Citrix Secure Gateway Certificates

Just ran into an interesting problem at work. We use the Citrix Secure Gateway (CSG) to allow remote users to access Citrix through the web. This tunnels the Citrix ICA traffic (which is normally on TCP port 1493) through port 443. Our certificate on the IIS server was expiring soon so I had renewed and installed it a couple of weeks back and everything appeared to be working.

Today we started getting calls from users who were getting SSL errors after they had authenticated on the Web Interface page and tried to launch a Citrix session. After quickly verifying that the IIS certificate was indeed the new one and doing an iisreset to no effect I did a quick Google search and discovered that not only do you have to install the certificate on IIS, you also have to configure CSG to use the new certificate.