Home > Citrix NetScaler > Configure Netscaler Management for SSL with Trusted Certificate Part2

Configure Netscaler Management for SSL with Trusted Certificate Part2

Step 2 Convert the Certificate PFX file to a PEM file and upload to a Citrix Netscaler

So from my previous blog post we now have a PFX file but the Netscaler will not use this, we need to convert the file into a PEM file. To do this logon to the Netscaler device and select the SSL folder, on the right hand side select the Import PKCS12 option. A Dialog box will appear.

1. Click browse on the PKCS12 filed and select the certificate file you had previously exported.

2. In the output File Name field enter a name for the converted file to be called, ensure the name ends with the pem extension as shown below.

3. Type in the password you set when you previously exported the certificate in the password box and select OK

The certificate has now been converted and both the pem file and the PFX file are stored on the devices file system, we now need to add this to the config so it is available to assign to servies. To do this select the Certificates option under the SSL folder and then select Install. A dialog box will appear, in the certificate name field at the top enter a friendly name so you can identify it and in the Certificate File name and the Private Key File Name select the PEM file you just created. You select the same file for both fields because the PEM files contain both the certificate and the private key, as shown below. Lastly enter the password in the password field and select install.



To assign this new certificate to the management services

1. Log into your NetScaler using an account with “superuser” powers (nsroot)

2. Expand the “Load Balancing” Tab and click on “Services”

3. On the right side under services click the “Internal Services” tab

4 Highlight the “nshttps-″ service and click the “Open” button


5. In the “Configure Service” window, click the “SSL Settings” tab

6. Under the “Configured” certificates you will see the default “ns-server-certificate”, highlight it and click the “Remove” button

7. Under the “Available” certificates, highlight the certificate you want to use and click the “Add” button (in my case, the “Netscaler Cert”)




8. Select Ok

You may get an error popup saying something like “No usable ciphers configured on the SSL vserver/service”. Just select OK this happens because you are removing and adding a certificate in one step and the GUI is actually doing it in two, so it removes the old one before it adds the new one.


9. Select “Ok” and close that window

10. Repeat the same steps for “nsrpcs-″ and “nsrpcs-″ as these are the “services” used when you configure the NetScaler using the “Web Start Client” Java App

11. Repeat the same steps also for any of the management IP address you are going to be using.

12. Select “Save” and then “Refresh All” to save your new configuration to the NetScaler

That’s it, the Netscalers are all set for management using SSL, my next step is to configure my System Centre 2012 VMM environment to use SSL.

Categories: Citrix NetScaler

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: