Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Help setting up a Citrix Access Gateway with Advanced Access Control

Posted on 2006-11-30
Medium Priority
Last Modified: 2012-06-21
We have just purchased a Citrix Access gateway (CAG) and bought the Advances Access Control (AAC)

Both are installed fine and now I have got to the part where I need to install the cetificates on both servers for SSL and I am getting a bit stuck.

So far I have installed a standard SSL Web Certificate from our internal CA from our Windows 2003 server on to the AAC. - Is this correct?
I am more stuck on the CAG - I have requested a certificate through the CAG using the 'Certificate Signing Request' Tab. This creates a CSR file. For testing purposes I have used my internal CA to process the request and create a Cer file. I then try and upload the certificate, again on the CAG using 'Secure certificate management' under the Administration tab.  But each time I try it replies with 'Certificate upgrade failed'.
It is also the same for .crt and .pem uploads.
So I am stuck as how to create the correct certificates and upload them. Not even too sure how many certificates I need!.

I tried to enable AAC on the Gateway to use the AAC server. When I add the IP address of the AAC and select secure connection it replies with an error which I guess is SSL related. When I do not tick secure connection it accepts the IP address but when I go on the AAC server and try to discover the CAG it cannot find it.

Any suggestions or step by step guides will be helpful as I am now going in circles on this one!!!

Question by:clarkeyi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 11

Accepted Solution

AdamBNYC earned 2000 total points
ID: 18050987
Hmmm, well you need 2 certificates. One root certificate which allows your CAG to have a trusted connection back to your farm. This certificate is created internally via your CA. And you need a server certificate. These certificates are purchased from a company that deals in this... Like verisign ( way over priced )

I use this company alot


You enter that CSR file into a form on the website, jump through some hoops, and they will provide you with a x.509 cert. I think this may be where your issue is. Ive never actually attempted to install a cert from my private CA as the server cert, But im not sure that you can. I think the CAG needs a certain amount of compliance requirements, and one of which needs to be a X.509 server certificate.

I know that Secure Gateway will not even let you install itself without this cert first being installed on the SG server. You would just need to buy the cheapest one from that site, but not the free one. Let me know how this works out.

Author Comment

ID: 18059141
Thanks for the advice. I will take a look at the site for a certificate.
One more question, I have created a web server certificate on the AAC server.  Do I need the same type of certificate on the CAG. Not the root certificate but the other of the two?.  As I am not sure how this one is created?


Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenDesktop, Citrix Studio, Citrix Policies, Citrix XenApp
#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question