Jump to content
Welcome to our new Citrix community!

SSL certificate question


Chris Craddock

Recommended Posts

Martin,

 

Thank you for the response. Would you be willing to expand on when either of them should be used? I am not clear on what scenarios the CA cert binding would be used vs the cert link. Is the cert link used during client/server SSL/TLS negotiation and the Netscaler provides the server cert along with the intermediate cert it is linked to to the client? 

 

Thank you

Link to comment
Share on other sites

Cert link builds a chain that is sent to the client. The chain should include all intermediates, but not the root. The client will then link the intermediate with a locally installed root to verify trust.

 

CA cert binding is for client certificates. When you bind a CA cert to a vServer, and if client authentication (client cert) is enabled in the SSL Profile, then when a client connects, the vServer sends the CA cert to the client so the client will filter its list of client certiifcates for only those client certs that are signed by the CA. The vServer also only accepts client certs signed by the CA.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...