Versions Compared

Old Version 1

changes.mady.by.user Paul Ruvin

Saved on

compared with

New Version Current

changes.mady.by.user Paul Ruvin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Because the Microsoft Certificate Server is known to Active Directory the trusted CA certificate is automatically installed on all domain-joined systems, the engineers then have to manually add the trusted CA certificate to non-domain-joined systems including domestic PCs, thin clients, tablets and smart phones


On the Microsoft Certificate Server (Usually the domain controller)


1. Run mmc and load the Certification Authority Snap-in.
Image Added
Image Added

2. Right click the authority > All Tasks > Back up CA.
Image Added
3. Back up the Private key and CA certificate to a convenient location.
Image Added
4. Create a password.
Image Added


5. Click Next.
6. Click Finish.
The backup creates a .p12 file with the name of your Certificate authority.
Image Added

On the ADC GUI

Import the CA certificate

To import the backed up key and certificate, complete the following steps:


1. Go to Traffic Management > SSL > Tools > Import PKCS#12.
Image Added



2. Output file name is xxxxx.pem in the /flash/nsconfig/ssl folder on the appliance. PKCS12 File is the p12 backup file created.* Password is the password used during the backup


Image Added
*NOTE: By using the dropdown arrows where it says Choose File, it is possible to read the .p12 file from the local PC/Server where you did the Backup.
Image Added

Image Added

Install the CA certificate

Install the CA certificate if you want to use SSL to communicate from the NetScaler Gateway to your StoreFront:

 
1. Go to Traffic Management > SSL > Certificates > CA Certificates.


2.Click on Install at the top
Image Added
3. Type in the a name for the key-pair.

4.For the certificate file name, select  the p12 file you had saved locally.
Image Added

5. Click on Install


Image Added




Create the server certificate


To create the server certificate, complete the following steps:

1. Go to Traffic Management > SSL > Getting Started > Server Certificate Wizard.
Image Added
First part gets you to create an RSA encryption key.

  1. Enter the key name
  2. Enter the key size

For this example the Public Exponent Value and Key format is kept as the defaulted F4 and PEM.
Image Added

3. Enter a request file name

4. The Keyname file should be autopopulated

5. For the CSR I left Key Format defaulted to PEM and Digest Method as SHA1
Image Added

6.  The common name will be the same as the FQDN for the Citrix Gateway name

7.  Enter a Certificate file name

8. The Certificate Request File name should auto poplulate.  If not click on Choose File > Appliance and select the req file you created from the list.

9. Here I left the Key Format and Validity Period as Defaults
Image Added
10. For Serial Key File Format browse appliance for ns-root.srl

11. Click on Create

12.  Enter a key pair name.

13.  The Certificate File name should auto poplulate.  If not click on Choose File > Appliance and select the cer file you created from the list.

14. For Key File Name click on Choose File > Appliance and select the key file you created.
Image Added

15. Click on Create

If you get the green tick it means you have installed the Server certificate successfully
Image Added
You can check for it under Traffic Management > SSL >Certificates > Server Certificates
Image Added