Jump to content
Welcome to our new Citrix community!

Installing certificate in Netscaler - the right way


Bit-101

Recommended Posts

Object: Netscaler 13


I have received various suggestions on what is right and wrong, but I am convinced that you know this.

I have a certificate issued from our CA, which is a web server certificate called "examplecertificate".


I have the certificate in the following variants and formats as below: -
1. "examplecertificate" with an embedded key. A .p12 certificate. (you must provide a password when installing it in NetScaler)
2. "examplecertificate" in pem-format with a separate key file (you must provide a password when installing it in NetScaler)
3. "examplecertificate" in pem-format with a so-called no-key file (you do not need to provide a password when installing it in NetScaler)

 

If you unsure, please try to try to answer which of the options 1- 3 is completely wrong

 

Additionally, someone has said  "..no you shall only use that .pfx format with embedded key".


I´ve done this a few times before in Netscaler  for about 5 or 6 year ago, but I dont remember how I did back then and if something
changed since.

The problem is that when I try to install the certificate in .p12-format and in pem-format Netscaler is complain about:
Invalid private key or PEM pass phrase requiered for this private key
To now more about the error please click here  
(its not possible to click here in our environment becuase of security reason)
I know the password, so thats not the problem. It´s something else.

I really appreciate your answer

 

 

 

Edited by Bit-101
Completion of th issue
Link to comment
Share on other sites

9 hours ago, Carl Stalhood1709151912 said:

On Windows, double-click the .pfx and import it. After import, go to the certificates snap-in and export it with private key. Give it a simpler password. Try importing that to the NetScaler.

I install certificate in Netscaler all the time and I always generate my CSR using windows for simplicity, when the public CA return me the certificat I import it on the same windows machine and then export it with the public key in PFX. After that I import in the Netscaler (import PKCS#12 option under SSL menu). Make sure the password is less than 31 character as the Netscaler refuse password longer than that for certificate. once imported you can use the "install certificate menu" to create your certificate using the newly created file (not the pfx) by choosing the same file for the key and the certificate in the wizard menu.

Edited by Dany Demers
cleared explanation
  • Like 1
Link to comment
Share on other sites

Thanks for you answer. 
There seems like every person does install certificate by their own working method.

Ok, but I have always done a install  of certificate and a separate key in pem-format with password since Netscaler 12.XX something.

Never imported it into Storefront and then make the key exportable and then export it and then install it in Netscaler.

Option number 3 did work for me
(This worked, and I´m suprised that option number 2 did not work.)
3. "examplecertificate" in pem-format with a so-called no-key file (you do not need to provide a password when installing it in NetScaler)

But this worked in my Lab, so I hope it´s works "in live conditions".


:0)

Link to comment
Share on other sites

On 2/3/2024 at 1:33 PM, Peter Fällman said:

Thanks for you answer. 
There seems like every person does install certificate by their own working method.

Ok, but I have always done a install  of certificate and a separate key in pem-format with password since Netscaler 12.XX something.

Never imported it into Storefront and then make the key exportable and then export it and then install it in Netscaler.

Option number 3 did work for me
(This worked, and I´m suprised that option number 2 did not work.)
3. "examplecertificate" in pem-format with a so-called no-key file (you do not need to provide a password when installing it in NetScaler)

But this worked in my Lab, so I hope it´s works "in live conditions".


:0)

Be careful if the certificate that you import has no private key it will not be usable. Make sure you actually install the certificate in your lab using the certificate wizard step 4

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...