There are two certificates on the License Server.

Path : C:\Program Files (x86)\Citrix\Licensing\WebServicesForLicensing\Apache\conf  (Used by the Web Service that Studio connects to).
Path : C:\Program Files (x86)\Citrix\Licensing\LS\conf (Used for the License Administration page).

•  Take back up of the Certificates. 
•  Delete the Certificates which has got expired. 
•  Generate a new Self Signed Certificate following the steps mentioned below.
   

Step 1, Method 1 - Obtain the .pfx file using a domain certificate

Log on to a server in the domain, open the MMC, and follow these steps:

1. Create a directory c:\ls_cert to hold the exported .pfx file.
2. Add the Certificate snap-in by selecting File > Add/Remove Snap-in > Certificates > Computer account > Local computer.
3. In the left pane under Certificates, right-click Personal and choose All Tasks > Request New Certificate, and then Next.
4. In the Certificate Enrollment Policy wizard, choose Active Directory Enrollment Policy, and then Next. Select the check box next to Computer, and select Details to the right.
5. Select Properties and on the General tab, type a friendly name and description.
6. On the Subject tab, under Subject Type, choose Common name from the Type drop-down menu. Type a friendly name in the text box, choose Add, and then Apply.
7. On the Extensions tab, choose Key usage from the drop-down menu, add Digital signature and Key encipherment to the Selected options box.
8. On the Extended Key Usage drop-down menu, add Server Authentication and Client Authentication to the Selected options box.
9. On the Private Key tab and under the Key options drop-down menu, ensure that the Key size is 2048. Select the Key Exportable check box, and then Apply.
10. On the Certification Authority tab, ensure that the CA check box is selected, and then OK > Enroll > Finish.
11. In the Certificates console, select Personal > Certificates, choose the certificate you built. Select All Tasks > Export > Next, and select the Yes, Export the Private Key radio button, and then Next.
12. Under Personal Information Exchange - PKCS #12(.PFX), select the check box to include all certificates, choose Next, create a password, and choose Next.
13. Click Browse, navigate to C:\ls_cert and type server.PFX, and then follow the wizard to finish.

Step 1, Method 2 - Obtain the .pfx file sending a request to a Certificate Authority (CA)

These steps might vary based on your Certificate Authority.

1. Log on to the License Server, open the MMC, and follow these steps:
   1. Add the Certificate snap-in by selecting File > Add/Remove Snap-in > Certificates > Computer account > Local computer.
   2. In the left pane under Certificates, right-click Personal and choose All Tasks > Advance Operations > Create Custom Request, and then Next.
   3. In the Certificate Enrollment Policy wizard, choose Proceed without enrollment policy under Custom Request, and then Next.
   4. On the Custom request screen, choose (No template) CNG key from the drop-down menu and PKCS#10 for the Request format, and then Next.
   5. On the Certificate Information screen, choose Details and then Properties.
   6. On the General tab, type a friendly name and description.
   7. On the Subject tab, under Subject name, choose Common name, and type a value in the text box.
   8. On the Extensions tab, choose Key usage from the drop-down menu, add Digital signature and Key encipherment.
   9. On the Extensions tab, choose Extended Key usage from the drop-down menu, add Server Authenticationand Client Authentication.
   10. On the Private Key tab, under Cryptographic Service Provider, choose RSA, Microsoft Software Key Storage Provider (the default). From the Key options drop-down menu, ensure that the key size is 2048, select the Key Exportable check box, and then Apply.
   11. Save the file to a .req file, submit the .req file to a Certificate Authority (CA), and save the .cer file.
2. In the MMC, under Certificates, right-click Personal and choose All Tasks > Import. In the Import wizard, select the .cer file.
3. Create a directory c:\ls_cert to hold the exported .pfx file.
4. In the Certificates console, choose Personal > Certificates, and choose the certificate you imported. Select All Tasks > Export > Next, and select the Yes, Export the Private Key radio button and Next.
5. Under Personal Information Exchange - PKCS #12(.PFX), select the check box to include all certificates, choose Next, create a password, and then choose Next.
6. Choose Browse, navigate to C:\ls_cert and type server.PFX, and then follow the wizard to finish.

Step 2 - Extract the certificate and private key

This step requires OpenSSL or another tool that allows you to extract the certificate and private key from a .pfx file.

Important:

The version of OpenSSL shipped with the License Server does not support extracting certificates and private keys. For information about downloading OpenSSL, go to www.openssl.org. Citrix recommends installing OpenSSL on a separate workstation to perform these steps:

1. Navigate to the <openssl directory>\bin folder.

2. Run openssl pkcs12 -in C:\ls_cert\server.pfx -out server.crt -nokeys

   Note: The License Server uses only the .crt certificate format.

3. Type the password created during the export process (password).
4. Run openssl pkcs12 -in C:\ls_cert\server.pfx -out server.key -nocerts -nodes
5. Type the password created during the export process (password).

Step 3 - Install the .crt and .key files on the License Server

Windows - Web Services for Licensing:

1. Copy the server.crt and server.key created earlier in this procedure to cd \program files (x86)\citrix\licensing\WebServicesForLicensing\Apache\conf\.
2. Restart the Citrix Web Services for Licensing service.

Windows - License Administration Console:

1. Copy the server.crt and server.key created earlier in this procedure to c:\Program Files (x86)\Citrix\Licensing\LS\conf.
2. Restart the Citrix Licensing service.

Problem Cause