Citrix Netscaler VPX (10) Loadbalancer – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server Citrixwhere your Certificate Signing Request (CSR) was created.

Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system.

To install your SSL certificate on Citrix Netscaler 10 & 10.5 perform the following.

Step 1: Downloading your SSL Certificate & its Intermediate CA certificate:

  1. If you had the option of server type during enrollment and selected Other you will receive a x509/.cer/.crt/.pem version of your certificate within the email. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the x509 version of your certificate.
  2. Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer Ensure there are no white spaces, extra line breaks or additional characters.
  3. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .pem
  4. If your intermediate CA certificate for your product is not in the body of the email you can access your Intermediate CA also in a link within that email. Copy and paste the contents of your Intermediate CA into its own Notepad file and save it with a .pem extension also.
    Note: Some CAs may require two intermediates for best compatibility. These two are to be copied within their own corresponding .pem files and installed one at a time in a repeated process for intermediate installation.

Step 2: Uploading your SSL Certificate & Intermediate CA:

  1. Log in to the Netscaler console..
  2. On the Configuration tab, in the tree menu, expand Traffic Management and then click SSL
  3. Click on the Manage Certificate / Keys / CSRs link.
    Netscaler Manage Certificates
  4. On the Manage Certificates you will see a list of all your certificates that have been previously uploaded into the Citrix Netscaler appliance.
  5. Click Upload.
    Netscaler Certificate upload
  6. A navigation window will pop up. Navigate to the location of your SSL certificate and click Open to import your SSL Certificate.
  7. Repeat Steps 5 & 6 again to import your Intermediate CA certificate file.

Step 3: “Installing” your SSL certificate:

After you have imported your SSL certificate then you will have to Install it into the Netscaler Appliance by performing the following.

  1. Back under Configuration > Traffic Management > SSL.
  2. Click Certificates.
  3. Click Install.Citrix Installing Certificate
  4. In the Install Certificate page perform the following..
    1. In the Certificate-Key Pair Name* field specify any name you wish for this keypair installation.
    2. Under Certificate File Name* click Browse.
    3. In the File Browser pop up window browse to the SSL certificate you just installed in step 2 of these instructions and click Open.
    4. Under Key File Name click browse.
    5. In the File Browser pop up window browse to the key file you created back during CSR generation. (Usually this will be a .key file created on the day you generated your csr) and then click Open.
    6. Under Certificate Format leave it selected at PEM.
    7. In the Password filed specify the password associated with your key file.
      Note: If you did not specify a password for your .key file when it was created then ignore this field.
    8. Click Install.
      Netscaler_Install_Certificate
  5. You will be sent back to the Certificate page and should see your new SSL certificate listed.

Congrats you have installed your SSL certificate.

Step 4: “Installing” your Intermediate:

Now that your Intermediate CA has been uploaded in step 1 it then needs to be installed.

  1. Back under Configuration > Traffic Management > SSL.
  2. Click Certificates.
  3. Click Install.
    Citrix Installing Certificate
  4. In the Install Certificate page perform the following…
    1. Under Certificate-Key Pair Name* specify the name for your intermediate, any name will do.
    2. Under Certificate File Name click Browse., and browse to the intermediate file you imported into the Netscaler in step 1.
    3. Click Install.
      NetScaler intermediate Install
      Note: If you get the following error: Resource already exists {certkeyName Contents, Intermediate] it means that your intermediate has already been installed. Possibly due to a prior installation. Click OK  to go back to the SSl Certificates page and continue to Step 5: Linking your SSL Certificate to your Intermediate.
      Netscaler_Error_Resource_already_exists
  5. You should now see that your Intermediate has now been installed. You can click on it to see more information.
    Netscaler intermediate install 2

Step 5: Linking your SSL Certificate to your Intermediate:

In order to have your SSL Certificate trusted on major operating system you will have to manually form a link between your SSL Certificate and its Intermediate CA Chaining Certificates that help with Trust.

  1. Click your Installed SSL Certificate to highlight it.
  2. Under the Action drop down menu click Link.
    Netscaler certificate linking
  3. In the Link Server Certificate(s) page under CA Certificate Name* you should see the name of the Intermediate CA file you installed.
  4. This means that Netscaler has been able to recognize the intermediate that can chain to your SSL Certificate.
  5. Click OK to establish the link.

Congrats you have linked your SSL Certificate to your Intermediate for Optimum trust capabilities for your SSL Certificate.

Step 6: Binding your SSL Certificate to its Virtual Host.

  1. In your Citrix Netscaler Appliance under configuration go to NetScaler Gateway > Virtual Servers.
  2. In order to edit a website virtual server click on the website you need to update and click Edit.
    Note:
    If you need to add a a new virtual server to Netscaler click Add and then follow the VPN Virtual Server wizard to set up your new website.
    Netscaler_Edit_Previous_Binding._
  3. When you Edit your website under Certificate is where you will Assign your installed SSL Certificate & your Intermediate CA Certificate.
  4. Click Server Certificate.
    Editing_your_netscaler_virtual_server
  5. In the SSL Virtual Server Certificate Binding pop up page Click Add Binding.
    Note:
     You may see a certificate already bound to the Virtual Server. when you click Add Binding you will receive a confirmation to unbind the previous certificate. Click Yes, and then click Add Binding again after the previous certificate has been removed.
    SSL_Virtual_Server_Binding
  6. On the Server Certificate binding page under Select Server Certificate click the Click to select.
    netscaler_server_certificate_binding
  7. In the next pop up window select your newly installed SSL Certificate.
  8. Once selected click OK.
  9. Click Bind.
    Bind
  10. Click Close.
  11. Click Done.

Your SSL certificate is now installed and configured for its website.

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports Citrix Netscaler.

Citrix Support
For more information, see Citrix Support website.

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »