Netscaler Certificate

Can anyone pl explain what certificates I need on netscaler 10.5 and how to install them.  I have wildcard certificate already installed on Citrix Secure gateway (windows 2003 r2).  I have netscaler 10.5 vpx.   How do i transfer that wildcard certificate from csg to netscaler.  What additional certificates I need and how to install them ?
jafrullahmAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dirk KotteSECommented:
for the external accessible vServer you need your CSG certificate.
Also the CA chain must be imported and linked within the netscaler.
Installing the certificates is not simple. there are some citrix articles explaining how to.
MaheshArchitectCommented:
You have to have certificate exported from secure gateway with private key in .pfx format and import it on netscaler gateway
When you export certificate, export all extended properties including certificate chain (checkboxes) so that all root and intermediate certificates also get exported

Please read the full info since you are moving certificate

http://support.citrix.com/proddocs/topic/netscaler-gateway-105/ng-import-install-windows-cert.html
btanExec ConsultantCommented:
Looks like Mahesh has covered your queries. Just a note that besides the pfx, NS 10.5 also verify the certificate chain to see if it is incomplete, visually it can show the missing chain on the configuration of the server cert. I believed you also did that for CSG (as in steps for http://support.citrix.com/article/CTX114146) so have them installed in NS too.. the cert bundle chain can be in a single PEM file to install
http://www.robinhobo.com/configure-citrix-netscaler-10-5-including-gateway-citrix-storefront-2-5-2/

For the case of DigiCert certificates, this are their steps for ref
https://www.digicert.com/csr-creation-ssl-installation-citrix-netscaler.htm#citrix_netscaler_vpx_ssl_certificate_install
jafrullahmAuthor Commented:
I managed to export the certificate from CSG server as .pfx  and installed it on Netscaler.   When I click on the certificate in netscaler, it shows certificate file name  xxx.cer and key file name xxx.key.
What other certificates I need to complete and how do i install them ?  I have intermediate.cer and root.cer  certificates as well.  How do I install them and bind them.
btanExec ConsultantCommented:
Under Traffic Management | SSL, install the SSL certificate (as you already done),, the intermediate(s), and the root certificate. Next, highlight the SSL certificate and select the "Link..." option (as in version 10.1), you can do so by right-clicking on the cert). Link it to the intermediate certificate, Then highlight the intermediate certificate and link it to the root CA cert.

Below is some points in installing the intermediate cert and have it linked to the actual Server SSL cer, pse see and note
It is not recommended to include the Root Certificate Authority (CA) certificate in the certificate bundle as the CA certificate would be linked. When the Server certificate is bound to a virtual server on the NetScaler appliance, the complete SSL chain of certificates is sent to the client as part of the SSL handshake. Therefore, negating any validation of Certificate Authorities as part of the SSL handshake.
http://support.citrix.com/article/CTX136023
jafrullahmAuthor Commented:
It is only allowing me to install Intermediate and Root certificates in DER format but not in PEM format ,will that be alright ?
btanExec ConsultantCommented:
Should not be, so has to make sure your cert bundle is of DER format then. Hence need to convert your PEM into DER. one useful tool is the ssl convertor online @ https://www.sslshopper.com/ssl-converter.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.