Tuesday, March 6, 2012

How to create public SSL certificate for NetScaler .

Creating public SSL certificate is 3 step process.

Step 1. Create RSA key:  a) Login to NetScaler webpage using 'nsroot' and navigate to SSL section. Highlight 'certificate' and select 'Create RSA key' under SSL keys.


                             b)  This will pop up a window asking for various information :

                                         Key Filename: Can be anything and if you doing for first time no need to select browse .

                                          Key Size : Can be anything in multiple of 1024 but most of the public site accept key size beyond 2048

                                          Public Exponent value: Leave it to default F4

                                         Key Format : Should be PEM unless you want DER format

                                         PEM Encoding Algorithm : DES.

                                          PEM/Verify Passphrase : Can be anything which should be remembered for future use.



Step 2. Create SSL Certificate request : a)  Under SSL certificate page ,select  'Create Certificate Request' and this will popup other page


                                              b) This will pop up a window asking for various information :

                                                     Request File Name : Can be anything and don't select 'Browse ' or 'View'

                                                     Key File Name: Will be from Step 1 (b) .

                                                      Key Format : Should be same as step 1 (b)

                                                       PEM Passphrase : Should be same as step 1 (b)

                                                      Supply rest of the info  under "Distinguished Name fields"  as required.

                                                     Noting is required for "Attribute Fields "


                                                      c)  Click Create to create the certificate request file.

                                                      d) Click Close to close the Create Certificate Request window.

                                                     e)  Use a program such as WinSCP (http://winscp.net) to copy the CSR to the Local

                                                          computer.    The CSR file is located in the /nsconfig/ssl directory. This file need to send to

                                                        certificate authority like Verizon /Entrust/or Star .

File received from one of the certificate authority as shown below . Select download all the certificate.



Step 3.  Navigate through certificate tab and select add . This will pop up the box asking for information like

Certificate-Key Pair name: Provide friendly name

Certificate File name : Which you have received from CA provider . This can be PEM format . You can browse and select upload from local

Private Key File name :  This would be from appliance as you have created in Step 1(b) .

Password : Same as step 1 (b) /2(b)

Certificate Format : PEM

You can choose to notify when this certificate is expired .


That's all you have to for creating and installing SSL public certificate. In next blog I will discuss about linking with Virtual servers.

SOURCE 1 and 2

1 comment:

RapidSSL said...

Hello Roy!

Firstly,Let me thanks for sharing step by step Guidance for SSL installation including snap shots. Could you please share us that how could we install code signing ssl at using third party application.

WildCard SSL | EV SSL