Netscaler Knowledgebase

I'm comfortable with working with certificates through the NetScaler web interface, however I now have a need to utilise a certificate that uses the Subject Alternative Name field which requires the use of OpenSSL at the command line.

Citrix don't have any documentation surrounding this as it is purely OpenSSL, however I am struggling to get what I need and my Google skills are letting me down today.  I'm hoping that someone else might have been here before and might have a step by step guide?

I need to generate the private key, and I then need to generate the certificate signing request in order to send off to our internal Microsoft CA to be signed.  I would like to include several SAN field entries within the certificate signing request.

Can anyone help?

Thanks, Andy.

This is what you need to add to the openssl.cfg

subjectAltName          = @alt_names
[alt_names]
DNS.1 = fqdn.foo.com
DNS.2 = anythingyouwant
DNS.3 = etc

Which suggests adding 'copy_extensions = copy' to the OpenSSL conf file.  I tried added this into an nsssl.conf file somewhere in /etc but it didn't make any difference when I re-generated the CSR and then signed it again.

Anyone else done this before?

Do not modify the SSL configuration information on the Netscaler. Download OpenSSL to your machine and work with that.