Enterprise Cloud Knowledge Center
Close the Menu
Home > Enterprise Cloud 2.0 Support Information > FAQ - Enterprise Cloud 2.0 > Is there a way to use a certificate confirmed by a third party organization?

FAQ

Is there a way to use a certificate confirmed by a third party organization?

(:Last updated)

You can use it if you provide the certificate created by the server to Symantec and import it to Load Balancer(NetScaler VPX) as third party authentication signature data.

However, since imported certificates can not be downloaded from Load Balancer, please save them in your local environment.

Is this page helpful?

Yes No
  • ECL2.0
    •  
  • Load Balancer
    •  

Related Pages

  • Difference between the version of the load balancer (NetScaler VPX) plan name and that displayed on the CLI after creationECL2.0, Load Balancer

    Issue

    Regarding NetScaler Ver.12.1-55.18 provided in the ECL2.0 Load Balancer (NetScaler VPX) menu, Citrix has released NetScaler Ver. 12.1-55.237 to renew the root certificate for activation in the load balancer due to renewing the certificate in their license server

    With this release, there will be a difference between the version written in the plan name of the load balancer and that displayed when logging in with CLI (SSH etc.) after creating it if you apply for a new load balancer menu.

    As announced by Citrix, there is no difference other than the part related to the certificate for license server communication.

     

    The information published by Citrix regarding this event is as follows.

    URL : https://support.citrix.com/article/CTX319637

     

    Target version

    12.1-55.18

     

    Solution

    The version "12.1-55.18 Standard Edition" currently provided in the load balancer (NetScaler VPX) menu will be provided by changing only the installed version to "Ver. 12.1-55.237" without changing the plan name.

     

    The correspondence table between each plan name of the load balancer (NetScaler VPX) menu and the version of Citrix NetScaler installed is as follows, before and after this change.

    BeforeAfter
    The Plan nameThe version of Citrix NetScaler installedThe Plan nameThe version of Citrix NetScaler installed
    Citrix_NetScaler_VPX_12.1-55.18_Standard_EditionCitrix_NetScaler_VPX_12.1-55.18_Standard_EditionCitrix_NetScaler_VPX_12.1-55.18_Standard_EditionCitrix_NetScaler_VPX_12.1-55.237_Standard_Edition

    The offer fee will not be changed.

    In addition, we will sequentially renew the root certificate for license authentication in the instance of Ver.12.1-55.18 and discontinued version, that you are using. No work to be done by the customer regarding the existing instance.
    There will be no service impact associated with the work we do for this matter.

    Open in a new window
  • Unavailable to select session maintenance manager after select "Cookie Insert"ECL2.0, Load Balancer

    Please try following steps:
    (Case:Change "Persistence" 「COOKIEINSERT」to「SOURCEIP」)
    1.Change Persistence to「COOKIEINSERT」at Virtual Server Persistence
    Put into unique name as Cookie Name, then click "OK"
    2.Delete "Cookie Name" at Virtual Server Persistence, then click "OK".
    3.Change Persistence to「SOURCEIP」at Virtual Server Persistence, then click "OK". *1

    *1When you change except for「SOURCEIP」,select「another persistence」then click "OK".

    Is this page helpful?

    Yes No
    Open in a new window
  • Issues may occur after restarting when adding a certificate / key file with the same name as an existing certificate / key file to Load balancer (NetScaler VPX)ECL2.0, Load Balancer

    Summary

    In Load balancer (NetScaler VPX) menu, if you add a certificate / key file with the same name as an existing certificate / key file, the original certificate / key file will be overwritten without warning. Since the original certificate / key file can no longer be used, the following Issues may occur after restarting due to following problems.

    The manufacturer's public information regarding this issue is as follows.
    URL: https://docs.citrix.com/en-us/citrix-adc/current-release/ssl/ssl-certificates.html
    * Please refer to "Important" at the bottom of the page

     

    Problem

    1. The certificate / key file in use can be overwritten, and the old certificate / key data will continue to be used without being updated until it restarts.
    2. It is possible to duplicate existing and new certificate / key settings while overwriting the certificate / key file in use.

    Cases problem 1,2 occurs

    When registering the certificate as below(https://ecl.ntt.com/documents/tutorials/rsts/LoadBalancer/loadbalancing/ssl_offload_and_acceleration1.html)
    -Set a "Certificate-Key Pair Name" that does not exist
    -Specify a certificate file / key file with the same name as the file registered with the existing certificate / key setting but with different data.

