Intermediate Certificates: Installing Certs on a NetScaler Part 2

In part 1, we went over the installation process for a certificate. Now that we have our base certificate installed, we need to get the Intermediate certificate installed. Some certificate providers offer the ability to download your certificate, any Root certificate, and the Intermediate certificate in one bundle. For those providers, you will need to look up their instructions on how to utilize a bundle such as that. The NetScaler will work with certificate bundles and the results may be quicker. However, we are going to continue on as if you did not have the option for a certificate bundle and now need to install the Intermediate certificate.

The very first thing you will need to do is to download the correct Intermediate certificate from you provider. Most certificate providers keep their Intermediate certificate download links in their support site. Because there are many different types of certificates (basic, wildcard, multi-domain, etc.), you need to download the Intermediate certificate that matches your certificate type. Once you have the Intermediate certificate, here are the steps to installing it:

  1. Install the certificate received from the provider (Configuration → Traffic Management → SSL → Certificates → Install):
    Netscaler B1
  2. Still on the certificates page, select the original certificate (the one you are getting the Intermediate for). Under the ‘Action’ options, choose ‘Link’:
    Netscaler B3
  3. From the list of certificates shown, select the Intermediate certificate.

That is all it takes. You can now check your certificate status with a certificate checker tool (the cert provider usually has one to utilize). You should not see any issues pertaining to an Intermediate certificate. Going back to the example given in a previous blog, you can now try to connect the devices that had issue connecting to the provided certificate alone.

The example given in the blogs for installing a certificate and Intermediate certificate were shown through the GUI. The GUI is translated to command line syntax when it is executed. Therefore, if you would like, you can install certificates from a commend line. We will not go into detail on this procedure, but the basic command lines for it are ‘add ssl certkey’ and ‘link ssl certkey’. Look up those commands should you wish to do everything from command line.

Please post your comments or questions below. You can also reach me directly by email.




Sr. Network Consultant




©2015 Custom Systems Corporation

Securing Microsoft Exchange Email Servers

Your Microsoft Exchange Email Server needs to do four things, and do them well:

  1. Receive email,
  2. Send email,
  3. Provide access to your remote users, and
  4. Do steps 1 through 3 – securely.

Steps 1 and 2 are a part of the setup process, but you cannot just install a new Microsoft Exchange Server and expect it to work out-of-the-box.  Every install requires a few adjustments, but for the most part steps 1 and 2 are pretty straight forward.  What about steps 3 and 4?  Well, they require purchasing and installing an SSL Certificate from a third-party provider, like GoDaddy.

This blog post should be called “Banging the Drum for GoDaddy SSL Certificates”.  I know there are plenty of other (and cheaper) Exchange SSL Certificate providers out there, and I’ve used a few of them.  But in this post the other guys will remain nameless to protect the guilty.  We’ve been using GoDaddy SSL Certificates to secure our customer’s Exchange Servers for several years, and of the very few issues I’ve had, they were due to a slight misstep on my end.  GoDaddy’s Technical Support is top notch!  They have always been quick to respond to my questions, they understand what I’m looking for, and have a solution in a matter of minutes.

From start to finish, installing and implementing a new Secure SSL Certificate on your Exchange Server can be quick and easy.  Make your Exchange Servers more secure today with help from Custom Systems (and an assist from GoDaddy, of course.)

ChaseChase Reitter
Network Consultant




© Copyright 2014 Custom Systems Corporation