Netscaler 12 Generate CSR and Certificate Installation
In this post will cover the Certificate CSR generation with RSA key file and installing the certificate received from the external or internal certificate authority.
Contents of the Post
Pre-Requisites
- common name for generating CSR : apps.sslab.com
- Certificate Authority: internal or External, you need credit card if external 🙂
RSA Key file creation
Enable the SSL Feature if it is not enabled – Traffic Management – SSL – Right Click – Enable
Traffic Management – SSL – SSL Files – Keys – Select Create RSA Key
Provide below details and Create for creating key file.
- Key Name : apps.sslab.com.key ( any name is fine but with this format its easy to remember)
- Key Size: 2048
- Public Exponent Value : F4
- Key Format : PEM
- PEM encoding algorithm : DES3
- Pem Passphrase : Password for key file
CSR Generation for Certificate request
Navigate to Traffic Management – SSL – SSL Files – CSR – Select Create CSR
Provide Details for the CSR File as below and Click Create
- Request File Name: apps.sslab.com.csr
Key file Name : apps.sslab.com.key ( created in last step)
Key format : PEM
PEM Passphrase: Password given while creating key
Digest Method: SHA256
Common Name: apps.sslab.com (this is the certificate URL Name)
Organization Name: SSLAB
Organization Unit: IT
State: AUH
Country: UAE
Select the CSR file created and Download
Open with notepad and confirm Begin and End should be there
Generate Certificate from Microsoft CA
Open the CA web request URL, the standard url is as below – Request a Certificate.
Easy Microsoft CA Creation/installation steps
Note: This step is not required if Certificate is requested from external Certificate authority. move to certificate installation step.
http://CA-Hostname/certsrv/
Select Advanced Certificate Request
Select Sumit a Cert Request
Paste the CSR generated before – Select Web Server and Submit.
Select Base 64 encoded – Download Certificate ( Needed for Netscaler), Chain for Windows based servers. Rename the Certificate with common name.
Now again go back to Certsrv url to download ROOT certificate without ROOT and intermediate Certificates , Websites will have issues.
Select Base 64 and Download CA Certificate, Download all CA certificate in similar way. Rename certificate to ROOT-CA
Installing Certificate and Chaining
Navigate to Traffic Management – SSL – SSL Certificate – Server Certificate – Install
Provide Name : apps.sslab.com, Select local and browse for certificate file name. (this is server certificate we created or received from external)
Now we need to provide the key file we created earlier, select the key file.
Provide the password used while creating key file. dont forget this password as you need to when ever we need to export certificate with key.
Now Install all the ROOT and intermediate certificates, In our case only ROOT certificate.
Navigate to Traffic Management -SSL – SSL Certificate – CA Certificates – Install
Provide the Certificate Name and select ROOT certificate from Local or appliance
Now navigate back to Server certificate and select our certificate – Action – Click on Link
Select the ROOT certificate and click OK
To verify the link – Select certificate again – Actions – Click on Cert links.
Links will show as below.
Hope this post is useful. Leave your suggestions and comments below.
Hi Shiva
Thanks for great on Hot-to document.
Question: If you using external certificate Authority such as Go-Daddy, Comodo etc.. We have certificate-chain such as Root, Intermediate and Server certificate. If server certificate Link to Intermediate Cert.
Should i also Link intermediate cert to Root CA as well?
when we import the pfx file which has all the links, it will install the certs. always recommended to link them cert to intermediate to root.