    Issues

    1. In the state of Problem 1, the certificate / key file read before and after the restart may be different. This is because the new certificate / key file will not be read until it is restarted.
    2. By restarting in the state of problem 2, one of the existing and new certificate / key settings set in problem 2 may be lost, and the related certificate settings may also be lost.

     

    Affected version

    12.1-52.15
    12.1-55.18
    12.0-53.13
    11.0-67.12
    10.5-57.7

     

    Solution

    In the case of registering a new certificate

    Please do not register the certificate file / key file with the same name as the certificate that already exists in Load Balancer (NetScaler VPX). Register the certificate file / key file with another name. Due to the specifications, it is not possible to register a certificate file / key file with the same name as the certificate that already exists in Load Balancer (NetScaler VPX).

    In the case of updating an existing certificate

    Follow the steps below to update.

    "How to update procedure of SSL certificates of LoadBalancer?"

    How to check the setting status that may cause this issue

    Follow the procedure below.

    In the case of using CLI

    1. Execute the following command
    > Show run

    2. This issue may occur if the file names set in the -cert and -key on the "add ssl certKey" line are duplicated.
    Example)
    Add ssl certkey cert001 -cert a.cert
    Add ssl certkey cert002 -cert a.cert

    3.If you see duplicate settings in step 2, save the current settings and delete all the settings related to the affected certificate (Virtual Server certificate settings and Link with intermediate certificate).
    Please set again using the certificate file / key file of another name.

    Reference : https://ecl.ntt.com/en/documents/tutorials/rsts/LoadBalancer/loadbalancing/ssl_offload_and_acceleration3.html

    https://ecl.ntt.com/en/documents/tutorials/rsts/LoadBalancer/loadbalancing/ssl_offload_and_acceleration2.html

    In the case of using GUI

    1. Please transit as follows
    System> Diagnostics> Utilities> Command Line Interface
    2. After that, please follow the same procedures (1-3) as when using the CLI.

    Open in a new window
  • Load Balancer(NetScaler VPX) will restart unexpectedlyECL2.0, Load Balancer

    Issue

    Issues that Load balancer (NetScaler VPX) will restart unexpectedly and  the SSL certificate related settings may be lost after restarting are confirmed.

    We have individually contacted customers who have resources which will restart by e-mail, so please check them as well. 

     

    The following information is published by the manufacturer. (First release date : 2021-02-25)

    URL : https://support.citrix.com/article/CTX296929

     

    Affected Version

    12.1-52.15
    12.1-55.18

     

    Solution

    To avoid an unexpected restarting, the customers are required to restart the Load
    Balancer before the unexpected restarting occurs.
    We apologize for the inconvenience, but please confirm as soon as possible.

    1. Check the date when an unexpected restarting will occur. Please perform the following operations using the GUI or CLI of Load Balancer.

    a. for GUI :
    Please check the following page after login to GUI of Load Balancer.
    Continue > Configuration > System > Licenses

    b. for CLI :
    Please execute the following command at the prompt after login to CLI of Load Balancer.
    > show ns license
    The value of [Days to expiration:] displayed in the execution result indicates the number of days until an unexpected restarting occurs.
    [Warning] An unexpected reboot will occur within 24 hours of this value becoming 0.

    2. Restart Load Balancer
    Please perform "Reboot Load Balancer" by the deadline.
    Then perform step "1." again and check that the value is 1600 or higher.

    Related Issue

    Although it is not directly related to this issue, we have confirmed an issue that may cause a problem after restarting Load Balancer (NetScaler VPX) depending on the customer's settings. For details, please check here (Issues may occur after restarting when adding a certificate / key file with the same name as an existing certificate / key file to Load balancer (NetScaler VPX)).

    Background

    Enterprise Cloud 2.0 service support team has discovered an unexpected restarting of Load Balancer.

    After the support team contacted the manufacturer, the manufacturer confirmed that an unexpected restarting would occur and SSL certificate related settings may be lost after restarting when the license expired.

    Open in a new window
  • Please tell me the performance value of the Load Balancer.ECL2.0, Load Balancer / Construction, Specification

    Please refer to below Tutorial.

    Tutorial - Reference: Measurement Result of Load Balancer Performance

    Is this page helpful?

    Yes No
    Open in a new window

Support Information

Enterprise Cloud 2.0

Enterprise Cloud 1.0

We appreciate your cooperation in improving the site

Did this FAQ be helpful? If you have any comments, please let us know.

Thank you

Your feedback has been received.