Jump to content
Welcome to our new Citrix community!

SSL Client Authentication without verify signature

Recommended Posts



I'm trying to configure a SSL vserver with client authentication using X.509 certificates.

I followed the guide at this URL https://docs.citrix.com/en-us/netscaler/12/ssl/config-client-auth.html and I found a note with the follow sentence :


Note: For the appliance to verify issuer signatures, the certificate of the CA that issued the client certificate must be installed on the appliance and bound to the virtual server that the client is transacting with.


I have a test certificate issued by an Italian CA authority and if import the CA root certificate it's work well.


But for production I need to setup all Italian CA authorities (more than 40 entries CA root entries) and I have experience that with Internet Explorer browser in SSL session if I have more than 20 acceptable CA during SSL negotation then browser crash (I don't know if someone have the same experience).


So, the question is:


It's possible to configure NetScaler for ignore the certificate signature verification and give the check of certification validity to application that are in backend (using certificate in HTTP Header) ?


Thank you.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...