Creating a Certificate Signing Request
To provide secure communications using SSL or TLS, a server certificate is required on Citrix Gateway. Before you can upload a certificate to Citrix Gateway, you need to generate a Certificate Signing Request (CSR) and private key. You use the Create Certificate Request included in the Citrix Gateway wizard or the configuration utility to create the CSR. The Create Certificate Request creates a .csr file that is emailed to the Certificate Authority (CA) for signing and a private key that remains on the appliance. The CA signs the certificate and returns it to you at the email address you provided. When you receive the signed certificate, you can install it on Citrix Gateway. When you receive the certificate back from the CA, you pair the certificate with the private key.
Important: When you use the Citrix Gateway wizard to create the CSR, you must exit the wizard and wait for the CA to send you the signed certificate. When you receive the certificate, you can run the Citrix Gateway wizard again to create the settings and install the certificate. For more information about the Citrix Gateway wizard, see Configuring Settings by Using the Citrix Gateway Wizard.
To create a CSR by using the Citrix Gateway wizard
- In the configuration utility, click the Configuration tab and then in the navigation pane, click Citrix ADC Gateway.
- In the details pane, under Getting Started, click Citrix ADC Gateway wizard.
- Follow the directions in the wizard until you come to the Specify a server certificate page.
- Click Create a Certificate Signing Request and complete the fields. Note: The fully qualified domain name (FQDN) does not need to be the same as the Citrix Gateway host name. The FQDN is used for user logon.
- Click Create to save the certificate on your computer and then click Close.
- Exit the Citrix Gateway wizard without saving your settings.
To create a CSR by using the Citrix ADC GUI
You can also use the Citrix ADC GUI to create a CSR, without running the Citrix Gateway wizard.
- Navigate to Traffic Management > SSL > SSL Files and select Create Certificate Signing Request (CSR).
- Complete the settings for the certificate and then click Create.
After you create the certificate and private key, email the certificate to the CA, such as Thawte or VeriSign.