[THIN] Re: Comodo cert on a CAG 4.5.6 Standard

  • From: Rick Mack <ulrich.mack@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Tue, 10 Feb 2009 12:47:00 +1000

Hi,

Try the following:

Citrix Access Gateway SSL certificate installation:

   1.

   In the "Administration Tool," select the "Access Gateway Cluster" tab and
   then open the window for the appliance.
   2.

   Under "Administration," select select "Browse" next to "Upload a .crt
   signed certificate."
   3.

   Browse to the your_domain_com.crt file that you received and click
   "Open."

   You can alternately install the your_domain_com.crt file through the
   "Administration Portal" by clicking "Maintenance," "Add a signed certificate
   (.crt)," and then browsing to the file.

   After installing the primary server certificate (which will enable SSL
   encryption), you will need to upload the TrustedRoot.crt and
   IntermediateCA.crt files to the device (which will allow for the certificate
   to be trusted).
   4.

   Open your TrustedRoot.crt and IntermediateCA.crt files in a text editor
   (such as Wordpad).
   5.

   Copy the contents of the TrustedRoot.crt file below the last line of the
   IntermediateCA.crt file as figured below:

   -----BEGIN CERTIFICATE-----
   (Your Intermediate certificate: IntermediateCA.crt)
   -----END CERTIFICATE-----
   -----BEGIN CERTIFICATE-----
   (Your Root certificate: TrustedRoot.crt)
   -----END CERTIFICATE-----
   6.

   Save the combined file as Chain.pem
   7.

   From the "Access Gateway Cluster" tab, open the window for the appliance.

   8.

   From the "Administration" tab, select the option to "Manage trusted root
   certificates."
   9.

   Click "Upload Trusted Root Certificate." Find the chain.pem file and then
   click "Open."

regards,

Rick

-- 
Ulrich Mack
Quest Software
Provision Networks Division

> Am I totally missing something, or does the CAG just have problems with
> intermediate certs? I've followed the various KB articles about pasting in
> the intermediate cert's certificate into a text file along with your server
> cert, but whatever I do the CAG just doesn't want to accept it, with the
> generic 'validation failed' log message. I've reissued the cert with new
> CSR's twice now. Does anyone have any insights before I take advantage of
> RapidSSL's free competitive upgrade offer?
>
> -- Durf

Other related posts: