Installing of server certificate into SSL Relay server(Windows TSE)

  1. Install IIS to SSL Relay server
  2. Launch IIS and create a new key using Key Manager, put request into a txt file. Enter and confirm password when prompted, eg. TEST(ensuring that Common Name is the SSL Relay server name)
  3. Launch web browser. Point URL to certification server(Windows 2000 Server install with CA services)
  4. Select “Request a certificate”
  5. Select “Advance request”
  6. Select “Submit a certificate request using a base64 encoded….”
  7. Open the key txt file. Copy all the content from “---BEGIN NEW CERTIFICATE REQUEST---“ to “----END NEW CERTIFICATE REQUEST---“ and paste the content to the “Saved Request” box.
  8. Click “Submit”
  9. Select “Base 64 encoded” and “Download CA certificate”
  10. Launch Key Manager
  11. Highlight on the key, right-click and select “Install Key Certificate”
  12. Locate the downloaded certificate. Enter the password when prompted, eg. TEST.
  13. Once the key certificate is installed, highlight on the key again and select “Export Key” follow by “Backup File”
  14. Enter file name, eg. TSE.KEY
  15. Rename filename from TSE.KEY to TSE.PFX
  16. Copy TSE.PFX to c:\wtsrv\sslrelay directory
  17. At the command prompt, go to c:\wtsrv\sslrelay directory and type the following: keytopem tse.pfx tse.pem. When prompted for password, enter the same one as Key Manager, eg. TEST
  18. Copy tse.pem to c:\wtsrv\sslrelay\keystore\certs directory
  19. Launch web browser and point URL to cetification server. Select “Retrieve the CA certificate …”
  20. Select “DER encoded” and click “Download CA certificate”
  21. Save file to c:\wtsrv\keystore\cacerts of WEB SERVER!!
  22. Launch SSL Relay Configuration
  23. At the Relay Credentials, select “TSE” for server certificate and enter password, eg. TEST
  24. At the Connection tab, change Relay Listening Port if required, eg 8090. Edit the port of Metaframe server and XML service listening port, eg.8080
  25. Go to Web/Nfuse Web Extension server. Create a new Nfuse web page using Web Site Wizard.
  26. Click “Override Default Citrix Server”. Change server name and port to match Metaframe server, eg. TSE, 8080
  27. Click “Enable SSL”, enter “TSE” for Relay Server and “8090” for port.
  28. Select default for other options.
  29. Launch web browser and point URL to newly publish Nfuse website