Server certificate support matrix on the ADC appliance
The Citrix ADC appliance supports the following server certificates.
Table 1: Support on front-end (FE) and back-end (BE) Service
Server certificate/Platform | MPX/SDX (N2 CHIPS) FE | MPX/SDX (N2 CHIPS) BE | MPX/SDX (N3 CHIPS) FE | MPX/SDX (N3 CHIPS) BE | VPX FE | VPX BE |
---|---|---|---|---|---|---|
MD5 | Y | Y | Y | Y | Y | Y |
SHA1 | Y | Y | Y | Y | Y | Y |
SHA224 | Y | Y | Y | Y | Y | Y |
SHA256 | Y | Y | Y | Y | Y | Y |
SHA384 | Y | Y | Y | Y | Y | Y |
SHA512 | Y | Y | Y | Y | Y | Y |
RSA Key | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits |
DH Key | 1024 bits and 2048 bits | 1024 bits and 2048 bits | 1024 bits and 2048 bits | 1024 bits and 2048 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits |
Server certificate/Platform | MPX 9700/10500/12500/15500 FIPS with FW 2.2 FE | MPX 9700/10500/12500/15500 FIPS with FW 2.2 BE | MPX/SDX 14030/14060/14080 FIPS FE | MPX/SDX 14030/14060/14080 FIPS BE |
---|---|---|---|---|
MD5 | Y | Y | Y | Y |
SHA1 | Y | Y | Y | Y |
SHA224 | Y | Y | Y | Y |
SHA256 | Y | Y | Y | Y |
SHA384 | Y | Y | Y | Y |
SHA512 | Y | Y | Y | Y |
RSA Key | 2048 bits | 2048 bits | 2048 bits and 3072 bits | 2048 bits and 3072 bits |
DH Key | N | N | N | N |
Notes
- 4k certificates require higher CPU cycles and might affect the performance of low-end appliances.
- In release 11.1 and earlier, a Citrix ADC appliance supports the following “signature algorithms” extensions in the back end client hello message: RSA-MD5, RSA-SHA1, and RSA-SHA256. The Citrix ADC appliance does not support SHA 384 and SHA 512 signature algorithms extensions. Therefore some servers, such as Windows IIS servers, reset the connection.
- Starting release 12.0, a Citrix ADC appliance supports all the signature_algorithms extensions.
Server certificate support matrix on the ADC appliance
In this article
Copied!
Failed!