SSL installation in Citrix netscaler
Apr 20, 2023
Before installing SSL certificates on Citrix Application Delivery Controller (ADC) instances, ensure that the certificates are issued by trusted CAs. Also, ensure that the key strength of the certificate keys is 2048 bits or higher and that the keys are signed with secure signature algorithms.
If you haven't generated your certificate and finished the validation process yet, please refer to our
CSR generation instructions
before proceeding with the steps below.
Here are detailed instructions for installing an SSL certificate on a Citrix NetScaler VPX:
-
Log into your NetScaler device console.
-
In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management and then click SSL.
-
On the NetScaler > Traffic Management > SSL page, under Tools, click Manage Certificates / Keys / CSRs.
-
In the Manage Certificates / Keys / CSRs window, click Upload to locate, select, and upload the DigiCertCA.crt file.
-
In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management > SSL and then click Certificates.
-
On the NetScaler > Traffic Management > SSL > SSL Certificates page, click Install.
-
In the Install Certificate window, enter the following information:
|
Certificate-Key Pair Name
*
|
Enter
DigiCertCA
.
|
|
|
|
|
Certificate File Name
*
|
i. In the
Browse
drop-down list, select
Appliance
.
|
|
|
ii. Click
Browse
to browse to and select the
DigiCertCA.crt
file (i.e.
/nsconfig/ssl/DigiCertCA.crt
).
|
|
|
iii. Click
Select
and then click
Open
.
|
|
|
|
|
Key File Name
|
N/A (leave blank).
|
|
|
|
|
Certificate Format
|
Select
PEM
.
|
|
|
The
DigiCertCA.crt
file is .pem formatted; it just uses a .crt extension.
|
|
|
|
|
Password
|
N/A (leave blank)
|
|
|
|
|
Certificate Bundle
|
• If you are using this instruction because you do not have the Certificate Bundle feature in your
|
|
|
Citrix NetScaler VPX, you will not see this option.
|
|
|
• If you are using this instruction because you received a
‘Not sending intermediate certificate’
error,
|
|
|
DO NOT
check this box. Click Create and then click Close.
|
-
Click Create and then click Close.
-
On the NetScaler > Traffic Management > SSL > SSL Certificates page, the DigiCertCA intermediate certificate is added to the list of certificates. You are ready to link your SSL Certificate to the DigiCertCA Intermediate Certificate.
-
On the NetScaler > Traffic Management > SSL > SSL Certificates page, select your SSL Certificate (i.e. Example) and then in the Actions drop-down list, select Link.
-
In the Link Server Certificate(s) window, in the CA Certificate Name* drop-down list, select DigiCertCA and then, click OK.
-
Your SSL Certificate is now linked to its intermediate certificate (DigiCertCA.crt).
You are ready to bind your SSL Certificate to a virtual server.
