In our test environment I recently used an existing SSL Wildcard certificate for making the Netscaler available external, to accomplish this I needed to export the certificate from a IIS server and import the certificate into the Netscaler. When using StoreFront 2.0 which also advises you to use a SSL certificate you also need this certificate imported into the Netscaler.
Exporting the Certificates
To use the exported files we need to export the Certificate two times, one time with the private key and one time without.
1. Right click the certificate and select “All Tasks” then select “Export“. Follow the wizard and choose option ” Yes, export the private key” and continue the wizard. When you don’t get the option to export the private key, the issue a new certificate with the private key export option.
2. When you received the option to export the private key, you now should receive the PKCS #12 (.PFX) options, uncheck all the options, click “Next” and choose a password and filename and export the Certificate. Choose a filename that’s looks like the certificate name, because the netscaler will store the files with the names you choose. When using something like “certificate.pfx” this could get confusing in time.
After we exported the certificate for the first time we now need to export it again.
4. Right click the certificate and select “All Tasks” then select “Export“. Follow the wizard and choose option “No, do not export the private key” and continue the wizard.
5. Select “Base-64 encoded X.509” and click “Next“, choose a appropriate filename and export the certificate.
6. Now we have exported the certificates and have two files.
Importing the Certificates
1. login on the Netscaler Gateway, go to configuration and open the SSL page in the left menu. Now select “Import PKCS #12” under Tools.
2. In the window that just opened file in the “Output File Name” ending with .key, at the “PKCS12 File Name” browse to the exported file on your PC. Type the password you entered during the export and select the “Encoding Format” to “DES3” and than click “OK“
3. Now click on the “Manage Certificates / Keys / CSRs” and upload the .cer file. You now have three files on the Netscaler.
4. In the left menu under SSL select “Certificates” and then click “Install“
5. Enter the name you like to use in the “Certificate-Key Pair Name”. For the “Certificate File Name” select the .cer file you uploaded. For the “Private Key File Name” select your .key file. Use the password you entered in step 2 and then click “Create“.
6. Now the certificate is installed and can be used for the Netscaler, the certificate above is used for contacting StoreFront server which is also using a SSL certificate.
Good stuff Sjoerd! All laid out, detailed and all 🙂
Always fighting with the exports/imports, this clarified it a lot, thanks!
Regards, your old backdoor neighbor (Wieënstraat) ;),
Jop Gommans
Very helpful, thank you
Your welcome. 🙂