NetScaler Gateway is now able to verify the validity of backend server certificates for any SSL connections made via a NetScaler Gateway virtual server. For instance, if a user clicks on a bookmark through a CVPN that links to an HTTPS website at the backend, the NetScaler will check the validity of the server certificate against the installed CA certificate. If the CA certificate is not present or the server certificate is not present, the user will receive an HTTP unauthorized message as the connection will be dropped.

Note: This feature is NOT enabled by default.

Instructions

1. First, ensure that any CA certificates have been bound to the NetScaler Gateway Virtual Server.

2. Enable Backend Server Certificate Validation globally through the GUI by clicking NetScaler Gateway > Global Settings> Change Global Settings:

3. On the Network Configuration tab, select 'Enabled' from the 'Backend Server Certificate Validation' field and click OK:

4. The command to enable this feature through the CLI is:
   set vpn parameter -backendcertValidation ENABLED