Jump to content
Welcome to our new Citrix community!

Help with always-on VPN

Recommended Posts


My cusotmer is using wild card server certificate for vpn gw url signed by public CA...its working fine and he is able to connect through VPN.


He want to setup always-on vpn but i am not sure for client certificate on user machine:

1. Should I create new CSR and get it signed with public/internal CA? What should be value for CN, ORG etc ?

2. Can't we use same wild card server cert for client machine which we have used for VPN gw url? Just for testing.

3. Can't we use self-signed cert by Netscaler for testing ?


Please suggest how can it be tested easily?




Link to comment
Share on other sites

Just to be clear- you are talking about the wild card server certificate which is fine, but then are you asking about client certificate auth?

Note that server certs aren't the same thing (such as used to validate www.citrix.com) aren't the same thing as client cert auth where you would need to issue client certificate issued by a trusted root CA (or if not trusted you have to install the root CAs on client machines)

You can certainly do testing with self-signed certificate but you will have to install the root CA on the client machines so they are trusted.  


You are mixing server certs and client certificates so I just want to make sure I am understanding what you are saying.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...