How to Generate and Install a Public SSL Certificate on a NetScaler Appliance

To generate and install a public SSL certificate, complete the following procedures:

  • Creating an RSA Key
  • Creating a Certificate Signing Request (CSR)
  • Installing the Server Certificate
  • Creating a Certificate-Key-Pair


Creating an RSA Key

You must create an RSA or a DSA key for the NetScaler appliance. Ensure that you have limited access to the private key. You need this key to install a valid certificate you receive from a CA.

To create an RSA key, complete the following procedure:

    1. Log in to the NetScaler appliance by using the nsroot credentials.

    2. In the Navigation pane, select the SSL note.

    3. On the SSL page, click the Create RSA Key link, as shown in the following screenshot:

    4. In the Key Filename field, specify the name for the key file you are creating.

    5. In the Key Size field, specify the size for the key file; such as 1024 or 2048.

    6. Ensure that you select the PEM key format, as shown in the following screen shot:

    7. Optionally select an appropriate PEM encoding algorithm. The selection of the PEM algorithm depends on the organizational policies.

    8. Click Create.

    9. Click Close.

Creating a Certificate Signing Request (CSR)

To create a CSR, complete the following procedure:

    1. Log in to the NetScaler appliance by using the nsroot credentials.

    2. In the Navigation pane, select the SSL note.

    3. On the SSL page, click the Create Certificate Request link, as shown in the following screen shot:

    4. In the Request File Name field, specify the file name of the CSR file.

    5. In the Key File Name, specify the key file name that you have created in the Creating a CSR section.

    6. Ensure that you select PEM as the key format.

    7. Optionally, specify the password, if any, you had specified for the key file.

    8. In the Distinguished Name Fields group, specify the appropriate values, as shown in the following sample screen shot:

    9. Click Create.

    10. Click Close.

    11. Send the CSR file to a CA for signing. This file is located in the /nsconfig/ssl directory. After you send the CSR to a CA, CA issues a server certificate.


Installing the Server Certificate

After you receive the server certificate from the CA, you must install the server certificate from the CA on the NetScaler appliance. To install the server certificate you must upload the server certificate to the appliance and then create a certificate key pair.

To upload the server certificate, complete the following procedure:

    1. Select the SSL node from the configuration utility of the appliance.

    2. Click on the Manage Certificate / Keys / CSRs link.

    3. Click Upload.

    4. Select the server certificate.

    5. Click Close.

Note: You can also copy the server certificate to the /nsconfig/ssl directory on the NetScaler appliance directly by using any third-party file transfer utility such as WinSCP.


Creating a Certificate-Key Pair

To create certificate-key pair, complete the following procedure:

    1. Log in to the NetScaler appliance by using the nsroot credentials.

    2. Expand the SSL node.

    3. Select the Certificate node.

    4. On the Certificates page, click Add.

    5. In the Certificate-Key Pair Name field, specify the certificate-key pair name.

    6. In the Details group, specify the appropriate files names for the certificate and private key, as shown in the following screen shot:

    7. Click Install.

    8. Click Close.