Complete the steps mention in Citrix eDocs - Configuring Client Certificate Authentication and then complete the following additional steps:

1. Import and install the root and any intermediate certificates from the CA that issued the client certificate.

2. Bind the root and any intermediate certificates to the virtual server that you are hitting first, or the AAA virtual server if one is being used.

   Notes:

   • For Internet Explorer, the default browser settings do not prompt for a certificate if only one is present. To change this, go to Internet Options >Security > Custom Level and choose the Don't prompt for client certificate selection when only one certificate exists radio button.

   • For Firefox, the client certificate will need to be imported through the Tools > Options > Advanced > View Certificates section of the Your Certificates tab. Certificates imported into Firefox MUST be in the PKCS12 format.

   • For Internet Explorer the certificate needs to be imported into the personal certificate store. There are multiple ways to achieve this, but the easiest way is through Internet Options > Content > Certificates > Personal Store and choose Import from here.