Citrix.com / Support
Citrix
Include legacy content
Self-help Resources
Alerts
Contact Support

How to Install an Intermediate Certificate on Access Gateway Enterprise Edition Appliance

  • CTX114146
  • Created onApr 22, 2014
  • Updated onApr 22, 2014
Article Topic Licensing
See Applicable Products

Objective

This article contains information about installing an intermediate certificate on an Access Gateway Enterprise Edition appliance.

Requirements

Experience in installing and binding a certificate-key pair to a virtual server (VServer) on an Access Gateway appliance would be helpful in performing this task. Refer to the Knowledge Center article CTX112724 – Citrix Access Gateway Enterprise Edition Administrator's Guide for detailed instruction about installing and binding certificate-key pair the a VServer.

Background

Many Certificate Authorities (CAs) such as VeriSign, use a complex certificate hierarchy. This means that the certificates form a chain similar to the following:

Root CA 
| 
+----------- Intermediate CA 
| 
+----------------------- End-Entity (Server) Certificate

If the intermediate certificates are not included in the key store of the clients, then Web browser of the clients accessing the Access Gateway appliance might display a warning message stating that the certificate presented by the device they are accessing is not trusted. You can overcome this issue by configuring the Access Gateway appliance to present the intermediate certificates along with the server certificate during the Secure Socket Layer (SSL) handshake process.

In case of some Certificate Authorities, the Intermediate CA has been split into a Primary and Secondary Intermediate CA. If this is the case, then the certificates form a chain similar to the following:

Root CA 
| 
+------ Primary Intermediate CA 
|+-------------- Secondary Intermediate CA 
| 
+----------------------- End-Entity (Server) Certificate

Instructions

To install an intermediate certificate on an Access Gateway Enterprise Edition appliance, complete the following procedure:

  1. Using a secure file transfer utility such as WinSCP, transfer the intermediate certificate to the /nsconfig/ssl directory of the Access Gateway Enterprise Edition appliance.

  2. Log on to the Configuration utility of the appliance.

  3. Expand the SSL node.

  4. Click Certificates.

  5. On the SSL Certificates page, click Add.

  6. Specify the appropriate values in the various fields of the Install Certificate dialog box. The following screenshot displays the sample values for your reference:

    User-added image

  7. Click Install.

  8. On the SSL Certificates page, select the server certificate to which you want to link the intermediate certificate.

  9. If there are both primary and secondary intermediate certificates, link the server certificate to the secondary intermediate certificate. The secondary intermediate certificate later needs to be linked to the primary intermediate certificate.

  10. Click Link.

  11. From the CA Certificate Name list, select the required intermediate certificate, as shown in the following screen shot:

    User-added image

    User-added image

  12. Click OK.

To install an intermediate certificate from the command line interface of an Access Gateway Enterprise Edition appliance, complete the following procedure:

  1. Using a secure file transfer utility, such as WinSCP, transfer the intermediate certificate to the /nsconfig/ssl directory of the Access Gateway Enterprise Edition appliance.

  2. Connect to the appliance by using an SSH utility.

  3. Run the following command to add the certificate:
    add ssl certkey <Certificate_Name> –cert <Cert_File_Name>

  4. Run the following command to link the signed server certificate to the intermediate certificate:
    link ssl certKey <Server_Certificate_Name> <Intermediate_Certificate_Name>

Additional Resources

You can download WinSCP from http://winscp.net/eng/download.php.

Applicable Products

Automatic translation

Important: Non-English versions of this article are translated by an automatic translation system (also referred to as Machine Translation, or MT) and have not been translated or reviewed by a person. Citrix offers a machine translated version of this article to allow for greater access to the support content. However, automatic translation is not always perfect and may contain vocabulary, syntax or grammar errors. Citrix is not responsible for inconsistencies, errors or damage incurred as a result of the use of machine translated articles. Thank you.

