SSL certificates

An SSL certificate, which is an integral part of any SSL transaction, is a digital data form (X509) that identifies a company (domain) or an individual. The certificate has a public key component that is visible to any client that wants to initiate a secure transaction with the server. The corresponding private key, which resides securely on the Citrix ADC appliance, is used to complete asymmetric key (or public key) encryption and decryption.

You can obtain an SSL certificate and key in either of the following ways:

  • From an authorized certificate authority (CA), such as Verisign
  • By generating a new SSL certificate and key on the Citrix ADC appliance

Alternately, you can use an existing SSL certificate on the appliance.


  • Citrix recommends that you use certificates obtained from authorized CAs, such as Verisign, for all your SSL transactions. Use certificates generated on the Citrix ADC appliance for testing purposes only, not in any live deployment.

  • If while adding a certificate-key pair, you add a certificate file with the same name as an existing certificate file but with different content, the original certificate file is overwritten with no warning. This might cause issues after the appliance is restarted because the original certificate file is no longer available in the /nsconfig/ssl directory.

SSL certificates