Help setting up a Citrix Access Gateway with Advanced Access Control

We have just purchased a Citrix Access gateway (CAG) and bought the Advances Access Control (AAC)

Both are installed fine and now I have got to the part where I need to install the cetificates on both servers for SSL and I am getting a bit stuck.

So far I have installed a standard SSL Web Certificate from our internal CA from our Windows 2003 server on to the AAC. - Is this correct?
I am more stuck on the CAG - I have requested a certificate through the CAG using the 'Certificate Signing Request' Tab. This creates a CSR file. For testing purposes I have used my internal CA to process the request and create a Cer file. I then try and upload the certificate, again on the CAG using 'Secure certificate management' under the Administration tab.  But each time I try it replies with 'Certificate upgrade failed'.
It is also the same for .crt and .pem uploads.
So I am stuck as how to create the correct certificates and upload them. Not even too sure how many certificates I need!.

I tried to enable AAC on the Gateway to use the AAC server. When I add the IP address of the AAC and select secure connection it replies with an error which I guess is SSL related. When I do not tick secure connection it accepts the IP address but when I go on the AAC server and try to discover the CAG it cannot find it.

Any suggestions or step by step guides will be helpful as I am now going in circles on this one!!!

Who is Participating?
AdamBNYCConnect With a Mentor Commented:
Hmmm, well you need 2 certificates. One root certificate which allows your CAG to have a trusted connection back to your farm. This certificate is created internally via your CA. And you need a server certificate. These certificates are purchased from a company that deals in this... Like verisign ( way over priced )

I use this company alot

You enter that CSR file into a form on the website, jump through some hoops, and they will provide you with a x.509 cert. I think this may be where your issue is. Ive never actually attempted to install a cert from my private CA as the server cert, But im not sure that you can. I think the CAG needs a certain amount of compliance requirements, and one of which needs to be a X.509 server certificate.

I know that Secure Gateway will not even let you install itself without this cert first being installed on the SG server. You would just need to buy the cheapest one from that site, but not the free one. Let me know how this works out.
clarkeyiAuthor Commented:
Thanks for the advice. I will take a look at the site for a certificate.
One more question, I have created a web server certificate on the AAC server.  Do I need the same type of certificate on the CAG. Not the root certificate but the other of the two?.  As I am not sure how this one is created?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.