Installing and linking a Intermediate Certificate for Access Gateway Enterprise
A common issue that I run into with customers is when they install a certificate to use on the Access Gateway Enterprise (AGEE), most CAs use intermediate certificates that are chained to the server certificate. If the clients that are connecting aren’t updating their root certificates from their OS vendor, this can be a challenge since the client won’t be aware of the intermediate certificate therefor it won’t trust the it. Since it won’t trust it, the connection will fail and prevent the user from connecting to the AGEE.
I clipped this right out of the Access Gateway Enterprise Admin Guide which can be downloaded here: http://support.citrix.com/article/CTX121640
To install an intermediate certificate
1. In the configuration utility, in the navigation pane, expand SSL and click Certificates.
2. In the details pane, click Add.
3. In Certificate-Key Pair Name, type the name of the certificate.
4. Under Details, select either Local Computer or Appliance.
5. Next to Certificate File Name, click Browse to navigate to the certificate on your computer or on the Access Gateway.
6. In Certificate Format, select PEM.
7. Click Install and click Close.
When you install an intermediate certificate on the Access Gateway, you do not need to specify the private key or a password.
After the certificate is installed on the appliance, the certificate needs to be linked to the server certificate.
To link an intermediate certificate to a server certificate
1. In the configuration utility, in the navigation pane, expand SSL and click Certificates.
2. In the details pane, select the intermediate certificate and click Link.
3. Next to CA Certificate Name, select the certificate from the list and click OK.
