When working with Netscaler certificate you’ve probably been confused by all the articles around OpenSSL to convert exist or new certificates to be in a Netscaler compatible format.
In this example I’m going to show you how you convert and import a Comodo Positive SSL certificate. This is a $7,95 certificate which are perfect for a lab or a Netscaler PoC in parallel to an existing Access Gateway VPX / Citrix Secure Gateway solution.
I’m not going to cover how to create the CSR from the Netscaler, that’s done perfectly over at this Citrix blog post : NetScaler for the XenDesktop XenApp Dummy.
Netscaler Build 10.0.69.4
If you’re running the latest build of the Netscaler be aware of the Save config issue bug. To resolve this you’ll need to first add your license file and then reboot before you can save any configuration.
Let’s get started
So let’s start with the Netscaler certificate that you’ve received from Comodo or your preferred Certificate Authority.
First you need to rename your certificate.cer to certificate.p7b so you can open the certificate itself. Double click the P7b file and then open your FQDN certificate.
Select the Details tab and select Copy to File…
For the format select Base-64 encoded X.509 (.CER)
And save your FQDN certificate. Repeat this for all the other root or intermediate certificates.
Now upload your certificates to Netscaler.
Then head over to the SSL – Certifcates node and install the certificates.
Comodo Positive SSL have 2 root certificates, so you’ll need to link Root1 to FQDN and then link Root2 to Root1.
The final step is to add the Certificate to your Access Gateway Virtual Server.
Now it’s time to save the configuration and head over to the Access Gateway FQDN to test that everything works.
PS : I’ve now started to add Netscaler and CloudGateway training to xenapptraining.com.
3 thoughts on “Netscaler Certificate – The fastest way”
I was just going through your excellent article. Can you please elaborate on the linking of root1 to FQDN and root2 to root1 ?
That’s normally CA root or intermediate certificates that needs to be linked to be delivered automatically.
Thanks Trond for the info. This really clarified the cert install for me!