Authentication and Authorization

Configuring and Binding a Client Certificate Authentication Policy

October 5, 2020

Contributed by:

You can create a client certificate authentication policy and bind it to a virtual server. You can use the policy to restrict access to specific groups or users. This policy takes precedence over the global policy.

To configure a client certificate authentication policy:

In the configuration utility, on the Configuration tab, expand Citrix Gateway > Policies > Authentication.
In the navigation pane, under Authentication, click CERT.
In the details pane, click Add.
In Name field, type a name for the policy.
Next to Server, click New.
In Name, type a name for the profile.
Next to Two Factor, select OFF.
In User Name field and Group Name field, select the values and then click &Create. Note: If you previously configured client certificates as the default authentication type, use the same names that you used for the policy. If you completed the User Name field and Group Name field for the default authentication type, use the same values for the profile.
In the Create Authentication Policy dialog box, next to Named Expressions, select the expression, click Add Expression, click Create and then click Close.

To bind a client certificate policy to a virtual server:

After you configure the client certificate authentication policy, you can bind it to a virtual server.

In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway and then click Virtual Servers.
In the details pane, click a virtual server and then click Open.
In the configure Citrix Gateway Virtual Server dialog box, click the Authentication tab.
Click Primary or Secondary.
Under Details, click Insert Policy.
In Policy Name, select the policy and then click OK.

To configure a virtual server to request the client certificate:

When you want to use a client certificate for authentication, you must configure the virtual server so that client certificates are requested during the SSL handshake.

In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway and then click Virtual Servers.
In the details pane, click a Virtual Server and then click Open.
On the Certificates tab, click SSL Parameter.
Under Others, click Client Authentication.
In Client Certificate, select Optional or Mandatory and then click OK twice. Select Optional if you want to allow other authentication types on the same virtual server and do not require the use of client certificates.

Note

For more information about Callback URL, see Import a Citrix Gateway.

For more information about certificates, see Install, link, and update certificates.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Configuring and Binding a Client Certificate Authentication Policy

October 5, 2020

Contributed by:

October 5, 2020

Contributed by:

Configuring and Binding a Client Certificate Authentication Policy

Configuring and Binding a Client Certificate Authentication Policy

In this article