Intermediate Certificates: Installing Certs on a NetScaler Part 2

In part 1, we went over the installation process for a certificate. Now that we have our base certificate installed, we need to get the Intermediate certificate installed. Some certificate providers offer the ability to download your certificate, any Root certificate, and the Intermediate certificate in one bundle. For those providers, you will need to look up their instructions on how to utilize a bundle such as that. The NetScaler will work with certificate bundles and the results may be quicker. However, we are going to continue on as if you did not have the option for a certificate bundle and now need to install the Intermediate certificate.

The very first thing you will need to do is to download the correct Intermediate certificate from you provider. Most certificate providers keep their Intermediate certificate download links in their support site. Because there are many different types of certificates (basic, wildcard, multi-domain, etc.), you need to download the Intermediate certificate that matches your certificate type. Once you have the Intermediate certificate, here are the steps to installing it:

  1. Install the certificate received from the provider (Configuration → Traffic Management → SSL → Certificates → Install):
    Netscaler B1
  2. Still on the certificates page, select the original certificate (the one you are getting the Intermediate for). Under the ‘Action’ options, choose ‘Link’:
    Netscaler B3
  3. From the list of certificates shown, select the Intermediate certificate.

That is all it takes. You can now check your certificate status with a certificate checker tool (the cert provider usually has one to utilize). You should not see any issues pertaining to an Intermediate certificate. Going back to the example given in a previous blog, you can now try to connect the devices that had issue connecting to the provided certificate alone.

The example given in the blogs for installing a certificate and Intermediate certificate were shown through the GUI. The GUI is translated to command line syntax when it is executed. Therefore, if you would like, you can install certificates from a commend line. We will not go into detail on this procedure, but the basic command lines for it are ‘add ssl certkey’ and ‘link ssl certkey’. Look up those commands should you wish to do everything from command line.

Please post your comments or questions below. You can also reach me directly by email.

AZS-3

 

 

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)|
Sr. Network Consultant
craig.kalty@customsystems.com

 

 

 

©2015 Custom Systems Corporation

Leave a Reply

Your email address will not be published. Required fields are marked *