Access Gateway Enterprise – ‘page not found’ due to incorrect certificate type
Posted on February 27th, 2010
I recently came across this problem at a site.
They had an internally generated certificate from their company Root CA. The certificate request was generated and then the cert was applied to the Netscaler 7000 device in the usual way.
When a client device made a connection to the Access Gateway Enterprise site, the browser simply showed a page cannot be displayed message.
Removing the Root CA from the client device was enough to prove that the connection was reaching the Netscaler as it then came up with the certificate warning message, but continuing this also showed page cannot be displayed.
It turns out that an internal documented process for this client was incorrect and the security team had issued an incorrect certificate. Rather than issuing a “webserver” type certificate, they issued an “SSL tunnel terminaltion” certificate. However, because it was still a valid certificate the netscaler showed it as valid – However, it wasn’t valid for the Access Gateway Enterprise connection through and this is why the page cannot be displayed message appeared.
Re-issuing the correct certificate type from the csr request and reapplying to the Netscaler was enough to resolve this.
Note: be careful to double check the cert type being issues by an internal CA.
Tags: Access Gateway, CAG EE, CAG Enterprise, cert, certificate, Citrix Netscaler, enterprise, page cannot be found
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Citrix Access Gateway Enterprise Edition scope and limitations for end point scanning rule base
Posted on September 11th, 2008
Citrix Access Gateway Enterprise Edition scope and limitations for end point scanning rule base
This is based on my findings with CAG Enterprise Edition 8.1 build 58.5.
- Pre-requisites
- Internet Explorer
- End Point Analysis Policies
- Pre-Authentication policies
- Authorization policies
- Session policies
- Allowing access to some applications through CAG
- Trust XML Requests
- Restricting access to specific applications
- Allowing any Connection for an application
- Allowing some connections for an application – tied to session policies
- Applying a Citrix Policy based on the outcome of an EPA scan
- Testing
Tags: Analysis, CAG EE, CAG Enterprise, CAG Enterprise Edition, End Point Analysis, end point scans, EPA, limitations, scan, scope
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Types of End Point Analysis policy rules that can be enabled in Citrix Access Gateway Enterprise Edition
Posted on September 4th, 2008
Types of End Point Analysis policy rules that can be enabled in Citrix Access Gateway Enterprise Edition
This information has been taken directly from the help file for CAG Enterprise Edition v 8.1 build 58.5.
- Built in Rules
- Expression Type Rules
- General Expressions
- Client Security Expressions
- Network Based Expression
Tags: build 58.5, CAG EE, CAG Enterprise, CAG Enterprise Edition, End Point Analysis, endpoint scan, EPA, policy, policy rules, rules
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Retaining CAG EE logon page customisations
Posted on August 18th, 2008
It is possible to customise the Citrix Access Gateway Enterprise Edition (CAG EE) logon page to add a privacy notice or a logo, for example.
Customisation details are located here: CTX117277
However, when the Netscaler device is booted, the customisations you have made are overwritten by the default logon page. I am not sure why this happens as it’s a bit silly and really annoying – especially if you don’t know this before you reboot the device…
Tags: CAG Enterprise, Citrix Netscaler, customisation, html, logon page, modified, retain, retaining
Filed under Citrix Access Gateway | No Comments »
How to Configure Group Extraction when Using RSA with CAG Enterprise Edition
Posted on August 11th, 2008
How to Configure Group Extraction when Using RSA with Steel-Belted RADIUS
Originally posted here: CTX115467
Used with:
- RSA SecurID 6.1.1
- CAG Enterprise Edition (Netscaler 7000) 8.1 58.5
Tags: CAG, CAGEE, Citrix Access Gateway, Citrix Netscaler, CTX115467, group extraction, RSA SecurID, SecurID
Filed under Citrix Access Gateway, Citrix Netscaler, RSA SecurID | No Comments »