In this tutorial, we will show you how to generate a CSR in NetScaler.
In NetScaler, you must first create an RSA key (private key) and then generate your CSR request.
Step 1. Log into your NetScaler account
Step 2. Create an RSA Key
- From the top menu, select the Configuration tab, then in the right side tree menu expand Traffic Manager and click SSL
- On the main page, navigate to SS Keys and click on Create RSA Key
- In the Create RSA Key window, provide the information as shown below:
- Key Filename*: enter a name for your RSA file. (e.g., key)
- Key Size(bits)*: the industry standard size is 2048-bit
- Public Exponent Value: from the drop-down list, select 3, the default value
- Key Format*: from the drop-down list, select the PEM format
- PEM Encoding Algorithm: this field is optional. If you leave it blank, you won’t need to submit and confirm a Passphrase in the following fields
- PEM passphrase: if you’ve selected a DES or DES3 PEM encoding algorithm in the field above, please create a password for your RSA Key
- Confirm PEM Passphrase: re-enter your password. If you left the PEM Encoding Algorithm field blank, skip this field.
Double check the info you’ve just entered and click OK and then Close.
Step 2. Initiate the CSR generation
- After creating your RSA private key, return to the Netscaler console
- Go to Configuration > Traffic Management > SSL
- On the main page locate SSL Certificates and click on Create CSR (Certificate Signing Request)
Step 3. Fill in your CSR info
A new window will open. Please fill in the information as shown below:
- Request File Name*: enter a name for your CSR file (e.g., csr)
- Key File Name*: from the Browse drop-down list, select Appliance, then click Browse to locate the RSA key file (key) you’ve just created in the previous steps. Click Select, then Open
- Key Format: check the PEM option button
- PEM Passphrase (For Encrypted Key): if your RSA key has a password, enter it here; otherwise, skip this field
Next, complete the Distinguished Name Fields:
- Country*: from the drop-down list, pick the country where your company is registered
- Organization Name*: specify your company’s official name. For example, Your Company, Inc.)
- Email Address: provide a valid email address
- Common Name: enter the FQDN (fully qualified domain name) that you want to secure with an SSL Certificate. For example, yoursite.com
Note: If you have a wildcard certificate, include an asterisk in front of the domain name (e.g., *.yoursite.com)
- State or Province: write the full name of the state where your company is registered
- City: enter the full name of the city where your company is located
- Organization Unit: enter the department in charge of your SSL Certificate. For example, IT or Web Administration
- Challenge Password: create a password and write it down, you will need it during the SSL installation
- Company Name: enter your company name, or leave this field blank
Step 4. Generate the CSR
Double check the info you’ve just provided and click OK then Close
View your CSR code
- In the NetScaler console, go to Configuration > Traffic Management > SSL
- On the main page, under Tools, select Manage Certificates/Keys/CSRs
- In the newly opened window find yoursitename.csr file and click View
Now you can copy the content of your CSR file, including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and past it into your SSL Certificate order form.
Wait for CA to approve and sign your certificate. Once you’ve received the SSL files on your inbox, you can install the SSL certificate in NetScaler.