Configure Netscaler Management for SSL with Trusted Certificate Part2
Step 2 Convert the Certificate PFX file to a PEM file and upload to a Citrix Netscaler
So from my previous blog post we now have a PFX file but the Netscaler will not use this, we need to convert the file into a PEM file. To do this logon to the Netscaler device and select the SSL folder, on the right hand side select the Import PKCS12 option. A Dialog box will appear.
1. Click browse on the PKCS12 filed and select the certificate file you had previously exported.
2. In the output File Name field enter a name for the converted file to be called, ensure the name ends with the pem extension as shown below.
3. Type in the password you set when you previously exported the certificate in the password box and select OK
The certificate has now been converted and both the pem file and the PFX file are stored on the devices file system, we now need to add this to the config so it is available to assign to servies. To do this select the Certificates option under the SSL folder and then select Install. A dialog box will appear, in the certificate name field at the top enter a friendly name so you can identify it and in the Certificate File name and the Private Key File Name select the PEM file you just created. You select the same file for both fields because the PEM files contain both the certificate and the private key, as shown below. Lastly enter the password in the password field and select install.
To assign this new certificate to the management services
1. Log into your NetScaler using an account with “superuser” powers (nsroot)
2. Expand the “Load Balancing” Tab and click on “Services”
3. On the right side under services click the “Internal Services” tab
4 Highlight the “nshttps-127.0.0.1-443″ service and click the “Open” button
5. In the “Configure Service” window, click the “SSL Settings” tab
6. Under the “Configured” certificates you will see the default “ns-server-certificate”, highlight it and click the “Remove” button
7. Under the “Available” certificates, highlight the certificate you want to use and click the “Add” button (in my case, the “Netscaler Cert”)
8. Select Ok
You may get an error popup saying something like “No usable ciphers configured on the SSL vserver/service”. Just select OK this happens because you are removing and adding a certificate in one step and the GUI is actually doing it in two, so it removes the old one before it adds the new one.
9. Select “Ok” and close that window
10. Repeat the same steps for “nsrpcs-127.0.0.1-3008″ and “nsrpcs-127.0.0.1-3009″ as these are the “services” used when you configure the NetScaler using the “Web Start Client” Java App
11. Repeat the same steps also for any of the management IP address you are going to be using.
12. Select “Save” and then “Refresh All” to save your new configuration to the NetScaler
That’s it, the Netscalers are all set for management using SSL, my next step is to configure my System Centre 2012 VMM environment to use SSL.