Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2018-05-01 13:04:17.0

SSL/TLS Certificate Installation Guide: Citrix Secure Gateway

Article Number: 46516

User-added image
Purpose: SSL/TLS Certificate Installation Guide
For Citrix Access Gateway (Access Gateway Administration Tool v 4.6.1+)
User-added image

Skip to Installation

Need Certificate Signing Request (CSR) help? Please see our technote on how to generate a CSR in Citrix Secure Gateway here.

Before you begin...

  • Never share private key files. 

  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).

  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.

  • For more information on SSL/TLS Best Practices, click here.

Installing your Entrust SSL/TLS Certificate on Citrix Secure Gateway

 1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that includes your Server Certificate, the Entrust Intermediate certificate and the Entrust Root certificate. Extract the files from the zip file.

2. On the server, go to Start > Run > type MMC and hit enter. 

3. Click File > Add Remove Snap-in.
 

4. Select Certificates and click Add.

5. Select Local Computer and click Finish.

6. Click Close.

7. Expand Certificates on the left hand side of the console window.

8. Expand the Trusted Root Certification Authorities folder and click on the Certificates sub-folder.

9. Important: Check the list of Trusted Root Certificates to see if there is a root labeled Entrust Root Certification Authority - G2.  If this root is present, delete the root from the list. You will install another root certificate and chain your certificate to that root to provide backwards compatibility with older devices that do not include the newer Entrust SHA-2 root certificate.

10. Right click on the Certificates sub-folder under Trusted Root Certification Authorities and select All Tasks > Import.

11. In the import wizard, browse to the Root.crt file downloaded in step 1 and complete the wizard.

12. In the MMC console, expand the Intermediate Certification Authorities folder. Right click on the Certificates sub-folder and select All Tasks > Import.

13. In the import wizard, browse to the Intermediate.crt file downloaded in step 1 and complete the wizard. You should see your Entrust Intermediate certificate listed in the Intermediate Certification Authorities folder. You are now ready to install your signed server certificate.

14. Launch the Internet Services Manager (IIS Manager) by clicking Start > All Programs > Administrative Tools > Internet Information Services.

15. Right-click your Web site from the left preview pane and select Properties.



16. Select the Directory Security tab and click on the Server Certificate button.



17. Click Next in in the IIS certificate wizard.

18. Select Process the pending request and install the certificate and click Next.



19. Browse to the location of the ServerCertificate.crt file that you download in step 1 and click Next.

20. Specify your SSL port (in the majority of cases, the default SSL port 443 is used) and click Next.

21. Review the wizard summary and click Next to complete the server certificate import process.

22. Click Finish.

23. Now that you have imported your server certificate and chain, you must assign the certificate using the Secure Gateway Configuration Wizard. Click Start > All Programs > Administration Tools > Secure Gateway Configuration Wizard.
 

24. Click OK to confirm the product you want to secure.




25. Select the Standard option and click Next.




26. Select the certificate from the list display in the Configuration wizard. The certificate that was installed using IIS should appear in the list. Click Next.




27. On the following screen, use the default option No outbound traffic restriction (unless you need to configure the other advanced options) and click Next.

28. Select the existing Secure Ticket Authority (STA) and click Next.

Your SSL/TLS certificate installation is complete.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN7807

Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable