Intermediate Certificates: Installing Certs on a NetScaler Part 1
In a previous post, we discussed the purpose of installing an Intermediate certificate. One of the purposes of that post was to segue into this topic. We used the example of a NetScaler to demonstrate the need for an Intermediate certificate. If you haven’t yet, I suggest you read that post before going any further.
One last step before we get to the Intermediate certificate – I suggest we start by installing a certificate on the NetScaler. You can create your own certificates on the NetScaler, but we would probably not want to do that if we are rolling out external communications to many people. The process outlined below assumes you are ordering a certificate from a third party authority (Digicert, Verisign, Thawte, etc).
First, you will need to create and submit a certificate request:
1. Create an RSA Key (Configuration → SSL → Traffic Management → Create RSA Key):
2. Create the Certificate Signing Request (Configuration → SSL → Traffic Management → Create CSR):
3. View and save your certificate request:
4. Submit your certificate request to a third party provider. (The process for this step varies per provider.)
Now you need to install your certificate. Some certificate providers offer methods to download the certificate you ordered and their Intermediate certificate all in one file. The availability and steps to perform that action vary per provider, so we are going to proceed as if the requested certificate and the Intermediate need to be installed separately:
1. Receive your requested certificate from the provider and start the install process (Configuration → SSL → Traffic Management → Create CSR):
2. Upload the certificate:
3. Install the certificate received from the provider (Configuration → Traffic Management → SSL → Certificates → Install):
Now we have a third party certificate installed on our NetScaler. This alone will facilitate a connection to Storefront through the NetScaler for Windows and some other Citrix Receiver clients. However, not all clients will be satisfied with this. In the final segment of this blog, we will install a root certificate and the Intermediate certificate.
Please post your comments or questions below. You can also reach me directly by email.
Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)|
Sr. Network Consultant
©2015 Custom Systems Corporation