Product Documentation

Server certificate support matrix on the ADC appliance

The Citrix ADC appliance supports the following server certificates.

Table 1: Support on Frontend (FE) and Backend (BE) Service

Server certificate/Platform MPX/SDX (N2 CHIPS) FE MPX/SDX (N2 CHIPS) BE MPX/SDX (N3 CHIPS) FE MPX/SDX (N3 CHIPS) BE VPX FE VPX BE
MD5 Y Y Y Y Y Y
SHA1 Y Y Y Y Y Y
SHA224 Y Y Y Y Y Y
SHA256 Y Y Y Y Y Y
SHA384 Y Y Y Y Y Y
SHA512 Y Y Y Y Y Y
RSA Key Up to 4096 bits Up to 4096 bits Up to 4096 bits Up to 4096 bits Up to 4096 bits Up to 4096 bits
DH Key Up to 2048 bits Up to 2048 bits Up to 2048 bits Up to 2048 bits Up to 4096 bits Up to 4096 bits
Server certificate/Platform MPX 9700/10500/12500/15500 FIPS with FW 2.2 FE MPX 9700/10500/12500/15500 FIPS with FW 2.2 BE MPX/SDX 14030/14060/14080 FIPS FE MPX/SDX 14030/14060/14080 FIPS BE
MD5 Y Y Y Y
SHA1 Y Y Y Y
SHA224 Y Y Y Y
SHA256 Y Y Y Y
SHA384 Y Y Y Y
SHA512 Y Y Y Y
RSA Key Up to 2048 bits Up to 2048 bits 2048 and 3072 bits 2048 and 3072 bits
DH Key N N N N

Note:

  • In release 11.1 and earlier, a Citrix ADC appliance supports the following “signature algorithms” extensions in the back end client hello message: RSA-MD5, RSA-SHA1, and RSA-SHA256. Because SHA 384 and SHA 512 signature algortihms extensions are not supported by the Citrix ADC appliance, some servers, such as Windows IIS servers, reset the connection.

  • Starting release 12.0, a Citrix ADC appliance supports all the signature_algorithms extensions.

Server certificate support matrix on the ADC appliance

In this article