Access Gateway v Secure Gateway

[shuggyb]

I have someone installing Citrix Access Gateway and XenApp. I am not conversant with this technology at the moment.

He wants to install an SSL cerificate on IIS on the box where the web interface is installed then export this and import it to the Access Gateway.

Something strikes me as suspicious about this. Should he not be installing a certificate to the Access Gateway only? Would installing a certificate to IIS only be needed if you were using Secure Gateway instead of Access Gateway?

 

[MicrosoftPays]

Possible scenario...

I might use IIS for a certificate request...get the full cert in response...then export to the device I need the cert on...

CAG and CSG can both be used to proxy connections to Web Interface. That being said...I have used that functionality to eliminate the need for any SSL certs on WI

Internal connections to WI don't use it and CAG (external) based connections to WI are already secured with the cert on CAG itself


hope that helps

 

[scanjam]

There is nothing suspicious about this behaviour at all. Its easier and more flexible to do it on a web server first then convert it to the format the access gateway requries.