Richard Parmiter

Virtualisation blog and Knowledge Base

  • You are here: 
  • Home
  • Access Gateway Enterprise – ‘page not found’ due to incorrect certificate type

Access Gateway Enterprise – ‘page not found’ due to incorrect certificate type

Posted on February 27th, 2010

I recently came across this problem at a site.

They had an internally generated certificate from their company Root CA. The certificate request was generated and then the cert was applied to the Netscaler 7000 device in the usual way.

When a client device made a connection to the Access Gateway Enterprise site, the browser simply showed a page cannot be displayed message.

Removing the Root CA from the client device was enough to prove that the connection was reaching the Netscaler as it then came up with the certificate warning message, but continuing this also showed page cannot be displayed.

It turns out that an internal documented process for this client was incorrect and the security team had issued an incorrect certificate. Rather than issuing a “webserver” type certificate, they issued an “SSL tunnel terminaltion” certificate. However, because it was still a valid certificate the netscaler showed it as valid – However, it wasn’t valid for the Access Gateway Enterprise connection through and this is why the page cannot be displayed message appeared.

Re-issuing the correct certificate type from the csr request and reapplying to the Netscaler was enough to resolve this.

Note: be careful to double check the cert type being issues by an internal CA.

  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
  • Add to favorites
  • FriendFeed
  • Google Buzz
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • RSS

Tags: , , , , , , ,
Filed under Citrix Access Gateway, Citrix Netscaler |

Leave a Reply