Gateway

Validating the Server Certificate During an SSL Handshake

The Citrix Gateway appliance can now be configured to validate the server certificate provided by the back-end server during an SSL handshake.

To configure Citrix Gateway global parameters to support PAC for outbound proxy by using the configuration utility

Bind the CA certificate

  1. Navigate to ConfigurationCitrix Gateway > Citrix Gateway Policy Manager > Certificate Bindings.**
  2. On the Certificate Bindings screen, click the + icon.
  3. On the CA Certificate(s) Binding screen, click Add Binding and click Install.
  4. Select the certificate file name in the Certificate File Name field and click Install.
  5. On the CA Certificate(s) Binding screen, select the certificate and click Bind.
  6. Click Done.

Enabling the certificate validation:

  1. Navigate to Citrix Gateway> Global settings.
  2. Click Change Global Settings.**
  3. Select Enabled from the Backend Server Certificate Validation drop-down menu and click OK.

To configure Citrix Gateway global parameters to support server certificate with the command line

At the command prompt, type the following commands:

    bind vpn global cacert DNPGCA1

    set vpn parameter backendcertValidation ENABLED
<!--NeedCopy-->
Validating the Server Certificate During an SSL Handshake