curious7
asked on
Citrix Netscaler VPX certificate issue after upgrade to 11.0-66.11
After upgrading to citrix netscaler vpx to 11.0-66.11 from version 10.5 the Netscaler Gateway function was coming up as unlicensed.
This netscaler had been workign for more then a year.
So thinking that the license may have expired I went to mycitrix and allocated a license that was valid till 2017.
After applying the license the Netscaler was showing a licensed but the VIP was showing as down.
Upon checking the VIP it did not have a certificate assigned to it.
On going to manage certificates I could see the actual certificate there.
So I went to Traffic Management -> SSL -> Certificates and tried to install the certificate again.
On filling all the fields and clinking install I received the error - "Certificate with key size greater than RSA512 or DSA512 bits not supported".
Our certificate was generated with a key size of 2048 but had been working OK with netscaler OS version 10.5.
Please advise if anyone has seen this before and what can I do to resolve the issue.
This netscaler had been workign for more then a year.
So thinking that the license may have expired I went to mycitrix and allocated a license that was valid till 2017.
After applying the license the Netscaler was showing a licensed but the VIP was showing as down.
Upon checking the VIP it did not have a certificate assigned to it.
On going to manage certificates I could see the actual certificate there.
So I went to Traffic Management -> SSL -> Certificates and tried to install the certificate again.
On filling all the fields and clinking install I received the error - "Certificate with key size greater than RSA512 or DSA512 bits not supported".
Our certificate was generated with a key size of 2048 but had been working OK with netscaler OS version 10.5.
Please advise if anyone has seen this before and what can I do to resolve the issue.
ASKER
Hi Coralon
We have another netscaler VPX (also platform 450010"), which is not in produntion use. This netscaler I had upgraded successfully few weeks back with the same tgz file.
And that had gone through without any problem.
I looked further into this today and found that the license file already on this VPX before upgrade had "abcd" as the hostname.
Whereas the device itself has the fqdn "abcd@ourdomain.com".
Would this be causing the issues I am experiencing?
I saw the following citrix article which seems to indicate this is a certificate related problem:
http://support.citrix.com/article/CTX125548
We have another netscaler VPX (also platform 450010"), which is not in produntion use. This netscaler I had upgraded successfully few weeks back with the same tgz file.
And that had gone through without any problem.
I looked further into this today and found that the license file already on this VPX before upgrade had "abcd" as the hostname.
Whereas the device itself has the fqdn "abcd@ourdomain.com".
Would this be causing the issues I am experiencing?
I saw the following citrix article which seems to indicate this is a certificate related problem:
http://support.citrix.com/article/CTX125548
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Do you have a full backup of your Netscaler? (not sure if you have a hardware box or a VPX).. You'll probably want to revert & try again.
Re-download the Netscaler software, and be 100% sure you got the correct version.. Revert and try the upgrade again.. worst case, you may have to strip out the config, do a clean install, and then recreate your config. Don't forget to backup your certs, etc..
Coralon