Citrix Access Gateway Certificate Format

I got a call a few days ago to renew the certificate on a Citrix Access Gateway appliance.

The appliance was very - and I mean very - old so I had my hands full...

After I found out that the proper software for management was installed on the Web Interface servers, I requested the certificate in PFX format in order to get the private key too and scheduled the change for after hours since it requires a restart of the devices.

When I tried to install the certificate, the appliances refused to accept it. Then I recalled an article I've read a long time ago, where the author mentioned that the certificate has to be in PEM format and not PFX.

After a google search, I found this article on the Citrix Knowledge Center that describes the process of converting a PFX file to PEM for that purpose.

All you have to do is to download the openssl binaries and execute the following command in order to convert the file:
openssl pkcs12 -in c:\certs\yourcert.pfx -out c:\certs\cag.pem –nodes

You should change to the directory where openssl.exe is located for the above command to work, or just provide the full path to openssl.exe.

Popular posts from this blog

Domain Controller Machine Password Reset

Configuring a Certificate on Exchange Receive Connector

Running Multiple NGINX Ingress Controllers in AKS