ADC

Server certificate support matrix on the ADC appliance

August 4, 2023

Contributed by:

S S

NetScaler supports server certificate messages that are fragmented into more than one record if the total size is within 32 KB. Earlier, the maximum supported size was 16 KB and fragmentation was not supported.

The NetScaler appliance supports the following server certificates.

Table 1: Support on front-end (FE) and back-end (BE) service

Server certificate/Platform	MPX/SDX (N2 CHIPS) FE	MPX/SDX (N2 CHIPS) BE	MPX/SDX (N3 CHIPS) FE	MPX/SDX (N3 CHIPS) BE	VPX FE	VPX BE
MD5	Y	Y	Y	Y	Y	Y
SHA1	Y	Y	Y	Y	Y	Y
SHA224	Y	Y	Y	Y	Y	Y
SHA256	Y	Y	Y	Y	Y	Y
SHA384	Y	Y	Y	Y	Y	Y
SHA512	Y	Y	Y	Y	Y	Y
RSA Key	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits
DH Key	1024 bits and 2048 bits	1024 bits and 2048 bits	1024 bits and 2048 bits	1024 bits and 2048 bits	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits

Server certificate/Platform	MPX/SDX 14030/14060/14080 FIPS FE	MPX/SDX 14030/14060/14080 FIPS BE
MD5	Y	Y
SHA1	Y	Y
SHA224	Y	Y
SHA256	Y	Y
SHA384	Y	Y
SHA512	Y	Y
RSA Key	2048 bits and 3072 bits	2048 bits and 3072 bits
DH Key	N	N

Server certificate/Platform	MPX 5900, MPX/SDX 8900, MPX/SDX 9100, MPX/SDX 15000, MPX/SDX 15000-50G, MPX/SDX 16000, MPX/SDX 26000, MPX/SDX 26000-50G, MPX/SDX 26000-100G (front end)	MPX 5900, MPX/SDX 8900, MPX/SDX 9100 MPX/SDX 15000, MPX/SDX 15000-50G, MPX/SDX 16000, MPX/SDX 26000, MPX/SDX 26000-50G, MPX/SDX 26000-100G (back end)
MD5	Y	Y
SHA1	Y	Y
SHA224	Y	Y
SHA256	Y	Y
SHA384	Y	Y
SHA512	Y	Y
RSA Key	1024, 2048, 3072, and 4096 bits	1024, 2048, 3072, and 4096 bits
DH Key	1024 bits and 2048 bits	1024 bits and 2048 bits

Notes

4k certificates require higher CPU cycles and might affect the performance of low-end appliances.

In release 11.1 and earlier, a NetScaler appliance supports the following “signature algorithms” extensions in the back end client hello message: RSA-MD5, RSA-SHA1, and RSA-SHA256. The NetScaler appliance does not support SHA 384 and SHA 512 signature algorithms extensions. Therefore some servers, such as Windows IIS servers, reset the connection.

Starting release 12.0, a NetScaler appliance supports all the signature_algorithms extensions.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Server certificate support matrix on the ADC appliance

August 4, 2023

Contributed by:

S S

August 4, 2023

Contributed by:

S S

Server certificate support matrix on the ADC appliance

In this article