Server certificate support matrix on the ADC appliance
The Citrix ADC appliance supports the following server certificates.
Table 1: Support on Frontend (FE) and Backend (BE) Service
| Server certificate/Platform | MPX/SDX (N2 CHIPS) FE | MPX/SDX (N2 CHIPS) BE | MPX/SDX (N3 CHIPS) FE | MPX/SDX (N3 CHIPS) BE | VPX FE | VPX BE |
|---|---|---|---|---|---|---|
| MD5 | Y | Y | Y | Y | Y | Y |
| SHA1 | Y | Y | Y | Y | Y | Y |
| SHA224 | Y | Y | Y | Y | Y | Y |
| SHA256 | Y | Y | Y | Y | Y | Y |
| SHA384 | Y | Y | Y | Y | Y | Y |
| SHA512 | Y | Y | Y | Y | Y | Y |
| RSA Key | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits |
| DH Key | 1024 and 2048 bits | 1024 and 2048 bits | 1024 and 2048 bits | 1024 and 2048 bits | 1024, 2048, 3072, and 4096 bits | 1024, 2048, 3072, and 4096 bits |
| Server certificate/Platform | MPX 9700/10500/12500/15500 FIPS with FW 2.2 FE | MPX 9700/10500/12500/15500 FIPS with FW 2.2 BE | MPX/SDX 14030/14060/14080 FIPS FE | MPX/SDX 14030/14060/14080 FIPS BE |
|---|---|---|---|---|
| MD5 | Y | Y | Y | Y |
| SHA1 | Y | Y | Y | Y |
| SHA224 | Y | Y | Y | Y |
| SHA256 | Y | Y | Y | Y |
| SHA384 | Y | Y | Y | Y |
| SHA512 | Y | Y | Y | Y |
| RSA Key | 2048 bits | 2048 bits | 2048 and 3072 bits | 2048 and 3072 bits |
| DH Key | N | N | N | N |
Note:
In release 11.1 and earlier, a Citrix ADC appliance supports the following “signature algorithms” extensions in the back end client hello message: RSA-MD5, RSA-SHA1, and RSA-SHA256. Because SHA 384 and SHA 512 signature algortihms extensions are not supported by the Citrix ADC appliance, some servers, such as Windows IIS servers, reset the connection.
Starting release 12.0, a Citrix ADC appliance supports all the signature_algorithms extensions.