You need:
To have already bought an SSL Certificate for your domain name.
To have already generated a CSR and to have requested validation from the Certification Authority.
Wait for the Certification Authority to validate your CSR.
Once it is validated, you can download it from your HTTPCS dashboard.
1. Connect to the Citrix server as « nsroot » user with your FTP client and upload the certificate you've just downloaded from your HTTPCS dashboard. You will have to upload these in /nsconfig/ssl.
Don't forget to also upload the private key you've obtained when you've generated your CSR in the same directory.
2. In the Access Gateway configuration manager, go to « SSL » → « Certificates » and click on « Add ».
3. In the « Certificate-Key Pair Name* » field, type a descriptive name for the certificate, for example your domain name.
In « File Location » check the « Remote System » radio button
In « Certificate Filename* », click on « Browse » and select the certificate you've downloaded from your HTTPCS dashboard.
In « Key Filename », click on « Browse » and select the private key corresponding to your certificate.
If you've protected your private key with a password, specify it in the appropriate field.
Finally, click on « Install ».
4. Now, we have to install the intermediate certificate, like in the first step. Upload your intermediate certificate in /nsconfig/ssl directory.
5. In the Access Gateway configuration manager, in the SSL menu, click on « Certificates ». On this page, click « Add ».
6. Fill in the required information like you did previously.
7. Click on « Install ».
8. On the « SSL Certificates » page, select the server certificate you want to be linked to the intermediate certificate and click on « Link ».
9. From the drop-down list, select the intermediate certificate (CA-Intermediate) and click on « OK ».
10. You can now check that your SSL is indeed installed.