When using Citrix SSL-Relay I received the following error:
I’ve checked all the basic stuff:
- Certificate is installed in the computer account -> [-OK-]
- Private Key is present -> [-OK-]
- FQDN of the Certificate and the server are matching -> [-OK-]
- Certificate Template Version: Windows 2003 Enterprise -> [-FAILED-]
My certificate was issued based on a certificate template with a minimum requirement of Windows 2008 Enterprise PKI. However all PKI Servers ARE Windows Server 2008 R2 Enterprise and issuing the certificates based on the template – there are some major differences within the issued certificate whether the template has a minimum of Windows 2003 Enterprise or Windows 2008 Enterprise – regardless of the Version the issuing CA server is running (CryptoAPI vs. CNG).
So I needed to create another copy of my certificate template but now I’d chosen “Windows Server 2003 Enterprise” as a minimum and issued a new cert for my SSL-Relay Server:
After this, the configuration and activation of SSL-Relay worked like a charm:
Michael has been working for more than a decade as a senior systems engineer for Bechtle AG. Michael has managed mid-size to large-scale infrastructure and virtualization projects with customers in all major industries.