Long Le
asked on
Unusable Server Cert for CSG
The Citrix Gateway certificate specified is unusable. I am stuck on step 7. I was able to create a self Signed Cert and use it but not sure why I can't use the one from godaddy. The only thing I notice that is different is that the self signed one says "You have a private key that corresponds to this certificate"
1.) Create CSR in IIS
2.) Copied CSR int Godaddy SSL
3.) Downloaded .CRT and .p7b from Godaddy.
4.) Open Certificates Add-in on MMC
5.) Imported Cert into Trusted Root Cert Authorities, Personal, and Intermediate Cert Authorities
6.) Imported SSL into IIS
7.) Run CSG Wizard and Import Key.
1.) Create CSR in IIS
2.) Copied CSR int Godaddy SSL
3.) Downloaded .CRT and .p7b from Godaddy.
4.) Open Certificates Add-in on MMC
5.) Imported Cert into Trusted Root Cert Authorities, Personal, and Intermediate Cert Authorities
6.) Imported SSL into IIS
7.) Run CSG Wizard and Import Key.
Are you talking about the old Citrix Secure Gateway software?
ASKER
Yes, Sadly.
After you download the certificate from GoDaddy, you must merge the public and private keys.
On the same IIS server you generated the CSR, you must complete the certificate request (via Inetmgr):
If you generated it on the CSG server, then you are done. If not, you must export it - with the private key - and THEN import it onto the CSG server. You should only put the server certificate into the personal store. The intermediate certificate goes into the Intermediate store. The root certificate should already be in the Root Authorities store.
On the same IIS server you generated the CSR, you must complete the certificate request (via Inetmgr):
If you generated it on the CSG server, then you are done. If not, you must export it - with the private key - and THEN import it onto the CSG server. You should only put the server certificate into the personal store. The intermediate certificate goes into the Intermediate store. The root certificate should already be in the Root Authorities store.
Almost 10 years ago I wrote an article series on WI and CSG. The articles might be able to help you.
https://carlwebster.com/le arning-the -basics-of -wi4-6-csg 3-1-and-go daddy-wild card-ssl-c ert-part-2 -of-3/
https://carlwebster.com/le arning-the -basics-of -wi4-6-csg 3-1-and-go daddy-wild card-ssl-c ert-part-3 -of-3/
https://carlwebster.com/le
https://carlwebster.com/le
ASKER
The only think I see that is different is the signature algorithm and hash
sha256RSA\sha256 (Godaddy) vs sha1RSA\sha1 (Selfsign)
sha256RSA\sha256 (Godaddy) vs sha1RSA\sha1 (Selfsign)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again guys. I did a certrepair and that solved it.