Citrix NetScaler - Certificate installation

Immediately after being issued, your SSL certificate will be sent to you by email. It is also possible to download the certificate from the Control Panel. The file containing the certificate will have the same name as the domain name it is meant for (for example: www_sslcertificaten_nl.crt).

Keypair installation

  1. Save your certificate and private key in a location that the Citrix NetScaler can reach.
  2. Login to the management tool for your Citrix NetScaler.
  3. Navigate via the menu via SSL to Certificates.
  4. Click on the details panel on Add (Toevoegen)
  5. Enter a name for the certificate in the Install Certificate screen, next to the Certificate-Key Pair Name, like your domainname.
  6. Click under Details next to Certificate File Name on Browse (Appliance), and select your certificate on the location it was stored and click Select.
  7. Click under Details next to Private Key File Name on Browse (Appliance), and select your private key on the location it was stored and click Select.
  8. Enter the password that your private key is protected with, when required.
  9. Click on Install.
  10. Doubleclick on the newly installed certificate and check under Certificate Details if it was installed correctly.

Installing Root and Intermediate certificates

  1. Login to the management tool for your Citrix NetScaler.
  2. Navigate via the menu via SSL to Tools.
  3. Click below the details-panel on Manage Certificates/Keys/CSRs.
  4. Click on Upload and select the root certificate.
  5. Enter a new name for the certificate and click save.
    Note: repeat the above actions for the intermediate certificate(s).

Linking certificates

  1. Select your own (domain) certificate on the SSL page, and click on Link.
  2. Select the intermediate above your certificate from the list, and click OK.
    Repeat this step with the 2nd intermdiate when you have 2 intermediates in the chain, the logic is as follows;
 * your certificate
 |_ (2nd intermediate, when supplied)
   |_  1st intermediate certificate
      |_ root certificate

Binding the certificate to the Vserver

After installing the keypair and intermdiates, the certificate has to be bound to the vserver:

  1. Login to the management tool for your Citrix NetScaler.
  2. Ga to the navigation panel and expand the SSL Offload item, and click on Virtual Servers.
  3. Select the Vserver that you want to use with your certificate and click on Open. The screen Configure Virtual Server (SSL Offload) will open.
  4. Select the installed keypair from Available under the tab SSL Settings and click on Add.
  5. Click OK.
  6. Check wether the keypair appears under Configured.

All necessary steps to install your web server certificate have now been completed. Please make sure to adequately secure your certificate files, and to store a backup of your private key and web server certificate in a safe location. You should also install the root and intermediate certificates. Check whether the certificate is correctly installed with the SSLCheck and ensure an optimal configuration with these tips and settings.

Please do not hesitate to contact us if you encounter problems or error messages.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up