Certificate Signing Request (CSR) Generation Instructions for Citrix Access Gateway 8

Solution ID:    SO22538    Updated:    07/27/2016


This document provides generation instructions for Citrix Access Gateway 8.0. If this document can not be used on the server, RapidSSL recommends contacting the server vendor.

NOTE:  As of 1/1/2016 all public SSL certificates must be issued as SHA-256 with at least a 2048-bit key length.  Please ensure the server can support the standards before requesting a certificate.

To generate a CSR using Access Gateway 8.0 Appliance, follow the steps bellow:

  1. In the GUI configuration tool, go to SSL > CA Tools.
  2. Click Create RSA Key in the right pane .

    NOTE: Do not use the <Certificate wizard> link shown on the SSL page).
  3. Enter the Key Filename.
  4. The Key Size must be at least 2048 bits.
  5. Keep PEM as the key format and select DES3 for the PEM Encoding Algorithm.
  6. Enter the PEM passphrase to protect the private key. Click Create and then Close.

  7. Click Create Certificate Request on the CA Tools page. Enter the file name for the request, provide the file name of the Key created in the previous step, along with the passphrase.
  8. Fill out the distinguished name fields:

    Common name: Enter the fully qualified domain name (FQDN) of the appliance
    Email address: Not recommended.  Enter an email address only if the wizard will not continue without providing an email address.
    Organization Name: Enter the organization.
    Organizational Unit: Enter the department that will use the certificate.
    City: Enter the name of the city in which the organization is located.
    State/Province Name: Enter full name of the state or province where the organization is located.
    Country Name: Select the country, where the organization is registered.
  9. Click Create and then click Close.
  10. The [filename.csr] file now resides on the appliance in the /nsconfig/ssl directory.  This file can then be transferred to a workstation. Use WinSCP or any other secure FTP client to connect to the Access Gateway. Log on as nsroot.
  11. Verify your CSR
  12. Proceed with Enrolment and paste the the CSR in the enrolment form when required.

Once the SSL certificate has been issued, refer to this link for installation instructions.

Legacy ID



RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Find Answers

Search Tips