知識庫

在 Citrix NetScaler VPX 安裝 SSL 證書

After the SSL certificate is validated and issued, you can get it from ZTABOX email.

In order to install the SSL certificate on Citrix NetScaler VPX, log into your console, select the Configuration tab, expand the Traffic Management left-side menu and click SSL.

citrinst1

In the Tools section, click Manage Certificates / Keys / CSRs/. In the appeared window, click Upload/b> to import the issued certificate (the .crt file) and the certificate chain or CA Bundle (the .ca-bundle file). The bundle file was emailed to you along with the end-entity certificate.

citrinst2

After this, get back to the homepage of the console, select the Configuration tab, expand the Traffic Management tree menu, click on + next to the SSL section and choose Certificates.

citrinst3

At this point, it is necessary to click Install and fill in the form:

Certificate-Key Pair Name - make up a name for your SSL certificate in order to differentiate it from other certificate files stored on the server.

Certificate File Name - click Browse and choose the .crt file you just uploaded.

Key File Name - click Browse and choose the Private Key that was generated along with the CSR code (the .key file).

Certificate Format - select PEM since this format is supported by NetScaler VPX.

Password - leave this field blank if no passphrase was assigned to the Private Key during its generation.

The Certificate Bundle checkbox should not be checked as the bundle should be installed separately.

After all the necessary fields are filled in, click Install.

citrinst4

Now, your SSL certificate is installed. However, it is still necessary to install the CA Bundle in order for the certificate to be trusted by browsers.

Get back to the Certificates section of the SSL left-side menu and click Install.

citrinst5

In case with the CA Bundle, it is only necessary to fill in two fields:

Certificate-Key Pair Name - make up a name for your intermediate (CA Bundle) certificate.

Certificate File Name - click Browse and select the .ca-bundle file you uploaded along with the end-entity certificate (the .crt file) before.

Once the fields are filled in, click Install.

Note: if you receive the following error message: Resource already exists {certkeyName Contents, Intermediate], it means that the CA Bundle is already installed on the server. You can disregard this alert and proceed with SSL configuration.

citrinst6

After the intermediate certificate is installed, you can find it in the certificate list of the Certificates section of the SSL tree menu.

At this point, it is required to link the end-entity certificate and the CA Bundle. Select the end-entity certificate in the certificate list, click on Action and choose Link from the drop-down menu.

On the Link Server Certificates page, locate the name of the CA Bundle file in the CA Certificate Name section and click OK to connect the end entity certificate to the CA Bundle.

citrinst7

Now, your SSL certificate is prepared to be linked with the Virtual Host for successful configuration. By binding the certificate to the Virtual Host, the SSL is assigned to a certain port and website on the server.

Expand the NetScaler Gateway left-side menu and click on Virtual Servers. On the next page, choose your website from the list of servers and click Edit.

citrinst8

Now, it is necessary to click on Server Certificate to configure binding for the uploaded SSL.

citrinst9

In the pop-up page, click Add Binding.

Note: It is possible that an old certificate is already bound to the virtual server. In this case, you will receive a confirmation to unbind the previous SSL. Click Yes and proceed with configuration.

On the Add Binding section, it is necessary to click on the Select Server Certificate field and select the newly installed SSL. After this, click Bind to finalize SSL configuration on Citrix NetScaler VPX.

citrinst10

Now the SSL certificate should work properly and your website can be accessed via secure HTTPS protocol. You can always check the correctness of SSL installation using this tool.

You might also wish to force a secure connection so that your website is automatically accessed via HTTPS. You can find guidelines on the HTTP>HTTPS redirection here.

If you are experiencing any difficulties throughout the process, please contact our Support.