Dec 13, 2010 Open a Case. Open a ticket online for technical assistance with troubleshooting, break-fix requests, and other product issues. Open a Case Online. The NetScaler software consists of an SSL tools suite that enables you to generate private keys, certificate requests, and certificates. In addition, this suite can be used to create Certificate Authorities or use the pre-installed NetScaler Root Authority and create server certificates and client certificates. To automatically backup SSL certificates and receive notification when the certificates are about the expire, deploy NetScaler Management and Analytics System. Also see Citrix CTX213342 How to handle certificate expiry on NetScaler. You can also export the certificate files and use them on a different NetScaler. Create Key and Certificate Request. To avoid downtime, you can use the update feature to replace a certificate-key pair that is bound to an SSL virtual server or an SSL service, without first unbinding the existing certificate. Overview diagram of how to update an SSL certificate on the NetScaler appliance. Update an existing certificate-key pair by using the CLI. A Self-signed SSL Certificate (mostly used for test purposes) is needed to be able to test NetScaler’s SSL Offloading feature internally (in a non-production environment). This guide helps you to set up the self-signed certificate on NetScaler.
On the NetScaler Traffic Management SSL SSL Certificates page, select your SSL Certificate (i.e. Example) and then in the Actions drop-down list, select Link. In the Link Server Certificate(s) window, in the CA Certificate Name. drop-down list, select XYZRSACA and then, click OK.
This article describes how to export certificates from a NetScaler appliance as a PFX file to use on another host.
You must have a working installation of the OpenSSL software and be able to execute openssl from the command line. The OpenSSL is also available from the NetScaler shell prompt and Configuration Utility.
To export certificates from the NetScaler appliance as a PFX file for use on another host, complete the following procedure:
Obtain the relevant certificate and key file from the NetScaler and place in a local directory of the workstation. All the certificate and key files are in nsconfig/ssl directory.
Certificates from NetScaler can be obtained by use of WinScp.
Windows 7 ultimate 32 bit key generator free download. Open a command line interface and change the directory to the location of the OpenSSL executable (in <drive>:opensslbin by default).
Type the following (pfx used in this example):
C:OpenSSLbin>openssl pkcs12 -export -in <yourcertificatename.cer> -inkey <yourcertificatekey.key> -out <desiredfilename.pfx>
- yourcertifcatename.cer is the certificate name present on the NetScaler.
- yourcertificatekey is the key associated with certificate yourcertificatename.
- desiredfilename is the name that you want to assign to the PFX file.
Type Export Password: <enter desired pfx pwd here>
Verifying - Enter Export Password: <confirm pwd>
To export certificates from the NetScaler appliance as a PFX file for use on another host, complete the following procedure:
Obtain the relevant certificate and key file from the NetScaler and place in a local directory of the workstation.
Navigate to Traffic Management > SSL, click on Manage Certificates / Keys / CSRs.
Click the certificate that you want to download and choose Download. This step is optional as isn't possible to export certificates and private keys directly from the appliance without downloading them.
Navigate to Traffic Management > SSL > Export PKCS#12.
Choose the output file name for PFX file.
Choose the certificate and key stored in the local disk (if you followed Step 2) or from the appliance.
Fill out the export password and press ok.
See OpenSSL documentation for complete options and details.