Manage SSL certificates
An SSL certificate is an essential part of any SSL transaction. You might need multiple certificates for different apps and domains. Using the NetScaler App Delivery and Security service, you can add certificates to a central repository instead of uploading a certificate each time you create an application. Later, you can simply select a certificate to use with an app while configuring the app. You can select one or more certificates to bind to an endpoint. The same certificate can be used by multiple apps. The central repository that safely stores the SSL certificates in the NetScaler App Delivery and Security service is called the SSL Certificate Manager.
Navigate to SSL Certificate Manager to view the SSL certificate dashboard where you can manage the SSL certificates.
Monitor SSL certificates
You can use the SSL certificates dashboard to view graphs that help you keep track of certificate information, such as issuers, key strengths, and signature algorithms. Click the graph to view the associated certificate details.
The SSL certificate dashboard displays the following graphs:
Expiration dashboard: Displays the list of certificates based on the expiration date. The certificates are classified as follows:
- Expiring in a week
- Expiring between 8–30 days
- Expiring between 31–90 days
- Expiring after 90 days
- Self Signed Vs CA signed: Displays the number of self-signed and CA-signed certificates.
Signature algorithms: Displays the number of certificates based on the following:
- Not recommended
- Usage: Displays the number of used and unused certificates.
- Key strength: Displays the number of certificates based on KEY-512, KEY-1024, KEY-2048, KEY-4096, and KEY-UNAPPROVED.
- Issuers: Displays the number of issuers.
- Certificates: Click View All to view the complete list of certificates.
You can also search for certificates by filtering them based on specific values. To filter based on values, navigate to the page that displays the complete list of certificates and add required filters.
Upload an SSL certificate
You can add certificates to a certificate chain and the NetScaler App Delivery and Security service automatically links the certificates based on the issuer and subject fields in the certificates.
The following options for uploading certificates are available:
- Upload a single file also known as a certificate bundle. This file contains all the certificates and key that form part of the certificate chain.
- Upload two files – the server certificate file and the certificate chain file.
- Multiple files – Server certificate file, each of the intermediate certificates in a separate file, and the root certificate file.
- Navigate to SSL Certificate Manager and click Upload SSL Certificate.
- In the Upload SSL Certificate page, specify the following parameters:
- Certificate Name: Name for the certificate. Must contain only ASCII alphanumeric, underscore, and hyphen characters. Cannot be changed after the certificate is created. Max length = 30 characters.
- Certificate File: Upload the certificate file from your local computer.
- Key File: Upload the key file from your local computer.
- Key Password (if required): If you have an encrypted private key in PEM format, type the passphrase that was used to encrypt the private key.
- To add the certificate to the chain, select Add a certificate chain. Select an intermediate certificate or a certificate bundle to upload to the certificate chain. Click Add.
Modify or delete an SSL certificate
You can delete or update the certificate and key file. You can also update the certificate in the certificate chain.
- Navigate to SSL Certificate Manager.
- In the SSL Certificate page, click the Edit icon for the certificate that you want to update.
- In the Update SSL Certificate page, select one or both of the following and upload the file.
- Navigate to SSL Certificate Manager.
- In the SSL Certificate page, click the Delete icon for the certificate that you want to delete.
- When prompted, click Yes, Delete.