Question:
I’m trying to create a pfx file for wildcard cert *.example.com in Citrix Netscaler but I am Failing to do so. Ive crosses checked with the following directions. What am I doing wrong?
http://www.digicert.com/csr-creation-ssl-installation-citrix-netscaler.htm#netscaler_vpx_create_csr
Short Answer:
That is because Citrix Netscaler cannot create pfx files.
Netscaler cannot Create pfx format files.
It creates pem apache format.
Netscaler systems do on the other hand have the ability to import a pfx file, but that pfx file has to be created from a server or application that has the ability to create a pfx. A pfx or also known as a p12 – pkcs#12 is a keystore file that stores the public key – SSL certificate along with the private key and any chaining intermediate CA certificates. Windows IIS/Exchange systems use pfx files for their encryption.
So in a scenario where a wildcard certificate is being used in a organization *.example.com and that SSL Certificate needs to be applied to multiple different systems its best to plan ahead and know what type of SSL Certificate keypair format those systems will need.
If I already know I have a Windows IIS system (using pfx files) that is going to use a wildcard certificate I should first create my csr keypair from the IIS system. After enrolling for an SSL certificate and getting it issued I would install the SSL Certificate back into the IIS system then export the SSL Certificate as a pfx file and then Import the pfx which would contain he private key into the Netscaler.
How to move certificate from Windows to Citrix Netscaler?
https://www.sslsupportdesk.com/move-certificate-windows-citrix-netscaler/
If you think you can create a CSR keypair from a Netscaler and get a pfx file to import into a WIndows IIS system then you are going to have a bad time. Its best to do it the other way around First creating the keypair/csr on windows and then export/import into Netscaler.
Posted by:
Dominic Rafael
Senior Lead IT Engineer
Be sure to Subscribe!!