Installation instructions for Citrix Access Gateway 8.0

Solution ID:    SO22412    Updated:    02/18/2015


This document provides installation instructions for Citrix Secure Gateway 8. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Citrix.

Step 1. Obtain the SSL Certificate

    1.    The RapidSSL certificate will be sent by email.
    2.    Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

            The text file should look like:

            -----BEGIN CERTIFICATE-----

                      [encoded data]

            -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.

           NOTE: The certificate can be also downloaded from the RapidSSL User Portal by
           following the steps from this link
: SO16222

           Please select X.509 as a certificate format and copy only the End Entity Certificate.
    4.    Save certificate filename with the .txt or .crt extension. For example: public.txt  or public.crt

Step 2. Install the SSL Certificate

    1.    Using WinSCP or any other secure FTP client, connect to the Access Gateway 
           and log on as nsroot.
    2.    Upload the agee.cer file to the /nsconfig/ssl directory
    3.    In the GUI configuration manager, go to SSL > Certificates and click Add.


    4.    In the Certificate-Key Pair Name field, type a descriptive name for this certificate entity,
           for example:
    5.    For File Location select the Remote System radio button.
    6.    For Certificate Filename, click Browse and locate the filename.cer file you obtained in Step 1 
    7.    For the Key Filename browse to the corresponding Private Key and enter the PEM passphrase
   8.    Keep PEM selected as the format.
    9.    Click Install and then Close.
  10.    After a few seconds, the certificate entity should appear in the background. Click Close. 
           Your certificate can now be used.

Step 3.  Download the Root and Intermediate CA Certificate

    1.    Download the Root certificate for your SSL certificate from this link: SO20329
    2.    Download the Intermediate CA certificate from this link: AR1548
    3.    Paste the Root and Intermediate CA certificates to a Notepad document in the following order:
           The Intermediate CA certificate on the top, followed by the Root certificate at the bottom.

           -----BEGIN CERTIFICATE-----
                  [Intermediate CA]
           -----END CERTIFICATE-----
           -----BEGIN CERTIFICATE-----
                       [Root CA]
           -----END CERTIFICATE-----

    5.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.
    6.    Save the file as intermediate_root.txt

Step 4. Install the Root and the Intermediate CA Certificate

    1.    Using WinSCP transfer the intermediate certificate to the /nsconfig/ssl directory
    2.    Log in to the Configuration utility of the appliance.
    3.    Expand the SSL node.
    4.    Click Certificates.
    5.    On the SSL Certificates page, click Add.
    6.    Specify the appropriate values in the various fields of the Install Certificate dialog box.

           The following screenshot displays the sample values for your reference:


    7.    Click Install.
  8.    On the SSL Certificates page, select the server certificate to which you want to link
           the Intermediate CA certificate.
    9.    Click Link.


  10.    From the CA Certificate Name list, select the required Intermediate CA certificate, as shown in the
           following screenshot:


  11.    Verify the certificate installation using the RapidSSL Installation Checker.

Citrix Support

           This solution is referenced from the Citrix Support 


RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Find Answers

Search Tips