2. Citrix NetScaler VPX: Install Your SSL Certificate

If you have not yet created your RSA key and certificate signing request (CSR) and ordered your certificate, see Citrix NetScaler VPX: Create Your CSR (Certificate Signing Request).

After receiving your SSL Certificate, you need to install it on your NetScaler VPX device and then, you can bind it to your virtual server.

To install and configure your SSL Certificate, do the following:

  1. Download your combined SSL and Intermediate Certificate .pem file.

    Note:

    If you selected Citrix (Other) as your server software when you ordered your SSL Certificate from COMODO, the certificate file that we sent you contains both your SSL Certificate and the COMODORSAAddTrustCA / COMODORSADomain/Organization/EV Intermediate Certificates and is in the .pem format for Citrix NetScaler VPX.

    You can simply open the ZIP file containing your SSL Certificate that we sent to you, save the SSL Certificate file (yourdomain_com.pem) to the Citrix NetScaler VPX device where you generated the CSR, and proceed to the next step: ii. Install your SSL Certificate combined .pem file.

  2. Install your SSL Certificate.

    NetScaler VPX: How to Install Your SSL Certificate

  3. Bind your SSL Certificate to a virtual server.

    NetScaler VPX: How to Bind Your SSL Certificate to a Virtual Server

 

i. How to Download Your Combined SSL and Intermediate Certificate .pem File

  1. Log into your COMODO® Management Console.

  2. On the SSL Certificates tab, in the list of your current certificates, select the order number for your new Citrix NetScaler VPX SSL Certificate.

  3. On the Manage Your…Certificate - Order page, under your Server Certificate image, click Download as .zip.

  4. Save your SSL Certificate combined .pem file (i.e. yourdomain_com.pem) to your Citrix NetScaler VPX device.

 

ii. NetScaler VPX: How to Install Your SSL Certificate

  1. Log into your NetScaler device console.

  2. In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management and then click SSL.

    NetScaler VPX Console 10.1

  3. On the NetScaler > Traffic Management > SSL page, under Tools, click Manage Certificates / Keys / CSRs.

  4. In the Manage Certificates / Keys / CSRs window, click Upload to locate, select, and upload your SSL Certificate .pem file (i.e. yourdomain_com.pem).

    NetScaler VPX Manage Certificates / Keys / CSRs

  5. In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management > SSL and then click Certificates.

    NetScaler VPX Console 10.1

  6. On the NetScaler > Traffic Management > SSL > SSL Certificates page, click Install.

  7. In the Install Certificate window, enter the following information:

    Certificate-Key Pair Name* Create a name for the certificate (i.e. Example).
       
    Certificate File Name* i. In the Browse drop-down list, select Appliance.
      ii. Click Browse to browse to and select your SSL Certificate file (i.e. /nsconfig/ssl/yourdomain_com.pem).
      iii. Click Select and then click Open.
       
    Key File Name i. In the Browse drop-down list, select Appliance.
      ii. Click Browse to browse to and select your RSA key file (i.e. /nsconfig/ssl/example.key) that you created.
      iii. Click Select and then click Open.
       
    Certificate Format Select PEM.
       
    Password Enter the password that you used when creating your CSR.
       
    Certificate Bundle Check this box.
      If you do not have the Certificate Bundle feature, finish installing your SSL Certificate.
      Then, follow the instructions in the Certificate Bundle Note.
       
    Notify When Expires Select Enabled to be notified before your certificate expires.
       
    Notification Period Enter the number of days before the certificate expires that you want to be notified.
       

    NetScaler VPX Install Certificate

  8. Click Create and then click Close.

  9. On the NetScaler > Traffic Management > SSL > SSL Certificates page, your SSL and Intermediate Certificates are added to the list of certificates.

    Your SSL Certificate is listed by the name that you created for it during installation (i.e. Example) and the Intermediate Certificate is listed by that same name with _ic1 appended to it (i.e. Example_ic1). If you do not have the Certificate Bundle option, you see only your SSL Certificate (i.e. Example).

    Certificate Bundle Note: If you do not have the Certificate Bundle feature, you need to install the COMODORSACA Intermediate Certificate before binding your SSL Certificate to a virtual server. See NetScaler VPX: How to Install the COMODORSACA Intermediate Certificate.

    NetScaler VPX Console 10.1


How to Verify the SSL and Intermediate Certificates Are Linked

  1. On the NetScaler > Traffic Management > SSL > SSL Certificates page, select your SSL Certificate (i.e. Example).

    NetScaler VPX Console 10.1

  2. In the Actions drop-down list, select Cert Links.

  3. In the SSL Certificate Links window, the _ic1 certificate should be listed as the CA Certificate Name for your SSL Certificate (i.e. Certificate Name: Example and CA Certificate Name: Example_ic1).

    NetScaler VPX SSL Certificates Links

 

iii. NetScaler VPX: How to Bind Your SSL Certificate to a Virtual Server

    1. In the NetScaler console, on the Configuration tab, in the tree menu, expand NetScaler Gateway and then click Virtual Servers.

