Please be advised of a SSL certificate issue when updating or purchasing new SSL Certificates for your Citrix implementations. You will want to ensure that you purchase a SHA1 Cert and not a SHA2 cert which is currently being sold by vendors for a cert set to expire in three (3) years or that expire during or after 2017. You will more than likely have to call your vendor and have them reissue a SHA1 cert that expires at the end of 2016 to ensure that you are functional until Citrix updates their Citrix Receivers to support SHA2 across all products.
Microsoft has announced a new policy for Certificate Authorities (CAs) that deprecates the use of the SHA1 algorithm in SSL and code signing certificates, in favor of SHA2. The policy affects CAs who are members of the Windows Root Certificate Program who issue publicly trusted certificates. It will allow CAs to continue to issue SSL and code signing certificates until January 1 2016, and thereafter issue SHA2 certificates only.

Web Interface 5.4 (and 5.4.2.59, the latest Public version available) DOES NOT support SHA-2 (SHA256) Certificates.
Citrix Secure Gateway (windows) DOES NOT support SHA2 (SHA256) SSL certificates
SHA2 support was introduced with client 12.x

Receiver Client Feature Matrix - http://support.citrix.com/article/CTX104182