How to Install an SSL Certificate on NetScaler

This tutorial provides step by step instructions on how to install an SSL Certificate on NetScaler. You will also  discover the best place to shop for SSL certificates.

Table of Contents

1. How to generate a CSR code in NetScaler?
2. How to install an SSL Certificate in NetScaler?
3. Test your NetScaler SSL installation
4. Where to buy an SSL Certificate for NetScaler?

How to generate a CSR code in NetScaler?

The CSR (Certificate Signing Request) code contains your contact data in a block of encoded text that you need to submit to your CA (Certificate Authority) as part of SSL validation.

You have two options:

1. Use our CSR Generator to create the CSR automatically.
2. Follow our step-by-step tutorial on how to generate CSR in NetScaler.

Copy the content of your CSR file, including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and past it into your SSL Certificate order form.

Wait for CA to approve and sign your certificate. Once you’ve received the SSL files on your inbox, you can continue with the installation.

How to install an SSL Certificate on NetScaler?

To activate the SSL encryption on NetScaler, first, you have to install the certificate, and then bind it to your virtual server.

Step 1. Prepare your SSL certificate files

Download the ZIP archive folder that your CA sent you, and extract your primary (.crt file)  and intermediate certificates (.ca-bundle file).

You will have to upload the intermediate certificate as a separate file and then link your SSL Certificate to it.

Step 2. Install your SSL certificate

1. Log into your NetScaler account
2. Navigate to Configuration, expand Traffic Management and select SSL
3. On the main page, under Tools, click Manage Certificate/Keys/CSRs
4. In the new window, click Upload, and import your primary certificate (the .crt file) and the certificate chain or CA Bundle (the .ca-bundle file).
5. Return to the Configuration tab in the NetScaler Console, and go to Traffic Management > SSL > Certificate
6. On the main page, click the Install button
7. In the Install Certificate window provide the following details:
   • Certificate-Key Pair Name: enter a name for your SSL certificate
   • Certificate File Name: click Browse and choose the .crt file you just uploaded.
   • Key File Name: click Browse to locate your RSA key file (.key) that was generated along with the CSR code.
   • Certificate Format: check the PEM option button
   • Password – leave this field blank if no passphrase was assigned to the Private Key during its generation.
   • Certificate Bundle: do not check this box as you’ll install the bundle separately
   • Notify When Expires: enable this feature to receive notifications when your SSL Certificate is close to the expiry date
   • Notification Period: specify how many days in advance before the certificate expires you want to be notified
8. Click Install. Now it’s time to upload the CA Bundle.

Step 3. Install the CA Bundle

Go back to Configuration > Traffic Management > SSL > Certificates and click Install.

Fill just the following two fields:

• Certificate-Key Pair Name – enter a name for your intermediate (CA Bundle) certificate.
• Certificate File Name – click Browse and select the .ca-bundle file you uploaded along with the end-entity certificate (the .crt file) before.

Note: If you receive the following error message: Resource already exists {certkeyName Contents, Intermediate], it means that the CA Bundle is already installed on the server. You can ignore this message and continue with the SSL configuration.

After the intermediate certificate is installed, you can find it in the certificate list of the Certificates section of the SSL tree menu.

Step 4. Link your primary SSL certificate and the CA Bundle

1. On the Link Server Certificates page, locate the name of the CA Bundle file in the CA Certificate Name section.
2. Click OK to connect the primary certificate to the CA Bundle.

Now, all that’s left is to bind your SSL certificate with the Virtual host for successful configuration.

Step 5. Bind your SSL Certificate to a Virtual Server

1. In the NetScaler Console, click on the Configuration tab, then expand NetScaler Gateway and click Virtual Servers
2. Next, on the main page, choose your website from the list of servers and click Edit.
3. Now, click on Server Certificate to configure binding for the uploaded SSL.
4. On the pop-up page, click Add Binding. If an old SSL certificate is already bound to the virtual server, you will receive a confirmation to unbind the previous cert. Click yes and continue with the configuration.
5. On the Add Binding section, click on the Select Server Certificate field and select the newly installed SSL
6. Click Bind to complete the SSL configuration on Citrix NetScaler VPX.

Congratulations, now you know how to install an SSL Certificate on NetScaler.

Test your NetScaler SSL Installation

After you install an SSL Certificate on NetScaler, it’s important to check your configuration for potential errors or vulnerabilities. You can do this efficiently with the help of high-end SSL tools. Pick software from the linked article, to get instant scans and reports on your SSL Certificate.

Where to buy an SSL Certificate for NetScaler?

The best place to get an SSL Certificate for NetScaler is from SSL Dragon. We offer great prices and discounts on the entire range of our SSL products. We’ve carefully selected the best SSL brands on the market to ensure bulletproof protection. All our SSL certificates are compatible with NetScaler.

To help you choose the perfect SSL certificate, we developed two exclusive SSL tools. Our SSL Wizard needs just a couple of seconds to find the best SSL deal for your website. On the other hand, the Advanced Certificate Filter lets you sort and compare various SSL certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.