citrix Web Interface 4.6 and Citrix Secure Gateway on the same server (Part 1)

  11. #11

    Join Date
    Sep 2007
    Location
    Newark On Trent
    Posts
    28
    Thank Post
    0
    Thanked 8 Times in 3 Posts
    Rep Power
    16
    Citrix Secure Gateway is a Windows application, Citrix Access Gateway (CAG) is an appliance; the process for updating the SSL certificate differs.

    The CAG's (new) certificate can be uploaded via a browser on port 9001, it must be in PEM format and have a password.
    A PEM format file contains both a certificate and a key that relates to that certificate, you can produce such a file by exporting the certificate and key from a windows server using the certificate mmc snapin.

  12. #12

    Join Date
    Sep 2007
    Location
    Newark On Trent
    Posts
    28
    Thank Post
    0
    Thanked 8 Times in 3 Posts
    Rep Power
    16
    If you have a Linux server available then a PEM file can be created using OpenSSL.

    What you actually need the mmc snapin or OpenSSL for is to password the key, if it is already passworded then copying and pasting the certificate and key into the same file will usually work fine.
    The CAG will not accept the PEM file unless the key has a password.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 17th November 2010, 06:05 PM
  2. [Hosting] Will users get a security alert if I change SSL certificate
    By ronanian in forum Web Development
    Replies: 3
    Last Post: 21st July 2010, 01:38 PM
  3. Importing a root certificate for Citrix Java Client
    By Ric_ in forum Thin Client and Virtual Machines
    Replies: 0
    Last Post: 26th March 2010, 09:13 AM
  4. 24hrschool - renew certificate
    By Tilda in forum How do you do....it?
    Replies: 0
    Last Post: 8th September 2008, 12:06 AM
  5. renew exchange certificate
    By browolf in forum Windows
    Replies: 2
    Last Post: 24th June 2008, 03:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •