Question : Configuring Citrix Secure Gateway / Web Interface for Inside and Outside Users on PS4

Hi

I am struggling more than a month now to get Citrix Secure Gateway/Web Interface working for internet users over the secure channel.

In order to achieve this I have done following things up till now:

1) Installed a machine in DMZ and configured pix firewall accorindgly to allow 1494,80,443,2598 ports.

2) Installed Citrix Web Interface on this server

3) Installed Microsoft Certificate Service (CA) on this server, and generated a server certificate, Issued certificate to FQDN of that server, downloaded certificate chain (.p7b) and imported/installed that certificate into that machine on defatult IIS website on port 444

Note: I am using Microsoft Certificate Service on that server to issue the certificate not third part e.g verisign.

4) I then tested successfully https://FQDN:444 to make sure that the certificate security alert comes up and i can still access published application on LAN.

Now up till here from step 1 to 4 all is ok, after this point the problem start:

5) Installed Citrix Secure gateway on the same machine.

6) Provided the same FQDN server name (as shows on the certificate) in configuring secure gateway for its URL using port 443

7) Selected "Gateway Direct" for access method in the secure gateway.

Now all configuration has completed here.

So i tried to do a test on my LAN, so i went to one of my client machine and tried to access secure gateway via https://FQDN and i logged in successfully and it shows all my published applications as well but when i access any of my published application i get the following error message:

"SSL Error 61: You have not chosen to trust "FQDN name on my secure gateway", the issuer of the server's security certificate."

Please tell me where i am doing things wrong as i am sick and tired now to try to fix this for more than a month now but i want to resolve this issue at any cost.

I also installed certificate on my STA server as well and on client machine as well but no joy! please let me get out of here. Furthermore, i have also followed following two links

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html
http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part2.html

Your help me much appriciated.

Thanks in advance

Answer : Configuring Citrix Secure Gateway / Web Interface for Inside and Outside Users on PS4

Save $30 and spends hours of your, obviously worthless time (according to your boss), and use your own SSL cert. Don't argue with the boss. He obviously knows more than the experts here do. Then we things get to be a royal PITA, buy your $30 certificate.

I will not waste my time arguing over trying to save you $30. Either do what we recommend or what your boss says. He is in charge of your pay so I know who I would follow. Just document our conversations here to CYA when things don't go well.

I will be gone all week so I will not be back on EE for another week.

Random Solutions

The permissions granted to user 'ANU\ASPNET' are insufficient for performing this operation. (rsAccessDenied)

Outlook 2003 duplicating emails.

Alternate Client for Juniper SSG 550

phpList install on Apache server - need help (IMAP + image upload issues)

Exchange server email unavailable until reboot of Domain Controller

Disable Windows Mobile connection dialog

How do I replace a dll-file in the System32 directory?

query to get previous field (similar to crystal 'Previous (fld)' or 'Next(fld)' )

Admin has no rights to files on Server 2000 and can't take ownership

unzipping multiple zips to multiple folders in a batch file