Renewing the SSL on a Citrix Xenapp’s server

My Manager went on vacation this week leaving me with the duty of installing an up to date SSL on our secure gateway. I was on vacation the week before her and I do not think she renewed the certificate using IIS. She did somehow however obtain new certificates which are titled server cert_entrustcert, Chain cert_L1Cchain, Root cert_L1Croot, and Entrust remote certificate.

The last time we installed certificates we had to contact our Software Contractor to help with the process because we let the certificate expire and I do not remember how he did it. So now I am left to scramble because the certificate expires 7/6/2012 at midnight. Also add to the problem that I can’t contact our contractor without my manager’s permission and I can’t install these certificates until 7/6 because that will be the one day of this week when the all the remote people are in the office.

So I am left with two options which are to do it on my own or let the certificate expire which creates more problems and would mean no remote connections over the weekend or Monday morning.

Would it be as simple as to right click on the certificates and select install or is it more complicated than that? We are using Citrix Xenapp (don’t know which version) on a Windows 2003 server..

3 Replies

Mel9484 Jul 05, 2012 at 08:42 AM

This would depend on what type of SSL certificate you have. I had a QuickSSL Premium certificate renewal from GeoTrust. Took me few hours to get it right. If you are renewal the certificate from some 3rd party vendor, they always have detailed instructions about the renewal process.

Dianne4702 Jul 05, 2012 at 09:08 PM

Are you sure that your manager didn’t use IIS to renew the certificate as we have always had to go through IIS to request the new certificates and then to install them.

As Mel9484 said depending on where your certificates were obtained you should be able to get instructions on how to install the new certificates.

Also once you have installed the new certificate you will need to make sure that the Citrix secure gateway is pointing to the new certificate. It depends on which version of Citrix you have to exactly what you need to do but you should be able to find help on the Citrix website.

Computer MD Jul 09, 2012 at 05:00 AM

After about 6 agonizing hours, several phone calls, and several emails I was able to figure it out how to implement the SSL. I finished this at 1700 and good thing too because the old SSL expired at 1940 and not midnight like I thought.

1. I found that the people who issued the last SSL had only to renew it with Entrust and did not need me to send them a new request.

2. I had to use MMC to install the new SSL manually in the Personal section of the Certificate store.

3. I had to remove the old SSL from IIS and install the new one

4. I had to use Citrix Secure Gateway Configuration Wizard to assign the SSL to Citrix but ran into a snag when the program said it was unusable

5. After some more research I found that the new SSL did not have a “Private key” on the certificate. I followed the procedures on and assigned the key.

6. I ran the Citrix Secure Gateway Configuration Wizard again and this time it accepted the certificate.

Note: One thing I did remember from last year is that if you put the SSL in IIS it has to be a different SSL port number (in this case 444) then the number in Citrix (443). Otherwise there would be a conflict.