Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2935
  • Last Modified:

ssl certificate renewal

i have an ssl certificate installed on a citrix access gateway enterprise. it is expiring in about two weeks time and i need to renew it. do i have to create a new csr for renewal. like if i go to the device i do have an option for updaing the certificate and when you click on the update it asks for a file name, key file name and a passphrase. procedure in citrix AGEE , create a key, create a csr using the key and the information like the server FQDN, Ou name, region etc. i was not the one who created the CSR earlier so i dont know the infor provided then. i know only the server FQDN, so it it ok id in the new csr i only mention the FQDN. need some assisnance in certificate renewal
0
mgmohiuddin
Asked:
mgmohiuddin
3 Solutions
 
sstone55423Commented:
This describes the process well.
 
http://support.citrix.com/article/CTX113627
 
0
 
mgmohiuddinAuthor Commented:
yes, i have already seen this document, but i need a procedure to renew not to add a new one. my question is do i need to create a new crs,and how to update the certificate, not to add a new one
0
 
JaredJ1Commented:
Just create a CSR - then provide the contents of this file to your certificate provider (verisign or whoever). Once done, import the new certificate. You only need the FQDN to generate the CSR. All the other info is irrelevant really. If your website is https://citrixlogin.acme.com then your FQDN will just be "citrixlogin.acme.com"
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
mgmohiuddinAuthor Commented:
Thanks for the reply. Yes i did as you said, generated the CSR, got a new certificate issued from a commercial CA. hen i was trying to import it it did give me a warning that some code was missing, but it did configure the device with the certificate and is working fine. actually i just generated the CSR and gave it to my boss who actually ordered for the certificate. i think he used the option to renew the old certificate. but i added the certificate as if it is a new certificate. i hope it will not be an issue. our old cert is still valied for a week so i want to be sure that this new certificate is ok. it is working , i am just worried about the warning that i got during the import. the reason i did not renew the old one is as it was having a key length of 512, but the one i got is 1024, so is it ok to continue like this as it seems to be working or should i update the old certificate
0
 
sstone55423Commented:
This will work fine.  The 1024 is substantially more secure.  I wouldn;t pay extra just for 1024 versus 512 key length for this application, but if it was the same price -- why not?
I'm glad it is working fine.
0
 
mgmohiuddinAuthor Commented:
i hope the old one is not cached and is still using the old certificate in spite of configuring the device with a new certificate. this waringn i was talking about can be ignored i guess
0
 
RattlesnakeIslandCommented:
Same issue... I have the renewed certificate. Do I update the existing one? When I tried to add a new one the error was Resource already exists.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now