[THIN] Re: Comodo cert on a CAG 4.5.6 Standard

  • From: Durf <stygmata@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Mon, 9 Feb 2009 22:57:55 -0500

I'll try that next time - I wound up breaking down and going with RapidSSL,
which worked correctly the first time.  FWIW, they have a free crossgrade
offer going specifically for Comodo customers.  RapidSSL was completely
painless, aside from some incorrect WHOIS information causing problems with
validation.
thanks,
--Durf

On Mon, Feb 9, 2009 at 9:47 PM, Rick Mack <ulrich.mack@xxxxxxxxx> wrote:

> Hi,
>
> Try the following:
>
> Citrix Access Gateway SSL certificate installation:
>
>    1.
>
>    In the "Administration Tool," select the "Access Gateway Cluster" tab
>    and then open the window for the appliance.
>    2.
>
>    Under "Administration," select select "Browse" next to "Upload a .crt
>    signed certificate."
>    3.
>
>    Browse to the your_domain_com.crt file that you received and click
>    "Open."
>
>    You can alternately install the your_domain_com.crt file through the
>    "Administration Portal" by clicking "Maintenance," "Add a signed 
> certificate
>    (.crt)," and then browsing to the file.
>
>    After installing the primary server certificate (which will enable SSL
>    encryption), you will need to upload the TrustedRoot.crt and
>    IntermediateCA.crt files to the device (which will allow for the 
> certificate
>    to be trusted).
>    4.
>
>    Open your TrustedRoot.crt and IntermediateCA.crt files in a text editor
>    (such as Wordpad).
>    5.
>
>    Copy the contents of the TrustedRoot.crt file below the last line of
>    the IntermediateCA.crt file as figured below:
>
>    -----BEGIN CERTIFICATE-----
>    (Your Intermediate certificate: IntermediateCA.crt)
>    -----END CERTIFICATE-----
>    -----BEGIN CERTIFICATE-----
>    (Your Root certificate: TrustedRoot.crt)
>    -----END CERTIFICATE-----
>     6.
>
>    Save the combined file as Chain.pem
>    7.
>
>    From the "Access Gateway Cluster" tab, open the window for the
>    appliance.
>    8.
>
>    From the "Administration" tab, select the option to "Manage trusted
>    root certificates."
>    9.
>
>    Click "Upload Trusted Root Certificate." Find the chain.pem file and
>    then click "Open."
>
> regards,
>
> Rick
>
> --
> Ulrich Mack
> Quest Software
> Provision Networks Division
>
>> Am I totally missing something, or does the CAG just have problems with
>> intermediate certs? I've followed the various KB articles about pasting in
>> the intermediate cert's certificate into a text file along with your server
>> cert, but whatever I do the CAG just doesn't want to accept it, with the
>> generic 'validation failed' log message. I've reissued the cert with new
>> CSR's twice now. Does anyone have any insights before I take advantage of
>> RapidSSL's free competitive upgrade offer?
>>
>> -- Durf
>
>
>
>
>


-- 
--------------
Give a man a fish, and he'll eat for a day.
Give a fish a man, and he'll eat for weeks!

Other related posts: