Flaming - Technical Support Birmingham and Solihull IT support solihull west midlands
Flaming Support
Follow

SSL Installation - Citrix Secure Gateway

Install SSL Web Server Certificate in Citrix

You can install a server certificate on the Secure Gateway server using the ctxcertmgr command.
You install a certificate from the response file that you receive from the CA.
Server certificates are installed in the /var/CTXSssl/certs directory.

How you install a certificate depends upon whether you used ctxcertreq to generate the certificate request or not.

If the Certificate Request Is Generated Using ctxcertreq:

If you use ctxcertreq to generate a certificate request, ctxcertreq generates a private key and prompts you for a password to protect the file. When you receive the signed certificate from the CA, you need to install the certificate on the Secure Gateway server and match it to the private key and password.
To do this, you use ctxcertmgr to install the certificate and include the -response option.
The -response option indicates that the certificate is a response to a certificate request generated using ctxcertreq.
A new certificate is created and stored on the Secure Gateway server.

To install a server certificate requested using ctxcertreq

1. Log on as the root user at the Secure Gateway server.

2. At the command prompt, type:
ctxcertmgr -response filename [ -dbpassword db-password ] where filename specifies the certificate file supplied by the CA.

The following table describes the options:
Example.Installing the certificate Using ctxcertreq, a new certificate request file is generated with the identifier citrix.
A private key is also generated and the password .secret. specified to protect the file.
The new certificate is received from the CA, and it is saved in the /tmp/certs directory on the server.

To add the certificate to the Secure Gateway server and match it to the private key and password, type:

ctxcertmgr -response /tmp/certs/cert.pem

You are prompted to enter the db-password .secret..

If the password entered is valid, the newly signed server certificate is imported into the Secure Gateway certificate store as /var/CTXSssl/certs/citrix.pem.


Option Usage
-response Specifies the certificate is a response to a certificate request generated using
ctxcertreq.

-dbpassword Specifies the password used to protect the certificate on the Secure Gateway server.
This is the database password you supplied when you ran ctxcertreq.
If you include the -dbpassword option, you must use the db-password parameter to specify the new password, which should be a maximum of 255 characters in length.

Note that this option is used only if you are including commands in a shell script;
otherwise you are prompted for the password.
Using -dbpassword displays the password on the terminal and enters it into the users command line history.

If the Certificate Request Is not Generated Using ctxcertreq

If you generated the certificate request using a tool other than ctxcertreq, use ctxcertmgr with the -import option to install the certificate.
To install a server certificate not requested using ctxcertreq

1. Log on as the root user at the Secure Gateway server.

2. At the command prompt, type:

ctxcertmgr -import identifier -filename filename [-format format ] [ -keyfilename key-filename ] [ -dbpassword db-password ]
[ -filepassword [ file-password ]

Powered by Zendesk