11.2.4.11. How to register a certificate

Operation Confirmed Version:
 Citrix Netscaler VPX Version11.0 Build67.12 Standard Edition
SSL Offload function can be used ion the Load Balancer.
With the use of the SSL Offload function, decoding of SSL sent from clients can be done on the Load Balancer to reduce the server load.
To use the SSL Offload function, you need to register the server certificates and the intermediate certificates on the Load Balancer and to set linking.
Method to register certificates will be introduced here.

Note

  • For server certificates and intermediate certificates, always use those issued by the Certification Authorities.

  • For the certificates stored on the Citrix Netscaler VPX, you cannot check the contents/delete/download.

  • As certificates created on the NetScaler VPX are not downloadable to our side due to the specifications above, operation check is conducted by importing certificates created on an external server to the NetScaler VPX.

  • However, as you cannot check contents of, delete, or download, certificates once imported to the Load Balancer (NetScaler VPX), we would recommend to store the certificates in the environment of your side in case of need for re-importing the certificate such as when rebuilding.

Presumed case for sample setting

  • Assume that we want to register a server certificate and an intermediate certificate on a Load Balancer.

Note

In this scenario temporary certificates for testing are used for operation check.

Configuration diagram
Fig18101
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Fig18102
Input as follows on the Install Certificate screen.

Setting Items

Setting value

Certificate-Key Pair Name

example-IA (any name)

Certificates File Name

la.crt (server certificate prepared in advance)

key File Name

la.key (key prepared in advance)

Password

(Specified password)

Notification Period 30
Input the Certificate-Key Pair Name, and click on the pull-down menu for Certificates File Name.
Fig18103
As an input to Certificates File Name, click [ Local ] as shown on the screen below.
Fig18104
The Folder screen of the working local PC will be displayed. Select the server certificate (.crt file) issued by the Certification Authorities, and double-click.
Fig18105
Similarly, also for input to key File Name, click [ Local ] as shown on the screen below.
Fig18106
The Folder screen of the working local PC will be displayed. Select the key (.key file) issued by the Certification Authorities, and double-click.
Fig18107
Input the Password and click [ Install ].
Fig18108
The SSL Certificates screen will be displayed. You can see in the List that [ example-IA ] is registered.
Fig18109
This completes the registration of the server certificate.

Use the same procedure again to register the intermediate certificate.
From the [ Configuration ] menu, move to [ Traffic Management ] → [ SSL ] → [ Certificates ]. After the SSL Certificates screen is displayed, click [ Install ].
Fig18110
Input as follows on the Install Certificate screen.

Setting Items

Setting value

Certificate-Key Pair Name

example-CA (any name)

Certificates File Name

ca.crt (server certificate prepared in advance)

key File Name

ca.key (key prepared in advance)

Password

(Specified password)

Notification Period 30
Input the Certificate-Key Pair Name, and click on the pull-down menu for Certificates File Name.
Fig18111
As an input to Certificates File Name, click [ Local ] as shown on the screen below.
Fig18112
The Folder screen of the working local PC will be displayed. Select the intermediate certificate (.crt file) issued by the Certification Authorities, and double-click.
Fig18113
Similarly, also for input to key File Name, click [ Local ] as shown on the screen below.
Fig18114
The Folder screen of the working local PC will be displayed. Select the key (.key file) issued by the Certification Authorities, and double-click.
Fig18115
Input the Password and click [ Install ].
Fig18116
The SSL Certificates screen will be displayed. You can see in the List that [ example-CA ] is registered.
Fig18109
This completes the registration of the intermediate certificate.