CAG SSL Install

dmanisit
dmanisit used Ask the Experts™
on
Hi all,

So I think I made a mistake. I made a request from my Web Server to Verisign rather than my CAG. Is this going to be a problem or can I still make this work?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
No you should be fine.

http://support.citrix.com/article/ctx106028

Shareef
You will be required to first install the certificate, then export the pfx, convert the pfx into pem and then upload in cag
Hi, here is the supporting article may help you out
Generate the Certificate Request (see CTX116758)
- Install OpenSSL (NB: You may need to rename OpenSSL\bin\openssl.cfg to OpenSSL\bin\openssl.cnf if it does not exist)
- From a command prompt CD to OpenSSL\bin folder
- Run openssl genrsa -des3 -out privateserver.key 1024
- Enter privatekey pass phrase when prompted
- Verify privatekey pass phrase when prompted
- This will create the private key (called privateserver.key) in the OpenSSL\bin folder
- Run openssl req -new -key privateserver.key -out server.csr -outform PEM
- Enter details;
 Country Name - GB
 State or Province - London
 City - London
 Organisation - MyOrg
 Organisational Unit - MyOU
 Common Name - remote.myorg.com (FQDN of CAG)
 Email Address - <blank>
 Challenge Password - password
 Optional Company Name - <blank>
- This will create a Certficate Signing Request called server.csr in the OpenSSL\bin folder. This CSR needs to be sent to get the cert

Import Certificate (see CAG admin guide pg264)
- When the certificate (.cer) is returned place it in the OpenSSL\bin folder. Call it cag.cer
- From the OpenSSL\bin folder run openssl pkcs7 -in ./cag.cer -print_certs > combined_certs.pem
- Open combined_certs.pem and privateserver.key in Wordpad.
- In combined_certs.pem remove any lines not between --BEGIN CERTIFICATE-- and --END CERTIFICATE--. eg lines beginning with subject=... and issuer=...
- Copy the contents of privateserver.key to the TOP of combined_certs.pem and save combined_certs.pem
- Using the Access Gateway Administration tool login and select the Access Gateway Cluster tab.
- Maximise the "This Gateway" window and select the Administration tab.
- Select "Upload a .pem private key and signed certificate and browse to the combined_certs.pem file

to convert .pfx to .pem
http://support.citrix.com/article/CTX106028

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial