Adding Renewal Certificate (SSL) to Citrix Netscaler VPX (200) (NS10.0: Build

Hi all,

I have renewed my SSL Certificate (with Thawte) for Citrix Netscaler VPX (200). Can someone assist me with installing it? I have 7Screenshot of Netscaler Certificate Screen days left before the existing certificate expires.

When trying to install it or update it I am asked to browse for Certificate File Name & Private Key File Name which is not the information that I download from Thawte. I have the PKCS#7 and X.509 information (looks like paragraphs of encrypted text) but don't know what to do with it.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel BorgerSenior Citrix Engineer- CCEECommented:
Here are some notes I have for the process..

Certificate Request Process
   Give csr to customer to fill out wildcard online form to get cer back
   iis manager complete cert request (must be named cer) can rename crt to cer
   Complete certificate request- IIS/ServerCertificate /Open feature
   Complete Certificate request/ browse to cer file
   Friendly name if using a wildcard should be *
   Export .pfx Password:

   IIS/ServerCertificate /Open feature
   Highlight Certificate and choose export
   Browse to save location and enter edci as password
   Convert pfx to PEM using PFX2PEM utility (If using and Existing Wildcard start here)
      Drag pfx to pfx2pem.wsf (enter password used during export)
   Import Pem to NetScaler
      Copy Pem to where you are running the NetScaler configuration
      In SSL\Certificates node select install
      Enter Name (businessname Wildcard) Expry date
      Browse locally for the PEM file for both Certificate name and Private key name
      Enable Notify 30 days

Export Intermediate certs from .PFX
   Double click .pfx to start Import wizard (on IIS server)
   Enter Password
   Place Certs in following Store
   Show Physical Stores/ browse to trusted root certificate Authorities/local computer- finish
   Launch MMC. Add Certificate Snap-in for computer account- local computer-Finish
   Browse to trusted root Certificate Auth- double click wildcard cert
   Certificate path- highlight provider name and view Certificate path and select middle cert
   Details tab- copy to file- Launches cert export wizard
   Select DER format/ browse to save location and name (certprovider-int)

   Repeat above for CA
      Browse to trusted root Certificate Auth- double click wildcard cert
      Certificate path- highlight provider name and view Certificate path and select top cert
      click view cert and on Details tab- copy to file- Launches cert export wizard
      Select DER format/ browse to save location and name (certprovider-CA)

      Install intermediate certificates
         On NetScaler SSL/Certificates click instal
         Cert-KeyPair name (certprovider-int)
         Browse local for (certprovider-int) no private key required
         Select DER format
         On NetScaler SSL/Certificates click install
         Cert-KeyPair name (certprovider-CA)
         Browse local for (certprovider-CA) no private key required
         Select DER format

      Link Certificates in Netscaler config
         Right click wildcard cert and select link
         Select (certprovider-int) then OK
         Right click certprovider-int and riight click- select link
         Select certprovider-CA then OK

        Link new cert to access gateway v servers - Link Certificates with any 443 Load balance VIPs
Jackie ManCommented:
The info below might be useful for you.

"Installing the Server Certificate

After you receive the server certificate from the CA, you must install the server certificate from the CA on the NetScaler appliance. To install the server certificate you must upload the server certificate to the appliance and then create a certificate key pair.

To upload the server certificate, complete the following procedure:

Select the SSL node from the configuration utility of the appliance.
Click on the Manage Certificate / Keys / CSRs link.
Click Upload.
Select the server certificate.
Click Close.

Note: You can also copy the server certificate to the /nsconfig/ssl directory on the NetScaler appliance directly by using any third-party file transfer utility such as WinSCP.

Creating a Certificate-Key Pair

To create certificate-key pair, complete the following procedure:
Log in to the NetScaler appliance by using the nsroot credentials.
Expand the SSL node.
Select the Certificate node.
On the Certificates page, click Add.
In the Certificate-Key Pair Name field, specify the certificate-key pair name.
In the Details group, specify the appropriate files names for the certificate and private key.
Click Install.
Click Close."


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.