Installation Instructions for Citrix Secure Gateway on Windows

Solution ID:    SO6298    Updated:    06/19/2017

Solution

 
This document provides instructions for installing SSL Certificates into Citrix Secure Gateway using  IIS 7 Manager. If you are unable to use these instructions for your server, Symantec recommends that you contact Citrix.

 
This solution contains two Methods to install your SSL Certificate:

Method 1: Installing the certificate received via e-mail.

Method 2 (recommended) : Installing the certificate downloaded from the Symantec Trust Center
 
 
Method 1: Download the SSL certificate sent via e-mail
 
The certificate will be sent via email. The certificate is embedded in the body of the email in plain text.
Copy the certificate text including the header and footer, example:
 
-----BEGIN CERTIFICATE-----

encoded text

-----END CERTIFICATE-----
 
Ensure there are no white spaces, extra line breaks or additional characters.
Use a plain text editor such as Notepad, paste the certificate text and save the file as SSL_certificate.crt

 

Download and Install the Intermediate CA certificate:
To download and install the Intermediate CA certificate follow the steps from this link: SO13415.

 


Method 2: Download the SSL certificate from the Symantec Trust Center
Download the certificate from Symantec Trust Center by following the steps from this link: SO8061
        

 

Step 2: Install Certificate:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. From the left menu, click the corresponding server name
  3. In the Features pane (middle pane), under Security, double-click Server Certificates
  4. From the Actions pane (right pane), select Complete Certificate Request
  5. Provide the location of the certificate file and the friendly name
    NOTE: Friendly name is a reference name for quick identification of the certificate for the Administrator 

    At this point the server may respond with one of the two known errors:

    CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267) 
    Click SO10035 for the resolution to this message

                                     or

    Cannot find the certificate request associated with this certificate file. 
    A certificate request must be completed on the computer where it was created.

    Click SO12089 for the resolution to this message.
     

 In IIS7, you need to install the certificate and then bind the HTTPS protocol to the site


Step 3: Binding certificate to the web site:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your server name > Sites > Your SSL-based site
  3. In the Actions pane, click Bindings.


     
  4. In the Site Bindings window scroll down, highlight HTTPS and click Remove.

    NOTE: If you wanted to secure traffic between IIS and Citrix Secure Gateway, edit the binding and change the port to 444 or some
    other non-well known TCP port. For best performance, it is only recommended to secure traffic when IIS and CSGare on different
    servers



     
  5. Click OK
     
Step 4: Configure Citrix Secure Gateway
 

         To configure Citrix Secure Gateway, perfom the steps from this link: SO17338 
 

Step 5:  Verify certificate installation:
 
  1. Verify your installation with the Symantec Installation Checker
  2. In some cases you may need to Stop and start your Web server prior to any testing. 
    NOTE: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.

Citrix Support
 
          For more information, refer to Citrix Support 


 

Legacy ID

vs42617

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers