Solved

Help setting up a Citrix Access Gateway with Advanced Access Control

Posted on 2006-11-30
5
1,143 Views
Last Modified: 2012-06-21
Hello
We have just purchased a Citrix Access gateway (CAG) and bought the Advances Access Control (AAC)

Both are installed fine and now I have got to the part where I need to install the cetificates on both servers for SSL and I am getting a bit stuck.

So far I have installed a standard SSL Web Certificate from our internal CA from our Windows 2003 server on to the AAC. - Is this correct?
I am more stuck on the CAG - I have requested a certificate through the CAG using the 'Certificate Signing Request' Tab. This creates a CSR file. For testing purposes I have used my internal CA to process the request and create a Cer file. I then try and upload the certificate, again on the CAG using 'Secure certificate management' under the Administration tab.  But each time I try it replies with 'Certificate upgrade failed'.
It is also the same for .crt and .pem uploads.
So I am stuck as how to create the correct certificates and upload them. Not even too sure how many certificates I need!.

I tried to enable AAC on the Gateway to use the AAC server. When I add the IP address of the AAC and select secure connection it replies with an error which I guess is SSL related. When I do not tick secure connection it accepts the IP address but when I go on the AAC server and try to discover the CAG it cannot find it.

Any suggestions or step by step guides will be helpful as I am now going in circles on this one!!!

Thanks
0
Comment
Question by:clarkeyi
5 Comments
 
LVL 11

Accepted Solution

by:
AdamBNYC earned 500 total points
ID: 18050987
Hmmm, well you need 2 certificates. One root certificate which allows your CAG to have a trusted connection back to your farm. This certificate is created internally via your CA. And you need a server certificate. These certificates are purchased from a company that deals in this... Like verisign ( way over priced )

I use this company alot

http://www.instantssl.com/

You enter that CSR file into a form on the website, jump through some hoops, and they will provide you with a x.509 cert. I think this may be where your issue is. Ive never actually attempted to install a cert from my private CA as the server cert, But im not sure that you can. I think the CAG needs a certain amount of compliance requirements, and one of which needs to be a X.509 server certificate.

I know that Secure Gateway will not even let you install itself without this cert first being installed on the SG server. You would just need to buy the cheapest one from that site, but not the free one. Let me know how this works out.
0
 

Author Comment

by:clarkeyi
ID: 18059141
Thanks for the advice. I will take a look at the site for a certificate.
One more question, I have created a web server certificate on the AAC server.  Do I need the same type of certificate on the CAG. Not the root certificate but the other of the two?.  As I am not sure how this one is created?

Cheers
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now