Tag Archives: SSL-Relay


Citrix SSL Relay Configuration Error 58

When using Citrix SSL-Relay I received the following error:

I’ve checked all the basic stuff:

  • Certificate is installed in the computer account -> [-OK-]
  • Private Key is present -> [-OK-]
  • FQDN of the Certificate and the server are matching -> [-OK-]
  • Certificate Template Version: Windows 2003 Enterprise -> [-FAILED-]

My certificate was issued based on a certificate template with a minimum requirement of Windows 2008 Enterprise PKI. However all PKI Servers ARE Windows Server 2008 R2 Enterprise and issuing the certificates based on the template – there are some major differences within the issued certificate whether the template has a minimum of Windows 2003 Enterprise or Windows 2008 Enterprise – regardless of the Version the issuing CA server is running (CryptoAPI vs. CNG).

So I needed to create another copy of my certificate template but now I’d chosen “Windows Server 2003 Enterprise” as a minimum and issued a new cert for my SSL-Relay Server:

After this, the configuration and activation of SSL-Relay worked like a charm:

Read More

Citrix SSL Relay Configuration / APPCRASH sslrelayconfig.exe

In some environments, the Citrix SSL Relay Configuration will crash with the following message at startup:

After a little, research I found a Citrix support article that describes my problem:


But from my opinion this is not a Resolution of the real problem – this seems more likely a workaround to me. So I did some further inspections what the root cause of this APPCRASH could be. The Citrix article stated something about a missing friendly name – and viola one of my installed computer certificates had no friendly name.

This is really easy to change and therefore I just entered a friendly name to the certificate within its properties:

Unfortunately, the same error is still present – APPCRASH in sslrelay.exe. So I needed to dive a little deeper. After some further investigations, I realized that the missing Subject causes also problem:

Because all Certificates were issued by our corporate public key infrastructure so we just modified the corresponding template with the following settings on our CA server:

And finally Citrix SSL-Relay Configuration is starting without an error!

Read More