How you do configure the External and Internal certificates? Now let me state that when I am using .com for the internal domain, everything works, but when I try using a .local for the internal domain which most folks/companies would have in place, I run into all kinds of issues with the certs on the NetScaler and Storefront.
I purchased a wildcard cert from GoDaddy and installed in my Netscaler Access Gateway by the way I can hit my VIP, and it loads the older black web interface looking portal - that portion works.
When I attempt to log in, I get an HTTP 403 forbidden page right away. Now from the internal network I can navigation to my storefront site which is using a .local domain signed cert and can log in and display my resources with no issues.
After every login attempt from the external access gateway site, I get the following event error in the “Citrix Delivery Services” logs on my Storefront server -
Failed to run discovery
Citrix.Web.DeliveryServicesProxy.ConfigLoader.DiscoveryServiceException, ReceiverWebConfigLoader, Version=2.6.0.0, Culture=neutral, PublicKeyToken=null
An error occured while contacting the Discovery Service
I tried binding the internal .local domain signed cert to my Access Gateway virtual server together with the GoDaddy wildcard .com cert but got an error indicating only one binding can be present
The same thing for my internal IIS binding for the Storefront server “Default Wed site” can only bind the domain signed cert.
How does this work? I cannot find any documents on how to configure this. They all show the external and internal domains using the same .com fqdn domain name prefix.
Any help will be greatly appreciated. Thanks again,
Our community of experts have been thoroughly vetted for their expertise and industry experience.