NetScaler: Public Certificates

I’ll cover the whole story on NetScaler certificate in time, but for now, this is a little note about Intermediate certificates as I have just spent a while trying to remember how I did it previously.

Intermediate Certificates

When browsing to my NetScaler Gateway URL from a Windows PC, all was fine and there were no certificate errors, however my Android told a different store and complained the certificate was invalid. On most Linux-based device (including Apple Mac) the certificate from your web server needs to be ‘tied’ to the Certificate Authority’s certificate (root). This is done by using an Intermediate Certificate. On Windows, Microsoft take care of this for us, but on Linux, the intermediate certificate has to come from our web server.


The intermediate certificate is downloaded from the Certificate Authority e.g. VeriSign (Symantec), GoDaddy etc… The Intermediate certificate to download depending on the type of certificate purchased. For example VeriSign’s Premium Extended Validation Intermediate is different to the cheaper Premium. Once in your VeriSign portal, it becomes quite clear. With VeriSign, once I’ve located the correct Intermediate Cert, I simply copy and paste it into a new notepad session and save it as inter.csr. For GoDaddy, you download what they call the Certificate Bundle as a zip. Normally at the same time as your actual certificate although it can be downloaded later.


To install the intermediate certificate on a NetScaler is so simple, it’s often confusing. The following are the steps to complete, based on NS10.1: Build

  1. Obtain your intermediate certificate (see notes above).
  2. Log in to the NetScaler as an admin user (nsroot). Use either ADC or Gateway. (I don’t think it matters which is used, but the location of “SSL” in the menus might vary.)
  3. Expand SSL.
  4. Click Certificates.
  5. Click Install…
  6. Enter a Certificate-Key Pair Name: GoDaddy-Interm. This is what shows in the list and any selection drop-downs.
  7. To the right of Certificate File Name field, click the drop-down next to Browse and click Local
  8. Navigate to the location of the previously obtained intermediate certificate file (gd_bundle.crt).
  9. Click Create.


Finally, the Intermediate Certificate has to be linked to the server certificate.
  1. Right-click the server certificate and select Link…
  2. Select GoDaddy-Interm certificate and click OK.
Browse to the NetScaler’s URL from your Android and you should no longer get a certificate warning.

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    Markdown is turned off in code blocks:
     [This is not a link](

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see

This site uses Akismet to reduce spam. Learn how your comment data is processed.