11.2.4.11. How to register a certificate
Operation Confirmed Version: |
| Citrix Netscaler VPX Version11.0 Build67.12 Standard Edition |
SSL Offload function can be used ion the Load Balancer.
With the use of the SSL Offload function, decoding of SSL sent from clients can be done on the Load Balancer to reduce the server load.
To use the SSL Offload function, you need to register the server certificates and the intermediate certificates on the Load Balancer and to set linking.
Method to register certificates will be introduced here.
For server certificates and intermediate certificates, always use those issued by the Certification Authorities.
If you have registered a certificate and key that meets all of the following conditions, the message "Password required for private key" will be displayed and you will not be able to install the software.
Execute the registration with the GUI.
Use a key with a password and a keyed certificate
Key line-break code containing "\r\n" which occurs primarily when created on Windows
When registering multiple certificates, register with different file names.
Please note the following for Citrix Netscaler VPX 11.0-67.12 Standard Edition.
For the certificates stored on the Citrix Netscaler VPX, you cannot check the contents/delete/download.
As certificates created on the NetScaler VPX are not downloadable to our side due to the specifications above, operation check is conducted by importing certificates created on an external server to the NetScaler VPX.
However, as you cannot check contents of, delete, or download, certificates once imported to the Load Balancer (NetScaler VPX), we would recommend to store the certificates in the environment of your side in case of need for re-importing the certificate such as when rebuilding.
Presumed case for sample setting
Note
In this scenario temporary certificates for testing are used for operation check.
<11.0-67.12 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
<12.0-53.13 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
<12.1-55.18 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Input as follows on the Install Certificate screen.
Setting Items
|
Setting value
|
Certificate-Key Pair Name |
example-IA (any name)
|
Certificates File Name |
la.crt (server certificate prepared in advance)
|
key File Name |
la.key (key prepared in advance)
|
Password |
(Specified password)
|
Notification Period |
30 |
Note
Citrix Netscaler VPX 12.0-53.13 Standard Edition does not require a password.
Input the Certificate-Key Pair Name, and click on the pull-down menu for Certificates File Name.
<11.0-67.12 Standard Edition>
<12.0-53.13 Standard Edition>
<12.1-55.18 Standard Edition>
As an input to Certificates File Name, click [ Local ] as shown on the screen below.
<11.0-67.12 Standard Edition>
<12.0-53.13 Standard Edition>
<12.1-55.18 Standard Edition>
The Folder screen of the working local PC will be displayed. Select the server certificate (.crt file) issued by the Certification Authorities, and double-click.
Similarly, also for input to key File Name, click [ Local ] as shown on the screen below.
<11.0-67.12 Standard Edition>
<12.0-53.13 Standard Edition>
<12.1-55.18 Standard Edition>
The Folder screen of the working local PC will be displayed. Select the key (.key file) issued by the Certification Authorities, and double-click.
Input the Password and click [ Install ].
Note
For Citrix Netscaler VPX 12.0,12.1 Standard Edition, it is not necessary to specify password.
The SSL Certificates screen will be displayed. You can see in the List that [ example-IA ] is registered.
<11.0-67.12 Standard Edition>
<12.0-53.13 Standard Edition>
<12.1-55.18 Standard Edition>
This completes the registration of the server certificate.
Use the same procedure again to register the intermediate certificate.
<11.0-67.12 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
<12.0-53.13 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
<12.1-55.18 Standard Edition>
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Input as follows on the Install Certificate screen.
Setting Items
|
Setting value
|
Certificate-Key Pair Name |
example-CA (any name)
|
Certificates File Name |
ca.crt (server certificate prepared in advance)
|
key File Name |
ca.key (key prepared in advance)
|
Password |
(Specified password)
|
Notification Period |
30 |
Note
In principle, it is not necessary to specify key File Name and Password. Please register in the blank.
Input the Certificate-Key Pair Name, and click on the pull-down menu for Certificates File Name.
<11.0-67.12 Standard Edition>
<12.0-53.13 Standard Edition>
<12.1-55.18 Standard Edition>
As an input to Certificates File Name, click [ Local ] as shown on the screen below.
<11.0-67.12 Standard Edition>
<12.0-53.13 Standard Edition>
<12.1-55.18 Standard Edition>
The Folder screen of the working local PC will be displayed. Select the intermediate certificate (.crt file) issued by the Certification Authorities, and double-click.
Similarly, also for input to key File Name, click [ Local ] as shown on the screen below.
<11.0-67.12 Standard Edition>
Note
For Citrix Netscaler VPX 12.0,12.1 Standard Edition, it is not necessary to specify the key File Name.
The Folder screen of the working local PC will be displayed. Select the key (.key file) issued by the Certification Authorities, and double-click.
Input the Password and click [ Install ].
Note
For Citrix Netscaler VPX 12.0,12.1 Standard Edition, it is not necessary to specify password.
The SSL Certificates screen will be displayed. You can see in the List that [ example-CA ] is registered.
<11.0-67.12 Standard Edition>
<12.0-53.13 Standard Edition>
<12.1-55.18 Standard Edition>
This completes the registration of the intermediate certificate.