Skip to content

How to Generate and Install a Public SSL Certificate on a NetScaler Appliance

June 25, 2013

This article contains information about generating and installing a public Secure Socket Layer (SSL) certificate.

Background

To generate the necessary keys and files for a public SSL certificate, you need to create a Rivest, Shamir and Adleman (RSA) or Digital Signature Algorithm (DSA) key, create a Certificate Signing Request (CSR) which is then sent to public Certificate Authority (CA), such as VeriSign. After you receive the server certificate from the CA, you can install it on the required appliance.

Note: There are variations to the process of installing a private certificate, which are self-signed by the NetScaler appliance itself.

Generating and Installing a Public SSL Certificate

Note: The screen shots in this article are with reference to NetScaler software release 9.3 and earlier. The Graphical User Interface for NetScaler software release 10 and later is different. However, the procedure is the same for NetScaler software release 10.

To generate and install a public SSL certificate, complete the following procedures:

Creating an RSA Key

You must create an RSA or a DSA key for the NetScaler appliance. Ensure that you have limited access to the private key. You need this key to install a valid certificate you receive from a CA.

To create an RSA key, complete the following procedure:

  1. Log in to the NetScaler appliance by using the nsroot credentials.
  2. In the Navigation pane, select the SSL node.
  3. On the SSL page, click the Create RSA Key link, as shown in the following screenshot:

  1. In the Key Filename field, specify the name for the key file you are creating.
  2. In the Key Size field, specify the size for the key file; such as 1024 or 2048.
  3. Ensure that you select the PEM key format, as shown in the following screen shot:

  1. Optionally select an appropriate PEM encoding algorithm. The selection of the PEM algorithm depends on the organizational policies.
  2. Click Create.
  3. Click Close.

Creating a Certificate Signing Request (CSR)

To create a CSR, complete the following procedure:

  1. Log in to the NetScaler appliance by using the nsroot credentials.
  2. In the Navigation pane, select the SSL node.
  3. On the SSL page, click the Create Certificate Request link, as shown in the following screen shot:

  1. In the Request File Name field, specify the file name of the CSR file.
  2. In the Key File Name, specify the key file name that you have created in the Creating an RSA Key section.
  3. Ensure that you select PEM as the key format.
  4. Optionally, specify the password, if any, you had specified for the key file.
  5. In the Distinguished Name Fields group, specify the appropriate values, as shown in the following sample screen shot:

  1. Click Create.
  2. Click Close.
  3. Send the CSR file to a CA for signing. This file is located in the /nsconfig/ssl directory. After you send the CSR to a CA, CA issues a server certificate.

Installing the Server Certificate

After you receive the server certificate from the CA, you must install the server certificate from the CA on the NetScaler appliance. To install the server certificate you must upload the server certificate to the appliance and then create a certificate key pair.

To upload the server certificate, complete the following procedure:

  1. Select the SSL node from the configuration utility of the appliance.
  2. Click on the Manage Certificate / Keys / CSRs link.
  3. Click Upload.
  4. Select the server certificate.
  5. Click Close.

Note: You can also copy the server certificate to the /nsconfig/ssl directory on the NetScaler appliance directly by using any third-party file transfer utility such as WinSCP.

Creating a Certificate-Key Pair

To create certificate-key pair, complete the following procedure:

  1. Log in to the NetScaler appliance by using the nsroot credentials.
  2. Expand the SSL node.
  3. Select the Certificate node.
  4. On the Certificates page, click Add.
  5. In the Certificate-Key Pair Name field, specify the certificate-key pair name.
  6. In the Details group, specify the appropriate files names for the certificate and private key, as shown in the following screen shot:

  1. Click Install.
  2. Click Close.
About these ads

From → Citrix-Xen App

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: