STA Server DOWN When Using HTTPS

1

Quick fly-by post detailing an issue I’ve encountered a number of times and thought I share the resolution.

Issue

When adding an STA server (Secure Ticket Authority) to a NetScaler Gateway vServer and you configure it to use HTTPS for the FQDN URL, the STA server reports as being DOWN. Switching the FQDN to use HTTP instead will establish communications correctly. But you want communications secured.

Resolution

Firstly make sure that you have followed the following Citrix article correctly: http://support.citrix.com/article/CTX200415

If you still have issues, are you using a NetScaler virtual VPX appliance for your NetScaler Gateway vServer? If so, note that the certificate you install on an STA server must have a key size of 2048-bit or less. 4096-bit key sizes are not supported on VPX appliances on back end servers.

From the NetScaler SSL FAQ page on the Citrix product documentation page…

What is the maximum size of the certificate key supported on the Citrix NetScaler appliance? A Citrix NetScaler appliance running a software release earlier than release 9.0 supports a maximum certificate key size of 2048 bits. Release 9.0 and later support a maximum certificate key size of 4096 bits. This limit is applicable to both RSA and DSA certificates.

An MPX appliance supports certificates from 512-bits up to the following sizes:

  • 4096-bit server certificate on the virtual server
  • 4096-bit client certificate on the service
  • 4096-bit CA certificate (includes intermediate and root certificates)
  • 4096-bit certificate on the back end server
  • 4096-bit client certificate (if client authentication is enabled on the virtual server)

A virtual appliance supports certificates from 512-bits up to the following sizes:

  • 4096-bit server certificate on the virtual server
  • 4096-bit client certificate on the service
  • 4096-bit CA certificate (includes intermediate and root certificates)
  • 2048-bit certificate on the back end server
  • 2048-bit client certificate (if client authentication is enabled on the virtual server)

STA Server UP

Share.

About Author

Luke is a Citrix & Microsoft IT consultant based in the UK. His Citrix qualifications include CCE-V, CCP-N and CCP-M. He also holds an MCSA in Windows Server 2012 and is a certified MCITP on Windows Server 2008. He loves cats but hates spiders and the cold.

1 Comment

Leave a Reply...