Install/Renew Certificate for Access Gateway Enterprise Edition

The method I use below to install/renew cert for CAG requires you have access to an IIS server. The destination server name/common name:

•Generate the CSR on IIS server via the IIS Certificate Wizard and make sure you type in the common name:

•Copy the CSR to your CA (GoDaddy in my case)

•Once certificate is downloaded, import/install it via the certificate wizard

•Open MMC and add snap-in of local computer certificate

•Find the certificate under Personal-> Certificate

•Export the certificate ( including the private key! ) into a .pfx file

•Login to Netscaler and Nav to SSL

•Click import PKCS#12 to import/convert your pfx file

•Click Certificate under SSL, Click Add at bottom of the page OR right-click the expired certificate -> update

•Enter the proper information and select the saved PEM certificate

•Click Install OR Ok to finish

•Navigate to Access Gateway -> Virtual Servers

•Double-Click on the virtual server needs the certificate

• Move the install/updated certificate to Configured section

•Click OK to finish.

NOTE: Citrix recommended certificate convertion with OpenSSL for windows, I followed instruction but converted certificate is not accepted by CAG. I also tried other online tool, did not work either.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s