-import Adds a certificate to the Secure Gateway server. Use the identifier parameter to
give your certificate a unique label. This label is used to easily identify the
certificate in future.
-filename Specifies the certificate file supplied by the CA, where filename is the location of
the file. If the CA supplies the certificate as two separate files (one file containing
the private key, the other containing plain text information about the certificate)
use the -filename option to specify the location of the file containing plain text
information
-format Specifies the format of the certificate file supplied by the CA. You can import
PEM, NET, DER, PKCS12, and MKS file formats. If you do not specify a format,
the system attempts to auto-detect the format.if it cannot detect the format, an
error message appears.
-keyfilename Specifies the location of the file containing the private key. If the CA supplies the
certificate as two separate files (one file containing the private key, the other
containing plain text information about the certificate), use the keyfilename
parameter to specify the location of the file containing the private key. Note that,
in this case, you use the -filename option to specify the location of the file
containing plain text information.
-dbpassword Specifies a new password to protect the certificate on the Secure Gateway
server. If you include the -dbpassword option, you must use the db-
password parameter to specify the new password. This can be no larger than
255 characters.
-filepassword Specifies the password that the CA uses to protect the certificate file. When a CA
sends you a certificate, the certificate is protected using a password. You need
this password to extract the certificate from the file. The CA may supply this
password in a separate email. If you include the -filepassword option, you
must use the file-password parameter to specify the CA.s password.
Example.theCAemails the server certificate as one file
The CA sends you a signed certificate file in PEM format. You save this file in the
/var/CTXSssl/certs directory on the Secure Gateway server, and call it .file1.pem..
The private key is protected with the password .secret..
To install the server certificate on the Secure Gateway server, using the new
password .confidential. and the identifier .my_certificate., type the command:
ctxcertmgr -import my_certificate -filename
/var/CTXSssl/certs/file1.pem
You are prompted for the db-password .confidential. and the file-password
.secret..
Example.theCAemails the server certificate as two files
The CA sends you the server certificate as two separate files. One file contains plain
text information about the certificate, the other contains the private key that the CA
protects with the password .secret.. The files are in PEM format.
You call the plain text file .file1.pem. and store it in the /var/CTXSssl/certs/
directory. You call the private key file .file2.pem. and save it in a secure directory
that only the root user has access to; for example, /home/ctxssl.
To install the server certificate on the Secure Gateway server, using the new
password .confidential. and the identifier .my_certificate,. type the command:
ctxcertmgr -import my_certificate
-filename /var/CTXSssl/certs/file1.pem
-keyfilename /home/ctxssl/file2.pem
-dbpassword confidential -filepassword secret
Use -dbpassword and -filepassword only if you are including commands in a shell
script.
Notes: These steps were taken from the Solaris Secure Gateway Guide available on the Citrix site at the following link: http://support.citrix.com/kb/entry.jspa?categoryID=186&entryID=3186 For Citrix Secure Gateway 2.0, please see: http://support.citrix.com/servlet/KbServlet/download/4192-102-10983/Secure_Gateway_Checklist.pdf
Goal: Install certificate in Citrix Secure Gateway 1.12 Install certificate in Citrix Install certificate Enable SSL on Citrix
This applies to: (Includes, but not limited to): Install certificate SSL Web Server Certificate Citrix Secure Gateway 1.12 Citrix Secure Gateway Citrix Secure Gateway 2.0 Citrix Solaris Other