Install and manage SSL certificates
The process of installing SSL certificates involves first uploading the certificate and key files to the NetScaler SDX appliance. Then install the SSL certificate on the Citrix ADC instances.
Upload the certificate file to the SDX appliance
For any SSL transaction, the server needs a valid certificate and the corresponding private and public key pair. The certificate file must be present on the SDX appliance when you install the SSL certificate on the Citrix ADC instances. You can also download the SSL Certificate files to a local computer as a backup.
In the SSL Certificates pane, you can view the following details.
- Name
The name of the certificate file.
- Last Modified
The date when the certificate file was last modified.
- Size
The size of the certificate file in bytes.
To upload SSL certificate files to the SDX appliance
- In the navigation pane, expand Management Service, and then click SSL Certificate Files.
- In the SSL Certificates pane, click Upload.
- In the Upload SSL Certificate dialog box, click Browse and select the certificate file you want to upload.
- Click Upload. The certificate file appears in the SSL Certificates pane.
To create a backup by downloading an SSL certificate file
- In the SSL Certificates pane, select the file that you want to download, and then click Download.
- In the message box, from the Save list, select Save as.
- In the Save As message box, browse to the location where you want to save the file, and then click Save.
Uploading SSL Key Files to the SDX Appliance
For any SSL transaction, the server needs a valid certificate and the corresponding private and public key pair. The key file must be present on the SDX appliance when you install the SSL certificate on the Citrix ADC instances. You can also download the SSL key files to a local computer as a backup.
In the SSL Keys pane, you can view the following details.
- Name
The name of the key file.
- Last Modified
The date when the key file was last modified.
- Size
The size of the key file in bytes.
To upload SSL key files to the SDX appliance
- In the navigation pane, expand Management Service, and then click SSL Certificate Files.
- In the SSL Certificate pane, on the SSL Keys tab, click Upload.
- In the Upload SSL Key File dialog box, click Browse and select the key file you want to upload.
- Click Upload to upload the key file to the SDX appliance. The key file appears in the SSL Keys pane.
To create a backup by downloading an SSL key file
- In the SSL Certificate pane, on the SSL Keys tab, select the file that you want to download, and then click Download.
- In the message box, from the Save list, select Save as.
- In the Save As message box, browse to the location where you want to save the file, and then click Save.
Installing an SSL Certificate on a Citrix ADC instance
The Management Service lets you install SSL certificates on one or more Citrix ADC instances. Before you begin installing the SSL certificate, make sure that you have uploaded the SSL certificate and key files to the SDX appliance.
To install SSL certificates on a Citrix ADC instance
- In the navigation pane, click Citrix ADC.
- In the details pane, under Citrix ADC Configuration, click Install SSL Certificates.
- In the Install SSL Certificates dialog box, specify values for the following parameters. (*) indicates required fields.
- Certificate File: specify the file name of the valid certificate. The certificate file must be present on the SDX appliance.
- Key File: specify the file name of the private-key used to create the certificate. The key file must be present on the SDX appliance.
- Certificate Name: specify the name of the certificate-key pair to be added to the Citrix ADC. Maximum length: 31
- Certificate Format: specify the format of the SSL certificate supported on the Citrix ADC. A NetScaler SDX appliance supports the PEM and DER formats for SSL certificates.
-
Password: Specify the pass-phrase that was used to encrypt the private-key. This option can be used to load encrypted private-keys. Max length: 32.
Note: Password protected private key is supported only for the PEM format.
- Save Configuration: specify whether the configuration must be saved on the Citrix ADC. Default value is false.
- Instance IP Address: specify the IP addresses of the Citrix ADC instances on which you want to install the SSL certificate.
- Click OK, and then click Close.
Updating an SSL Certificate on a Citrix ADC instance
You can update some parameters, such as the certificate file, key file, and certificate format of an SSL certificate that is installed on a Citrix ADC instance. You cannot modify the IP address and certificate name.
To update the SSL certificate on a Citrix ADC instance
-
In the navigation pane, expand Citrix ADC, and then click SSL Certificates.
-
In the SSL Certificates pane, click Update.
- In the Modify SSL Certificate dialog box, set the following parameters:
- Certificate File: the file name of the valid certificate. The certificate file must be present on the SDX appliance.
- Key File: the file name of the private-key used to create the certificate. The key file must be present on the SDX appliance.
- Certificate Format: the format of the SSL certificate supported on the NetScaler SDX appliance. The appliance supports the PEM and DER formats for SSL certificates.
-
Password: the pass-phrase that was used to encrypt the private-key. This option can be used to load encrypted private-keys. Maximum length: 32 characters.
Note: Password protected private key is supported only for the PEM format.
- Save Configuration: specify whether the configuration must be saved on the SDX appliance. Default value is false.
- No Domain Check: Do not check the domain name while updating the certificate.
- Click OK, and then click Close.
Polling for SSL Certificates on the Citrix ADC instances
If you add an SSL certificate directly on a Citrix ADC instance after logging on to that instance, the Management Service is not aware of this new certificate. To avoid this scenario, specify a polling interval after which the Management Service polls all the Citrix ADC instances to check for new SSL certificates. You can also perform a poll at any time from the Management Service. For example, if you want to immediately get a list of the SSL certificates from all the Citrix ADC instances.
To configure a polling interval
- In the navigation pane, expand Citrix ADC, and then click SSL Certificates.
- In the SSL Certificates pane, click Configure Polling Interval.
- In the Configure Polling Interval dialog box, set the following parameters:
- Polling Interval: the time after which the Management Service polls the Citrix ADC instances.
- Interval Unit: the unit of time. Possible values: Hours, Minutes. Default: Hours.
- Click OK, and then click Close.
To perform an immediate poll
- In the navigation pane, expand Citrix ADC, and then click SSL Certificates.
- In the SSL Certificates pane, click Poll Now.
- In the Confirm dialog box, click Yes. The SSL Certificates pane is refreshed and new certificates, if any, appear in the list.