Import and install certificates in Citrix Secure Access app

December 19, 2023

Important:

Starting from release 23.11.1, Citrix SSO for iOS is renamed to Citrix Secure Access. We are updating our documentation and the UI screenshots to reflect this name change.

For administrator-specific instructions on Citrix Secure Access for iOS, see Citrix Secure Access for iOS and Citrix Secure Access for macOS.

Citrix Secure Access on iOS supports client certificate authentication with NetScaler Gateway. Certificates can be delivered to the Citrix Secure Access in the following ways:

MDM server - Preferred approach for MDM customers. Certificates are configured directly on the MDM-managed VPN profile. Both VPN profiles and certificates are then pushed to enrolled devices when the device enrolls into the MDM server. Follow MDM vendor-specific documents for this approach.
Email - Only approach for non-MDM customers. Administrators send an email with the User Certificate identity (Certificate and private key) attached as a PKCS#12 file to users. Users must have their email accounts configured on their iOS device to receive the email with an attachment. The file can then be imported to the Citrix Secure Access on the iOS.

Note:

File name extensions .pfx and .p12 are claimed by the iOS system and cannot be claimed by third-party apps such as Citrix Secure Access. Therefore, administrators must change the Extension/MIME type of the user certificate, from standard .pfx or .p12 to .citrixsso-pfx or .citrixsso-p12 respectively.

Open the email with the user certificate identity (certificate and private key) attached as a PKCS#12 file.
- Tap on the attachment to reveal the system OpenIn menu.
- Tap Copy to Citrix SSO.
Install certificate in Citrix Secure Access.

The app is now launched and a prompt for the certificate passphrase is displayed. Enter the correct passphrase for the certificate to be installed into the app’s keychain and click Import.

Upon successful validation, the certificate is imported.
Use certificate-based authentication with VPN.
- To use the certificate for VPN authentication, you must first create a VPN configuration or a profile on Citrix Secure Access.
  - Navigate to the VPN Connections view and tap Add VPN Configuration.
  - On the configuration view of the VPN profile, you can select the imported certificate in the Certificates section.
- Tap Save to import the certificate.
Manage certificates.

To manage the certificates imported into Citrix Secure Access navigate to the Certificates tab in Main Menu.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Import and install certificates in Citrix Secure Access app

December 19, 2023

Import and install certificates in Citrix Secure Access app

In this article