Netscaler 12 Generate CSR and Certificate Installation

In this post will cover the Certificate CSR generation with RSA key file and installing the certificate received from the external or internal certificate authority.

Pre-Requisites

  • common name for generating CSR : apps.sslab.com
  • Certificate Authority: internal or External, you need credit card if external 🙂

RSA Key file creation

Enable the SSL Feature if it is not enabled – Traffic Management – SSL – Right Click – Enable

Traffic Management – SSL – SSL Files – Keys – Select Create RSA Key

Provide below details and Create for creating key file.

  • Key Name : apps.sslab.com.key ( any name is fine but with this format its easy to remember)
  • Key Size: 2048
  • Public Exponent Value : F4
  • Key Format : PEM
  • PEM encoding algorithm : DES3
  • Pem Passphrase : Password for key file

CSR Generation for Certificate request

Navigate to Traffic Management – SSL – SSL Files – CSR – Select Create CSR

Provide Details for the CSR File as below and Click Create

  • Request File Name: apps.sslab.com.csr
    Key file Name : apps.sslab.com.key ( created in last step)
    Key format : PEM
    PEM Passphrase: Password given while creating key
    Digest Method: SHA256
    Common Name: apps.sslab.com (this is the certificate URL Name)
    Organization Name: SSLAB
    Organization Unit: IT
    State: AUH
    Country: UAE

Select the CSR file created and Download

Open with notepad and confirm Begin and End should be there

Generate Certificate from Microsoft CA

Open the CA web request URL, the standard url is as below – Request a Certificate.

Easy Microsoft CA Creation/installation steps

Note: This step is not required if Certificate is requested from external Certificate authority. move to certificate installation step.

http://CA-Hostname/certsrv/

Select Advanced Certificate Request

Select Sumit a Cert Request

Paste the CSR generated before – Select Web Server and Submit.

Select Base 64 encoded – Download Certificate ( Needed for Netscaler), Chain for Windows based servers. Rename the Certificate with common name.

Now again go back to Certsrv url to download ROOT certificate without ROOT and intermediate Certificates , Websites will have issues.

Select Base 64 and Download CA Certificate, Download all CA certificate in similar way. Rename certificate to ROOT-CA

Installing Certificate and Chaining

Navigate to Traffic Management – SSL – SSL Certificate – Server Certificate – Install

Provide Name : apps.sslab.com, Select local and browse for certificate file name. (this is server certificate we created or received from external)

Now we need to provide the key file we created earlier, select the key file.

Provide the password used while creating key file. dont forget this password as you need to when ever we need to export certificate with key.

Now Install all the ROOT and intermediate certificates, In our case only ROOT certificate.

Navigate to Traffic Management -SSL – SSL Certificate – CA Certificates – Install

Provide the Certificate Name and select ROOT certificate from Local or appliance

Now navigate back to Server certificate and select our certificate – Action – Click on Link

Select the ROOT certificate and click OK

To verify the link – Select certificate again – Actions – Click on Cert links.

Links will show as below.

Hope this post is useful. Leave your suggestions and comments below.

Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Automation,Network Virtualization, Digital Workspace, VDI, HCI and Virtualization products from VMWare, Citrix and Microsoft.

2 thoughts on “Netscaler 12 Generate CSR and Certificate Installation

  • April 14, 2022 at 6:59 pm
    Permalink

    Hi Shiva

    Thanks for great on Hot-to document.
    Question: If you using external certificate Authority such as Go-Daddy, Comodo etc.. We have certificate-chain such as Root, Intermediate and Server certificate. If server certificate Link to Intermediate Cert.
    Should i also Link intermediate cert to Root CA as well?

    Reply
    • August 25, 2022 at 1:23 pm
      Permalink

      when we import the pfx file which has all the links, it will install the certs. always recommended to link them cert to intermediate to root.

      Reply

Leave a Reply

Your email address will not be published.

Show Buttons
Hide Buttons