Citrix Secure Gateway – Replace or Upgrade Certificate


Many Citrix Secure Gateway implementations are old and based upon 1024 bit encryption. So when you get the email notification about your certificate soon expires you find out that it’s no longer possible to renew a 1024 bit certificate.

The procedure for creating a new 2048 bit or higher is quite fast and simple as long as you know how to do it. Below I show you the way.

First off create a new website, in the example above I’ve used the name NewCertSite.

Then right click the new site, select Properties and navigate to the Directory Security tab.

Click Server Certificate and then complete a new request as you normally would do with the same FQDN as before.

Finally start Citrix Secure Gateway Configuration Wizard and select the new certificate. If you’re unsure just click the View button to see the certificate information.

Warning: Any active connections to the Citrix Secure Gateway will be closed when you save the new configuration. If you’re upgrading remotely make sure you have e.g. an active TeamViewer session with the Secure Gateway server.

Resources : 


Automation Framework Community Edition

The fastest way to build your lab environment.

Virtual Expo

Friday 30th of September 2022

3 thoughts on “Citrix Secure Gateway – Replace or Upgrade Certificate”

  1. Hi!

    Is there any known compatibility issues, or the 2048bit cert works well with all version of CSG?

    Thanks a lot!


Leave a Comment