Help setting up a Citrix Access Gateway with Advanced Access Control

Posted on 2006-11-30
Last Modified: 2012-06-21
We have just purchased a Citrix Access gateway (CAG) and bought the Advances Access Control (AAC)

Both are installed fine and now I have got to the part where I need to install the cetificates on both servers for SSL and I am getting a bit stuck.

So far I have installed a standard SSL Web Certificate from our internal CA from our Windows 2003 server on to the AAC. - Is this correct?
I am more stuck on the CAG - I have requested a certificate through the CAG using the 'Certificate Signing Request' Tab. This creates a CSR file. For testing purposes I have used my internal CA to process the request and create a Cer file. I then try and upload the certificate, again on the CAG using 'Secure certificate management' under the Administration tab.  But each time I try it replies with 'Certificate upgrade failed'.
It is also the same for .crt and .pem uploads.
So I am stuck as how to create the correct certificates and upload them. Not even too sure how many certificates I need!.

I tried to enable AAC on the Gateway to use the AAC server. When I add the IP address of the AAC and select secure connection it replies with an error which I guess is SSL related. When I do not tick secure connection it accepts the IP address but when I go on the AAC server and try to discover the CAG it cannot find it.

Any suggestions or step by step guides will be helpful as I am now going in circles on this one!!!

Question by:clarkeyi
LVL 11

Accepted Solution

AdamBNYC earned 500 total points
ID: 18050987
Hmmm, well you need 2 certificates. One root certificate which allows your CAG to have a trusted connection back to your farm. This certificate is created internally via your CA. And you need a server certificate. These certificates are purchased from a company that deals in this... Like verisign ( way over priced )

I use this company alot

You enter that CSR file into a form on the website, jump through some hoops, and they will provide you with a x.509 cert. I think this may be where your issue is. Ive never actually attempted to install a cert from my private CA as the server cert, But im not sure that you can. I think the CAG needs a certain amount of compliance requirements, and one of which needs to be a X.509 server certificate.

I know that Secure Gateway will not even let you install itself without this cert first being installed on the SG server. You would just need to buy the cheapest one from that site, but not the free one. Let me know how this works out.

Author Comment

ID: 18059141
Thanks for the advice. I will take a look at the site for a certificate.
One more question, I have created a web server certificate on the AAC server.  Do I need the same type of certificate on the CAG. Not the root certificate but the other of the two?.  As I am not sure how this one is created?


Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Citrix: Outlook 2010 "flags in task 3 47
Citrix for small size company. 1 45
Citrix download link 3 51
citrix netscaler: add ns ip 2 17
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now