11.2.4.11. How to register a certificate

Operation Confirmed Version:
 Citrix Netscaler VPX Version11.0 Build67.12 Standard Edition
SSL Offload function can be used ion the Load Balancer.
With the use of the SSL Offload function, decoding of SSL sent from clients can be done on the Load Balancer to reduce the server load.
To use the SSL Offload function, you need to register the server certificates and the intermediate certificates on the Load Balancer and to set linking.
Method to register certificates will be introduced here.
  • For server certificates and intermediate certificates, always use those issued by the Certification Authorities.

  • If you have registered a certificate and key that meets all of the following conditions, the message "Password required for private key" will be displayed and you will not be able to install the software.

    • Execute the registration with the GUI.

    • Use a key with a password and a keyed certificate

    • Key line-break code containing "\r\n" which occurs primarily when created on Windows

  • When registering multiple certificates, register with different file names.

  • Please note the following for Citrix Netscaler VPX 11.0-67.12 Standard Edition.

    • For the certificates stored on the Citrix Netscaler VPX, you cannot check the contents/delete/download.

    • As certificates created on the NetScaler VPX are not downloadable to our side due to the specifications above, operation check is conducted by importing certificates created on an external server to the NetScaler VPX.

    • However, as you cannot check contents of, delete, or download, certificates once imported to the Load Balancer (NetScaler VPX), we would recommend to store the certificates in the environment of your side in case of need for re-importing the certificate such as when rebuilding.

Presumed case for sample setting

  • Assume that we want to register a server certificate and an intermediate certificate on a Load Balancer.

Note

In this scenario temporary certificates for testing are used for operation check.

Configuration diagram
Fig18101
<11.0-67.12 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Fig18102
<12.0-53.13 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Fig18102
<12.1-55.18 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Fig18102
Input as follows on the Install Certificate screen.

Setting Items

Setting value

Certificate-Key Pair Name

example-IA (any name)

Certificates File Name

la.crt (server certificate prepared in advance)

key File Name

la.key (key prepared in advance)

Password

(Specified password)

Notification Period 30

Note

Citrix Netscaler VPX 12.0-53.13 Standard Edition does not require a password.

Input the Certificate-Key Pair Name, and click on the pull-down menu for Certificates File Name.
<11.0-67.12 Standard Edition>
Fig18103
<12.0-53.13 Standard Edition>
Fig18103
<12.1-55.18 Standard Edition>
Fig18103
As an input to Certificates File Name, click [ Local ] as shown on the screen below.
<11.0-67.12 Standard Edition>
Fig18104
<12.0-53.13 Standard Edition>
Fig18104
<12.1-55.18 Standard Edition>
Fig18104
The Folder screen of the working local PC will be displayed. Select the server certificate (.crt file) issued by the Certification Authorities, and double-click.
Fig18105
Similarly, also for input to key File Name, click [ Local ] as shown on the screen below.
<11.0-67.12 Standard Edition>
Fig18106
<12.0-53.13 Standard Edition>
Fig18106
<12.1-55.18 Standard Edition>
Fig18106
The Folder screen of the working local PC will be displayed. Select the key (.key file) issued by the Certification Authorities, and double-click.
Fig18107
Input the Password and click [ Install ].

Note

For Citrix Netscaler VPX 12.0,12.1 Standard Edition, it is not necessary to specify password.

Fig18108
The SSL Certificates screen will be displayed. You can see in the List that [ example-IA ] is registered.
<11.0-67.12 Standard Edition>
Fig18109
<12.0-53.13 Standard Edition>
Fig18109
<12.1-55.18 Standard Edition>
Fig18109
This completes the registration of the server certificate.

Use the same procedure again to register the intermediate certificate.
<11.0-67.12 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Fig18110
<12.0-53.13 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Fig18110
<12.1-55.18 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Fig18110
Input as follows on the Install Certificate screen.

Setting Items

Setting value

Certificate-Key Pair Name

example-CA (any name)

Certificates File Name

ca.crt (server certificate prepared in advance)

key File Name

ca.key (key prepared in advance)

Password

(Specified password)

Notification Period 30

Note

In principle, it is not necessary to specify key File Name and Password. Please register in the blank.

Input the Certificate-Key Pair Name, and click on the pull-down menu for Certificates File Name.
<11.0-67.12 Standard Edition>
Fig18111
<12.0-53.13 Standard Edition>
Fig18111
<12.1-55.18 Standard Edition>
Fig18111
As an input to Certificates File Name, click [ Local ] as shown on the screen below.
<11.0-67.12 Standard Edition>
Fig18112
<12.0-53.13 Standard Edition>
Fig18112
<12.1-55.18 Standard Edition>
Fig18112
The Folder screen of the working local PC will be displayed. Select the intermediate certificate (.crt file) issued by the Certification Authorities, and double-click.
Fig18113
Similarly, also for input to key File Name, click [ Local ] as shown on the screen below.
<11.0-67.12 Standard Edition>
Fig18114

Note

For Citrix Netscaler VPX 12.0,12.1 Standard Edition, it is not necessary to specify the key File Name.

The Folder screen of the working local PC will be displayed. Select the key (.key file) issued by the Certification Authorities, and double-click.
Fig18115
Input the Password and click [ Install ].

Note

For Citrix Netscaler VPX 12.0,12.1 Standard Edition, it is not necessary to specify password.

Fig18116
The SSL Certificates screen will be displayed. You can see in the List that [ example-CA ] is registered.
<11.0-67.12 Standard Edition>
Fig18109
<12.0-53.13 Standard Edition>
Fig18109
<12.1-55.18 Standard Edition>
Fig18109
This completes the registration of the intermediate certificate.