Part 2: Configure & Install the certificate on the NetScaler.

Part 1: Generate SAN certificate using AD CA

Part 2: Configure & Install the certificate on the NetScaler.

Import the PFX certificate, generating the key file.

  1. Log in to the NetScaler’s GUI.
  2. On the Configuration tab, navigate to Traffic Management > SSL.
  3. Click Import PKCS#12.
  4. In the “Output File Name” field, give the certificate a file name as it will be know by the NetScaler with a .key suffix.
  5. In the “PKCS12” field, point to the pfx certificate. (File can be on your desktop’s file system – no need to upload first).
  6. Enter the password you used when exporting the certificate from Windows.
  7. Select DES3.
  8. Enter a “PEM Passphrase” to protect the key on the NetScaler. (Not the same as the import password).

  1. Click OK.

Install the certificate

  1. On the Configuration tab, navigate to Traffic Management > SSL > Certificate.
  2. Click Install.
  3. In “Certificate-key Pair Name” field, give the certificate a name. This is how it will be referenced by the NetScaler functions, so make sure it’s easily identifiable.
  4. In the “Certificate File Name” field, point to the .cer file exported (without the private key), choosing “local” and navigating your Windows machine.
  5. In the “Key File Name” field, point to the key file created on the appliance (in the Import PFX section).
  6. Select “PEM”.
  7. Enter the passphrase password (set in the Import PFX section).
  8. Optionally set the expiry notification.
  9. Click Install.

    Your certificate now looks like this:

    Don’t forget to link it to your CA root certificate. (Action > Link).

Previous: Part 1: Generate SAN certificate using AD CA