Traduction automatique

Important : cet article a été traduit par un système de traduction automatique (également appelé Traduction automatique ou TA) et n'a pas été vérifié par des spécialistes. Citrix propose une traduction automatique de cet article afin de permettre à toute personne ne maîtrisant pas l'anglais d'accéder au contenu de l'assistance. Toutefois, la traduction automatique n'étant pas parfaite, elle peut contenir des erreurs de terminologie, de syntaxe ou de grammaire. Citrix n'est pas responsable des incohérences, erreurs ou dommages pouvant résulter de l'utilisation par nos clients d'articles TA.

Automatische vertaling

Belangrijk: Dit artikel is vertaald door een automatisch vertalingssysteem (ook Machine Translation of MT genoemd) en is niet vertaald of beoordeeld door mensen. Citrix biedt een machine-vertaalde versie van dit artikel aan om een betere toegang mogelijk te maken tot de support-inhoud. Automatisch vertalen werkt echter niet altijd perfect en het resultaat kan fouten bevatten in de woordkeuze, syntaxis of grammatica. Citrix is niet verantwoordelijk voor inconsistenties, fouten of schade als gevolg van het gebruik van MT-artikelen door onze klanten.

Maschinelle Übersetzung

Wichtig: Dieser Artikel wurde mit einem maschinellen Übersetzungssystem und ohne jegliche Bearbeitung durch Personen übersetzt. Citrix bietet maschinelle Übersetzungen von Artikeln an, damit Benutzer umfassenden Zugriff auf Support-Inhalte haben. Maschinelle Übersetzungen enthalten jedoch möglicherweise Fehler in Bezug auf Terminologie, Syntax und Grammatik. Citrix übernimmt keine Verantwortung für Inkonsistenzen, Fehler oder Schäden, die aus der Verwendung von maschinell übersetzten Artikeln durch Kunden resultieren.

自动翻译

重要提示:本文是由自动翻译系统翻译完成的(也称为“机器翻译”或 MT),未经人工翻译或审查。Citrix 提供本文的机器翻译版本是为了方便更多人访问支持内容。然而,自动翻译的文章并不总是完美的,可能存在词汇、语法或文法方面的错误。对于因客户使用机器翻译文章导致出现的不一致、错误或损害,Citrix 不承担任何责任。

機械翻訳

重要:この技術情報資料は機械翻訳システム(自動翻訳あるいはMTとも呼ぶ)により翻訳され、翻訳者により翻訳またはレビューされたものではありません。サポート用資料をより参照しやすくするため、Citrixはこの技術文書の機械翻訳バージョンを提供しています。しかしながら、機械翻訳の品質は翻訳者による翻訳ほど十分ではありません。誤訳や、文法、言葉使い、そのほか、たとえば日本語を母国語としない方が日本語を話すときに間違えるようなミスを含んでいる可能性があります。機械翻訳の品質、および技術情報資料の内容の誤訳やお客様が技術情報資料を利用されたことによって生じた直接または間接的な問題や損害については、いかなる責任も負わないものとします。

Tradução automática

Importante: este artigo foi traduzido por um sistema de tradução automática (também conhecido por Machine Translation ou MT) e não foi traduzido nem revisado por pessoas. A Citrix oferece uma versão traduzida por máquina deste artigo para permitir maior acesso ao conteúdo de suporte. No entanto, a tradução automática não é sempre perfeita, podendo conter erros de vocabulário, sintaxe ou gramática. A Citrix não se responsabiliza por inconsistências, erros ou danos incorridos como resultado do uso de artigos de MT de nossos clientes.

Traducción automática

Importante: Este artículo ha sido traducido por un sistema de Traducción automática (también llamada MT o Machine Translation) sin intervención de un traductor humano. Citrix ofrece la traducción automática de este artículo para ampliar el acceso a la información de asistencia técnica. No obstante, la traducción automática no es perfecta y puede contener errores de vocabulario, sintaxis y gramática. Citrix no se hace responsable de cualquier imprecisión, error o daño ocasionados por el uso que hagan nuestros clientes de los artículos traducidos automáticamente.
Languages
print
Was this helpful?
Thank you for your feedback

Share your comments or find out more about this topic

Citrix Forums