Monday, February 9, 2009

[THIN] Re: Comodo cert on a CAG 4.5.6 Standard

Hi,
 
Try the following:
 
Citrix Access Gateway SSL certificate installation:
  1. In the "Administration Tool," select the "Access Gateway Cluster" tab and then open the window for the appliance.

  2. Under "Administration," select select "Browse" next to "Upload a .crt signed certificate."

  3. Browse to the your_domain_com.crt file that you received and click "Open."

    You can alternately install the your_domain_com.crt file through the "Administration Portal" by clicking "Maintenance," "Add a signed certificate (.crt)," and then browsing to the file.

    After installing the primary server certificate (which will enable SSL encryption), you will need to upload the TrustedRoot.crt and IntermediateCA.crt files to the device (which will allow for the certificate to be trusted).

  4. Open your TrustedRoot.crt and IntermediateCA.crt files in a text editor (such as Wordpad).

  5. Copy the contents of the TrustedRoot.crt file below the last line of the IntermediateCA.crt file as figured below:

    -----BEGIN CERTIFICATE-----
    (Your Intermediate certificate: IntermediateCA.crt)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (Your Root certificate: TrustedRoot.crt)
    -----END CERTIFICATE-----

  6. Save the combined file as Chain.pem

  7. From the "Access Gateway Cluster" tab, open the window for the appliance.

  8. From the "Administration" tab, select the option to "Manage trusted root certificates."

  9. Click "Upload Trusted Root Certificate." Find the chain.pem file and then click "Open." 

regards,

Rick

--
Ulrich Mack
Quest Software
Provision Networks Division

Am I totally missing something, or does the CAG just have problems with intermediate certs? I've followed the various KB articles about pasting in the intermediate cert's certificate into a text file along with your server cert, but whatever I do the CAG just doesn't want to accept it, with the generic 'validation failed' log message. I've reissued the cert with new CSR's twice now. Does anyone have any insights before I take advantage of RapidSSL's free competitive upgrade offer?

-- Durf



No comments: