Jump to content
Welcome to our new Citrix community!

Token signing certificate disappears after ADC reboot.


Recommended Posts

Hi,

 

On rebooting our ADC the token signing certificate disappears, and with it authentication profiles, policies and servers (we exclusively use ADFS as authentication mechanism). This happens on both 12.1 and 13.0. As you can imagine it is rather annoying having to rebuild a lot of the configuration after a reboot. The signing certificate was added through cli and shows up in the Unknown Certificates list. The certificate is present in /nsconfig/ssl - unfortunately I didn't check if it was gone from there after the last reboot.

 

Any ideas about the cause of this issue?

 

We use the Hyper-V VPX (on clustered Hyper-V 2012R2), release 13.0 47.24.

Link to comment
Share on other sites

  • 2 months later...

I thought I'd updated this one with the answer, but it seems I'm mistaken.

Root cause: don't add certificates from /tmp. They're gone after a reboot, which should be no surprise. Surprising, to a windows admin at least, is the OS doesn't put them somewhere safe when you add them and creates all the links from there. So all dependant configs are invalid after a reboot.

TLDR: install certificates from nsconfig/ssl.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...