Entrust Certificate Services Support Knowledge BaseLast Modified: 2016-09-07 15:42:23.0
SSL/TLS Certificate Installation Instructions - Citrix Secure Gateway
Article Number: 46516
Last Modified: 2015-11-25 15:45:34.0
TN 7807 - SSL/TLS Certificate Installation Instructions - Citrix Secure GatewayBefore you begin
- Never share private key files.
- If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
- Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
For more information on SSL/TLS Best Practices, click here.
1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that includes your Server Certificate, the Entrust chain/intermediate certificates(s) and the Entrust Root certificate. Extract the files from the zip file.
2. On the server, go to Start > Run > type MMC and hit enter.
3. Click File > Add Remove Snap-in.
4. Select Certificates and click Add.
5. Select Local Computer and click Finish.
6. Click Close.
7. Expand Certificates on the left hand side of the console window.
8. Expand the Trusted Root Certification Authorities folder and click on the Certificates sub-folder.
9. Important: Check the list of Trusted Root Certificates to see if there is a root labeled Entrust Root Certification Authority - G2. If this root is present, delete the root from the list. You will install another root certificate and chain your certificate to that root to provide backwards compatibility with older devices that do not include the newer Entrust SHA-2 root certificate.
10. Right click on the Certificates sub-folder under Trusted Root Certification Authorities and select All Tasks > Import.
11. In the import wizard, browse to the Root.crt file downloaded in step 1 and complete the wizard.
12. In the MMC console, expand the Intermediate Certification Authorities folder. Right click on the Certificates sub-folder and select All Tasks > Import.
13. In the import wizard, browse to the Intermediate1.crt file downloaded in step 1 and complete the wizard.
14. Right click on the Certificates sub-folder under Intermediate Certification Authorities and select All Tasks > Import.
15. In the import wizard, browse to the Intermediate2.crt file downloaded in step 1 and complete the wizard to complete the certificate chain setup process. You should see your Entrust Intermediate certificates listed in the Intermediate Certification Authorities folder. You are now ready to install your signed server certificate.
16. Launch the Internet Services Manager (IIS Manager) by clicking Start > All Programs > Administrative Tools > Internet Information Services.
17. Right-click your Web site from the left preview pane and select Properties.
18. Select the Directory Security tab and click on the Server Certificate button.
19. Click Next in in the IIS certificate wizard.
20. Select Process the pending request and install the certificate and click Next.
21. Browse to the location of the ServerCertificate.crt file that you download in step 1 and click Next.
22. Specify your SSL port (in the majority of cases, the default SSL port 443 is used) and click Next.
23. Review the wizard summary and click Next to complete the server certificate import process.
24. Click Finish.
25. Now that you have imported your server certificate and chain, you must assign the certificate using the Secure Gateway Configuration Wizard. Click Start > All Programs > Administration Tools > Secure Gateway Configuration Wizard.
26. Click OK to confirm the product you want to secure.
27. Select the Standard option and click Next.
28. Select the certificate from the list display in the Configuration wizard. The certificate that was installed using IIS should appear in the list. Click Next.
29. On the following screen, use the default option No outbound traffic restriction (unless you need to configure the other advanced options) and click Next.
30. Select the existing Secure Ticket Authority (STA) and click Next.
- Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable