How to use intermediate certificates with Access Gateway VPX and an iPad

Issue

When using an SSL certificate that uses an intermediate certificate authority (e.g. Go Daddy), particular trust issues may be seen when using an iPad that are not seen when using a PC web browser.

The error typically seen is:

"Cannot Verify Server Identity
Safari can't verify the identity of cag.domain.com. Would you like to continue anyway?"

Resolution

The intermediate certificate authority certificate must be added to the access gateway VPX and also added to the server certificate chain.

From the Access Gateway admin logon point (https://cag/lp/adminlogonpoint)

- Select Certificates
- Select Import | Trusted (.pem)
- Browse to the file and click Open
- Select the server certificate (e.g. citrix.domain.com)
- Click the Add to Chain button
- Select the intermediate certificate authority and click Add

References

Products

Citrix Web Interface 5.4
Citrix Access Gateway VPX 5.0.2

Created: 8th August 2011
Updated: 8th August 2011


© 2005-2017 Jamie Morrison