Help setting up a Citrix Access Gateway with Advanced Access Control

Posted on 2006-11-30
Last Modified: 2012-06-21
We have just purchased a Citrix Access gateway (CAG) and bought the Advances Access Control (AAC)

Both are installed fine and now I have got to the part where I need to install the cetificates on both servers for SSL and I am getting a bit stuck.

So far I have installed a standard SSL Web Certificate from our internal CA from our Windows 2003 server on to the AAC. - Is this correct?
I am more stuck on the CAG - I have requested a certificate through the CAG using the 'Certificate Signing Request' Tab. This creates a CSR file. For testing purposes I have used my internal CA to process the request and create a Cer file. I then try and upload the certificate, again on the CAG using 'Secure certificate management' under the Administration tab.  But each time I try it replies with 'Certificate upgrade failed'.
It is also the same for .crt and .pem uploads.
So I am stuck as how to create the correct certificates and upload them. Not even too sure how many certificates I need!.

I tried to enable AAC on the Gateway to use the AAC server. When I add the IP address of the AAC and select secure connection it replies with an error which I guess is SSL related. When I do not tick secure connection it accepts the IP address but when I go on the AAC server and try to discover the CAG it cannot find it.

Any suggestions or step by step guides will be helpful as I am now going in circles on this one!!!

Question by:clarkeyi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 11

Accepted Solution

AdamBNYC earned 500 total points
ID: 18050987
Hmmm, well you need 2 certificates. One root certificate which allows your CAG to have a trusted connection back to your farm. This certificate is created internally via your CA. And you need a server certificate. These certificates are purchased from a company that deals in this... Like verisign ( way over priced )

I use this company alot

You enter that CSR file into a form on the website, jump through some hoops, and they will provide you with a x.509 cert. I think this may be where your issue is. Ive never actually attempted to install a cert from my private CA as the server cert, But im not sure that you can. I think the CAG needs a certain amount of compliance requirements, and one of which needs to be a X.509 server certificate.

I know that Secure Gateway will not even let you install itself without this cert first being installed on the SG server. You would just need to buy the cheapest one from that site, but not the free one. Let me know how this works out.

Author Comment

ID: 18059141
Thanks for the advice. I will take a look at the site for a certificate.
One more question, I have created a web server certificate on the AAC server.  Do I need the same type of certificate on the CAG. Not the root certificate but the other of the two?.  As I am not sure how this one is created?


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Citrix - Need to edit registry for users to apply a buttonfix for an application 8 49
Citrix VMs 5 94
Windows anniversary update issue with Citrix 12 125
Access on thin client? 11 77
Citrix policies are the most efficient method to configure and tune XenDesktop environments, allowing organizations to control connection, security and bandwidth settings based on various combinations of users, devices or connection types.  Citrix …
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question