Jump to content
Welcome to our new Citrix community!

Netscaler VPX SSL Cert Install

Recommended Posts

Basic steps:

Go to Traffic Management >> SSL.

Go to the All Certificates node is easiest.


If you're cert and key are in a .zip bundle, extract with password as two files.

If you're cert and key are in a .pfx pkcs#12 store, then you can use it directly without extraction.


With extracted files:

Create SSL Certkey

- Give certkey a name:  wc-domain.certkey  (or whatever, a certkey is a cli object that represents the cert-private key pair)

- Set the cert to the cert file you are using. IF still on local system, use the Browse > Local System to browse for file).  Cert points to the <cert file name.crt>

- Set the key filename to the private key file you are using.  Same Browse > Local System as needed.

- Identify key type as PEM, DER, or other

- Then specify password.


The files will be physically uploaded to your appliance in the /nsconfig/ssl/<certs go here> directory.


Once you have the certkey created, you can bind it to lb/vpn/cs vservers etc.






Link to comment
Share on other sites

Here is the Sectigo article on using certs on NetScaler/Citrix ADC. Older version of interface but close enough:



1) Extract the .zip as before.

2) Use the Manage SSL Certs tool on the ADC to upload files to the /nsconfig/ssl directory:  Traffic Management > SSL:  right pane go to "Manage/keys/Upload" certs. From here, you can use "Upload" to transfer the individual files to your ADC.

3) In this pane, you can then VIEW the mydomain.crt and see if the file contains the cert only or both a private key and cert section.  (When you look at this in the viewer you may see both a RSA Key or other KEY section and then digital signing followed by a separate CERT section.  If the file has both a KEY and CERT, then you will create a certkey where both the cert name and key filename points to the same file: mydomain.crt.  If the .crt only has a cert section, then you should have another private key separate.


This mydomain.crt should be your wildcard cert to assign to your resources.


The other certs may be your intermediate or root certs if you need them.



ADC Admin guide on certs:  https://sectigo.com/resource-library/install-certificates-citrix-netscaler-vpx

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...