Citrix Gateway

Installing the signed certificate on Citrix Gateway

When you receive the signed certificate from the Certificate Authority (CA), pair it with the private key on the appliance and then install the certificate on Citrix Gateway.

To pair the signed certificate with a private key by using the GUI

  1. Copy the certificate to Citrix Gateway to the folder nsconfig/ssl by using a Secure Shell (SSH) program such as WinSCP.
  2. In the configuration utility, on the Configuration tab, in the navigation pane, expand SSL > Certificates.
  3. In the SSL Certificate page, click Get Started.
  4. In the details pane, click Install.
  5. In Certificate-Key Pair Name, type the name of the certificate.
  6. In Certificate File Name, click Appliance.
  7. Navigate to the certificate, click Select, and then click Open.
  8. In Key File Name, click Appliance. The name of the private key is the same name as the Certificate Signing Request (CSR). The private key is located on Citrix Gateway in the directory \nsconfig\ssl.
  9. Choose the private key, and then click Open.
  10. If the certificate is PEM-format, in Password, type the password for the private key.
  11. If you want to configure notification for when the certificate expires, select Notify When Expires.
  12. In Notification Period, type the number of days, click Create, and then click Close.

To bind the certificate and private key to a virtual server by using the GUI

After you create and link a certificate and private key pair, bind it to a virtual server.

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Virtual Servers.
  2. In the details pane, click a virtual server, and then click Open.
  3. On the Certificates tab, under Available, select a certificate, click Add, and then click OK.

To bind the certificate and private key to a virtual server by using the CLI

At the command prompt, type;

bind ssl vserver <vServerName> -certkeyName <string> -ocspCheck ( Mandatory | Optional )

Example:

bind ssl vserver TestClient -CertkeyName ag51.xm.nsi.test.com -CA -ocspCheck Mandatory

Note: oscpCheck is optional if OCSP check is not required for device certificate.

To unbind test certificates from the virtual server by using the GUI

After you install the signed certificate, unbind any test certificates that are bound to the virtual server. You can unbind test certificates using the configuration utility.

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Virtual Servers.
  2. In the details pane, click a virtual server, and then click Open.
  3. On the Certificates tab, under Configured, select the test certificate, and then click Remove.