CITRIX NETSCALER VPX: CREATE CSR AND INSTALL SSL CERTIFICATE
INSTALL SSL CERTIFICATE USING CITRIX NETSCALER VPX
I. NETSCALER VPX: HOW TO CREATE AN RSA KEY:
In order to create your CSR, you first need to create an RSA Key.
1. Go to your NetScaler device console account.
2. Within the NetScaler console, click the Configuration option, and open the Traffic Management menu. Then, Select SSL.
3. Once you are on the SSL window, Select Create RSA Key located under the SSL Keys heading.
4. Within the Create RSA Key page, type in the necessary RSA key fields:
KEY FILENAME: This is the name that you make for your RSA key, and what name you will save it as.
KEY SIZE: Set the key size as 2048 bits.
PUBLIC EXPONENT VALUE: Select 3 (Hex: 0x3) or F4 (Hex: 0x10001) from the menu. This works with your cipher algorithm in order to establish your RSA key, and you can leave it as the default if you want.
KEY FORMAT: PEM is the format you want to look for and select here.
PEM ENCODING ALGORITHM: This is optional, but you can choose DES or DES3 to encrypt your key. You do not have to have a password if you leave this option empty.
PEM PASSPHRASE: This is required if you chose to encrypt your information, you do not need this if you left PEM Encoding Algorithm empty.
CONFIRM PEM PASSPHRASE: Type in the passphrase again to confirm it. This is not needed if you left PEM Encoding Algorithm empty.
5. After that is all filled out, select OK and choose Close.
II. NETSCALER VPX: HOW TO CREATE YOUR CSR
1. Within the NetScaler console, Select Configuration and click on the Traffic Management menu. Then, Select SSL.
2. After you have selected SSL, locate SSL Certificates, and press Create CSR.
3. Next, within the Create CSR page type in all the necessary information:
REQUEST FILE NAME: Make a file name for your request.
KEY FILENAME: Locate the browse list, and click on Appliance. Then, Select Browse to select your RSA key file. After that, press Select and touch Open.
KEY FORMAT: Choose the PEM format for your SSL Certificate.
KEY FORMAT *: Choose PEM for this as well.
PEM PASSPHRASE (FOR ENCRYPTED KEY): This is not required if you left PEM Encoding Algorithm empty when you created your RSA key.
4. Type in the information required within the Distinguished Name Fields:
COUNTRY NAME: Make sure to use the two digit code for your country without any punctuation.
STATE OR PROVINCE: Type in the state or province where your organization is located.
ORGANIZATION NAME: Type in the name that is legally registered with the organization. Be aware that you cannot use special characters, so you must either spell out the character or omit it.
CITY: Type in the city where the organization is located.
EMAIL ADDRESS: This is the email that you may provide where you may be contacted, this is optional.
ORGANIZATIONAL UNIT: This is the name of the department that will be using the CSR.
COMMON NAME: This represents the qualified domain for the CSR.
5. Next, find the Attribute Fields option and type in the necessary information:
CHALLENGE PASSWORD: Create a password, and remember it for later.
COMPANY NAME: Type in the name of your company, this is optional here.
6. After you have entered in that information, Select OK and Close.
7. Within the NetScaler console, Select Configuration, and click on Traffic Management. Once that menu is listed, Select SSL.
8. On the SSL window, listed beneath Tools, Select Manage Certificates/Keys/CSRs.
9. Then, you need to click your CSR and Select View.
10. Next, you will need to copy and paste the text of your CSR into the DigiCert order form. Be sure to include —-BEGIN NEW CERTIFICATE REQUEST—AND—END NEW CERTIFICATE REQUEST—-.
TIP: Be sure to choose Citrix (Other) when prompted to “Select Server Software.”
11. Once you get your SSL Certificate, you are able to install it.
III. CITRIX NETSCALER VPX: INSTALL YOUR SSL CERTIFICATE
HOW TO DOWNLOAD YOUR COMBINED SSL AND INTERMEDIATE CERTIFICATE .PEM FILE:
1. First, access your DigiCert Management Console.
2. Second, locate the My Orders option and click the order number that corresponds with the SSL certificate.
3. Then, locate the Manage Your Certificate Order window, and within the Server Certificate window, Select Download.
4. Next, under the Download Certificate window, click Other Format, and choose “A single .pem file containing all the certs except for the root.” Then, Select Download.
5. Then, Save the newly merged .pem file for your SSL Certificate.
IV. NETSCALER VPX: HOW TO INSTALL YOUR SSL CERTIFICATE:
1. First, access your NetScaler device console.
2. Once on the NetScaler console page, Click Configuration, and Select Traffic Management, then press SSL.
3. From the SSL option, Select Manage Certificates/Keys/CSRs.
4. Then, find your SSL Certificate .pem file and select Upload.
5. Go back to the Configuration option, and Select Traffic Management. Once the menu appears, press SSL, and select Certificates.
6. Next, Select Install.
7. Once in the Install Certificate page, type in the required information:
CERTIFICATE-KEY PAIR NAME: Make a name for your certificate.
