I've been searching here, technet and google but haven't been able to find an answer to my question yet.
I have a website running on IIS 7, Server 2012 R2. The IIS serves as an access to our Citrix farm. Connecting using https, I have created an SSL certificate using our CA server (certificate is for Citrix.contoso.com (internal FQDN for server)). But, users will try and connect using just https://Citrix which will generate a certificate error. So my question is: Is it possible, for the certificate to work for both Citrix and Citrix.contoso.com? If so, how do I manage to do this?
A fundamental underlying principal of certificates is trust. Trust requires identifying the parties involved (server and/or client), by specifying a fully-qualified name. A single-label name does not fulfill the identity requirement, and therefore cannot be trusted. Certificate Authorities should not issue and applications should not trust single-label names.
You should not use single-label names to connect to services that use certificates, you should use the fully-qualified name that matches the certificate instead.
Yes, is possible.
You need to create a certificate with two Subject Alternative Names (SAN) fields. One with "citrix" and the other with "citrix.contoso.com". I would keep the CN to citrix.contoso.com but have in mind that the CN field is ignored if your certificate has SAN fields. To create a certificate with SAN fields follow Microsoft instructions How to Request a Certificate With a Custom Subject Alternative Name