« previous next »
Pages: [1]   Go Down

Author Topic: How to Import Existing Certificates and Keys to a NetScaler Server  (Read 10939 times)

Offline jmelika

  • Administrator
  • Hero Member
  • *****
  • Posts: 339
  • Karma: 7
How to Import Existing Certificates and Keys to a NetScaler Server
« on: August 13, 2007, 03:44:16 AM »
Summary

The purpose of this document is to communicate to a NetScaler Administrator how SSL certificates and their associated keys can be imported to a NetScaler server from an existing Web server.

Pre-installation Checklist Information

• Make sure that the certificate and key names contain no special characters or spaces that are not supported by a UNIX file system.

• NetScaler supports two certificate formats, PEM and DER. PEM is the default format NetScaler uses and you must be sure that the certificate is in one of these formats before attempting the export/import.

• Certificates can be exported from the following Web servers:

      o IIS

      o Apache

      o Stronghold

      o Sun IPlanet

      o BEA Weblogic

Exporting Certificates and Keys from an existing Web Server

You can use WINSCP to transfer files from your existing Web server to a NetScaler system.

• Note that certificates in IIS are in PFX format, and must be converted to PEM or DER before they are imported to a NetScaler server. A good tool to use for this is openSSL.

• Note that Sun IPlanet uses a command line utility (pk12util) to export certificates. You need to familiarize yourself with this tool to be able to export certificates from IPlanet.

• Certificates exported from Sun IPlanet are exported in PKCS format, and must be converted to PEM or DER before they are imported to a NetScaler server.

Importing Certificates and Keys to a NetScaler Server

After the certificate and key file are transferred to a NetScaler server and is in PEM or DER format, you can install them using the following command in the NSCLI prompt:

add ssl certkey <certkeyName> -cert <string> [-key <string>] [-fipsKey <string>] [-inform ( DER | PEM )] [-password]

Note: The certificate and key path must be under the default directory /nsconfig/ssl

Example If the key is not encrypted:

add certkey cert1 -cert /nsconfig/ssl/cert1024.pem -key /

nsconfig/ssl/rsa1024.pem

Example If the key is encrypted:

If the key is encrypted, you must specify the -password option while installing or importing the certificate and key. The user will be prompted to enter the pass-phrase (password) that was used to encrypt the key. Enter the following CLI command:

add certkey cert1 -cert /nsconfig/ssl/cert1024.pem -key /nsconfig/ssl/

When finished both key and certificate will be located in the /nsconfig/ssl directory on the NetScaler server.
Logged
Pages: [1]   Go Up
« previous next »