CERTIFICATE FILE NAME: From the Browse menu, Click Appliance. Then, choose browse to find your SSL Certificate file. Then, press Select and Open.
KEY FILE NAME: From the Browse menu, click Appliance. Then, choose browse to find your RSA key file. Then, press Select and Open.
CERTIFICATE FORMAT: Click PEM.
PASSWORD: Type in the password you created for your CSR.
CERTIFICATE BUNDLE: Select the button next to this. If you need a Certificate Bundle, install your certificate and then follow the directions in the image below.
NOTIFY WHEN EXPIRES: Click Enabled to be alerted before your certificate expires.
NOTIFICATION PERIOD: Choose the amount of days prior you want to be notified
about expiration date.
8. Select Create and press Close.
9. Within the SSL Certificates window, you will see your SSL and your Intermediate Certificates shown under certificates. The SSL certificate will be shown as the name you created, and your Intermediate is shown with the name you chose plus _ic1 added to it. Your SSL will be the only certificate shown if you do not have the Certificate bundle option. Without the Certificate Bundle, you will have to install the DigiCertCA Intermediate Certificate before adding your SSL to your virtual server.
HOW V. TO VERIFY THE SSL AND INTERMEDIATE CERTIFICATES ARE LINKED:
1. Find the NetScaler window, select Traffic Management, then SSL, and SSL Certificates. Then, choose your SSL Certificate.
2. Then, under the Actions menu Click Cert Links.
3. Within the SSL Certificate Links page, your CA Certificate Name for your SSL is listed as the _ic1 file.
VI. HOW TO BIND YOUR SSL CERTIFICATE TO A VIRTUAL SERVER:
1. Go to the NetScaler console, and Select Configuration. Then, choose NetScaler Gateway and Select Virtual Servers.
2. From the Virtual Servers window, Click the virtual server that you want to bind your certificate to and Select Open.
3. Then, in the Configure NetScaler Gateway Virtual Server page, choose Certificates, and within the Available menu Click your SSL Certificate. Then, Select Add.
4. Under the Configured list, Click the old certificate used to configure the virtual server. Then, Select Remove.
5. Select OK.
6. Still on the Virtual Servers window, Select Save icon/symbol on the upper right side of the window.
7. Lastly, you have now completed the configuration and installation process. It is a best practice to check your that it was successful by accessing your website, and testing it via this link: https://www.digicert.com/help/
VII. NETSCALER VPX: HOW TO INSTALL THE DIGICERTCA INTERMEDIATE CERTIFICATE:
HOW TO DOWNLOAD THE DIGICERTCA INTERMEDIATE CERTIFICATE:
1. Access your DigiCert Management Console.
2. Then, click the My Orders option and choose the order number for your Citrix NetScaler VPX SSL Certificate.
3. Next, under the Manage Your..Certificate-Order window, listed beneath the Server Certificate icon, Select Download.
4. Within the Download Certificate window, Select Download or Copy/Paste Individual Certificates.
5. Select the Intermediate Certificate icon.
6. Be sure to Save the DigiCertCA.crt file to your NetScaler device.
VIII. HOW TO INSTALL THE INTERMEDIATE CERTIFICATE:
1. Access your NetScaler device console.
2. Within the NetScaler console, Click Configuration, and Select Traffic Management menu and then press SSL.
3. On the SSL page, listed beneath Tools, Select Manage Certificates/Keys/CSRs.
4. After that, Click Upload to find and upload your DigiCertCA.crt file.
5. Back on the NetScaler window, Click Configuration, and choose Traffic Management to view the menu and choose SSL. Then, Select Certificates.
6. From the SSL Certificates window, Select Install.
7. Under the Install Certificate page, type in the required information:
CERTIFICATE-KEY PAIR NAME: Type in DigiCertCA
CERTIFICATE FILE NAME: From the Browse list, Click Appliance. Then, Select Browse to click the DigiCertCA.crt file, and press Select and tap Open.
KEY FILE NAME: Leave this field empty.
CERTIFICATE FORMAT: Choose PEM format.
PASSWORD: Leave this field empty.
CERTIFICATE BUNDLE: This option will not appear if you do not have the Certificate Bundle feature in your Citrix NetScaler VPX. Do not check this box if you received a message that says “Not Sending Intermediate Certificate.”
NOTIFY WHEN EXPIRES: Leave this field empty.
8. Select Create and then Close.
9. From the SSL Certificates window, you will see your intermediate certificate listed. You are now able to combine your SSL and your Intermediate certificates.
IX. HOW TO LINK YOUR SSL CERTIFICATE TO THE INTERMEDIATE CERTIFICATE:
1. Start on the NetScaler page, and Select Traffic Management, Click SSL and then SSL Certificates. Then, Click your SSL from the list under the Actions option and Click Link.
2. Next, within the Link Server Certificate page under the CA Certificate Name menu and choose DigiCertCA. Then, Select OK.
3. Lastly, your SSL Certificate and Intermediate Certificate have been successfully linked.
INSTALL SSL CERTIFICATE USING CITRIX NETSCALER VPX
Back To Guides