      NetScaler VPX Console 10.1

    2. On the NetScaler > NetScaler Gateway > NetScaler Gateway Virtual Servers page, select the virtual server to which you want to bind your certificate and then click Open.

    3. In the Configure NetScaler Gateway Virtual Server window, on the Certificates tab, in the Available section, select your SSL Certificate and then click Add.

      NetScaler VPX Configure NetScaler Gateway Virtual Server

    4. In the Configured section, select the old certificate (i.e. Test) used to configure the virtual server and click Remove.

    5. Click OK.

    6. On the NetScaler > NetScaler Gateway > NetScaler Gateway Virtual Servers page, in the upper right corner click the save symbol (diskette).

      NetScaler VPX Console 10.1

    7. You have successfully installed and configured your Citrix NetScaler SSL Certificate.

Verifying Your Certificate is Configured Correctly

To verify that you correctly configure the SSL Certificate, use https to visit your website.


Test Your Installation

If your website is publicly accessible, our COMODO® SSL Installation Diagnostics Tool can help you diagnose common problems.


Troubleshooting

 

NetScaler VPX: How to Install the COMODORSACA Intermediate Certificates

If you have not installed your SSL Certificate, you need to that first. See, NetScaler VPX: How to Install Your SSL Certificate.

To install the COMODORSACA Intermediate Certificate and link your SSL Certificate to it, do the following:

    1. Download the COMODORSACA Intermediate Certificate.

      How to Download the COMODORSACA Intermediate Certificate

    2. Install the COMODORSACA Intermediate Certificate.

      NetScaler VPX: How to Install the Intermediate Certificate

    3. Link your SSL Certificate to the COMODORSACA Intermediate Certificate.

      NetScaler VPX: How to Link Your SSL Certificate to the Intermediate Certificate

 

i. How to Download the COMODORSACA Intermediate Certificate

      1. Log into your COMODO® Management Console.

      2. On the My Orders tab, in the list of your current certificates, select the order number for your Citrix NetScaler VPX SSL Certificate.

      3. On the Manage Your…Certificate - Order page, under your Server Certificate image, click Download.

      4. Save the COMODORSACA.pem intermediate certificate file to your Citrix NetScaler VPX device.

 

ii. NetScaler VPX: How to Install the Intermediate Certificate

      1. Log into your NetScaler device console.

      2. In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management and then click SSL.

        NetScaler VPX Console 10.1

      3. On the NetScaler > Traffic Management > SSL page, under Tools, click Manage Certificates / Keys / CSRs.

      4. In the Manage Certificates / Keys / CSRs window, click Upload to locate, select, and upload the COMODORSACA.pem file.

        NetScaler VPX Manage Certificates / Keys / CSRs

      5. In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management > SSL and then click Certificates.

        NetScaler VPX Console 10.1

      6. On the NetScaler > Traffic Management > SSL > SSL Certificates page, click Install.

      7. In the Install Certificate window, enter the following information:

        Certificate-Key Pair Name* Enter COMODORSACA.
           
        Certificate File Name* i. In the Browse drop-down list, select Appliance.
          ii. Click Browse to browse to and select the COMODORSACA.pem file (i.e. /nsconfig/ssl/COMODORSACA.pem).
          iii. Click Select and then click Open.
           
        Key File Name N/A (leave blank).
           
        Certificate Format Select PEM.
          The COMODORSACA.pem file is .pem formatted; it just uses a .pem extension.
           
        Password N/A (leave blank)
           
        Certificate Bundle • If you are using this instruction because you do not have the Certificate Bundle feature in your
             Citrix NetScaler VPX, you will not see this option.
          • If you are using this instruction because you received a ‘Not sending intermediate certificate’ error,
             DO NOT check this box.
           
        Notify When Expires Do not check this box.
           

        NetScaler VPX Install Certificate

      8. Click Create and then click Close.

      9. On the NetScaler > Traffic Management > SSL > SSL Certificates page, the COMODORSACA intermediate certificate is added to list of certificates.

        You are ready to link your SSL Certificate to the COMODORSACA Intermediate Certificate.

        NetScaler VPX Console 10.1

 

iii. NetScaler VPX: How to Link Your SSL Certificate to the Intermediate Certificate

      1. On the NetScaler > Traffic Management > SSL > SSL Certificates page, select your SSL Certificate (i.e. Example) and then in the Actions drop-down list, select Link.

        NetScaler VPX Console 10.1

      2. In the Link Server Certificate(s) window, in the CA Certificate Name* drop-down list, select COMODORSACA and then, click OK.

        NetScaler VPX Link Server Certificates

      3. Your SSL Certificate is now linked to its intermediate certificate (COMODORSACA.pem).

        You are ready to bind your SSL Certificate to a virtual server. See NetScaler VPX: How to Bind Your SSL Certificate to a Virtual Server.