Redirecting you to
Click if you are not redirected within 5 seconds
USD
Support
Contact Us
Tech Document Sep 26, 2018

How to Generate Certificate Signing Request on Citrix NetScaler VPX

This article will go into detail on how to generate certificate signing request on Citrix NetScaler VPX.

These instructions were created using Citrix NetScaler 10.1 VPX (50). Depending on which version of Citrix NetScaler VPX you are using, you may need to modify these instructions accordingly. For example, in these instructions, the SSL node is a sublevel node to the top level Traffic Management node. In some situations, the SSL node is a top level node.

NetScaler VPX Create RSA Key

These instructions may be applicable to the following versions of Citrix NetScaler VPX (10, 50, 200, 1000, and 3000):

  • Citrix NetScaler 10.5+ VPX
  • Citrix NetScaler 10.1+ VPX
  • Citrix NetScaler 10.0+ VPX
  • Citrix NetScaler 9.3+ VPX

1. Citrix NetScaler VPX: Create Your CSR (Certificate Signing Request)

i. NetScaler VPX: How to Create an RSA Key

You need to create an RSA Key before you can create your CSR.

  1. Log into your NetScaler device console.
  2. In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management and then click SSL.NetScaler VPX Console 10.1
  3. On the NetScaler > Traffic Management > SSL page, under SSL Keys, click Create RSA Key.
  4. In the Create RSA Key window, enter the following RSA key information:
    Key Filename*Create a name for your file in which the RSA key is stored, making sure to take note of the name (i.e. example.key).
    Key Size(bits)*Enter 2048.
    Public Exponent Value*In the drop-down list, select 3 (Hex: 0x3) or F4 (Hex: 0x10001). If you do not have a preference, use the default value.
    This value is part of the cipher algorithm which is required to create your RSA key.
    Key Format*In the drop-down list, select PEM. PEM is the recommended format for your SSL Certificate.
    PEM Encoding Algorithm(Optional) In the drop-down list, select the algorithm (DES or DES3) that you want to use to encrypt the generated.
    RSK key. If you leave this box blank, you are not required to enter a passphrase.
    PEM Passphrase(Optional) Enter a passphrase used for encryption, making sure to take note of it for use later.
    If you left the PEM Encoding Algorithm box blank, you cannot enter a passphrase.
    Confirm PEM Passphrase(Optional) Enter your passphrase again.
    If you left the PEM Encoding Algorithm box blank, you cannot confirm a passphrase.
    NetScaler VPX Create RSA Key
  5. When you are finished, click OK and then click Close. Proceed to creating your CSR.

ii. NetScaler VPX: How to Create Your CSR

After creating an RSA key, you are ready to create your CSR and submit it to a trusted CA and order your SSL Certificate.

  1. In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management and then click SSL.NetScaler VPX Console 10.1
  2. On the NetScaler > Traffic Management > SSL page, under SSL Certificates, click Create CSR (Certificate Signing Request).
  3. In the Create CSR (Certificate Signing Request) window, enter the following information:
    Request File Name*Create a request file name (i.e. example.csr).
    Key Filename*i. In the Browse drop-down list, select Appliance.
    ii. Click Browse to browse to and select your RSA key file you created earlier (i.e. example.key).
    iii. Click Select and then click Open.
    Key FormatSelect PEM. PEM is the recommended format for your SSL Certificate.
    Key Format*In the drop-down list, select PEM. PEM is the recommended format for your SSL Certificate.
    PEM Passphrase(Optional) Enter your passphrase. If you left the PEM Encoding Algorithm box blank when you created your RSA key,
    (For Encrypted Key)you are not required to enter a passphrase.
    NetScaler VPX Create CSR
  4. In the Distinguished Name Fields section, enter the following certificate information:
    Country*In the drop-down list, select the country where your company is legally located.
    State or Province*Enter the state or providence where your company is legally located.
    Organization Name**Enter your company's legally registered name (i.e. YourCompany, Inc.).
    CityEnter the city where your company is legally located.
    Email Address(Optional) Unless you have reason for providing an email address, you can leave this box blank.
    Organization Unit(Optional) Enter the department within your organization that you want to appear on the SSL Certificate.
    Common NameEnter the name to be used to access the certificate. This name is usually the fully qualified domain name (FQDN).
    For example, www.yourdomain.com o... the Attribute Fields section, enter the following information:
    Challenge PasswordEnter a password, making sure to take note of it for use later during certificate installation.
    Company Name(Optional) Enter your company name (i.e. YourCompany).
  5. When you are finished, click OK and then Close.
  6. In the NetScaler console, on the Configuration tab, in the tree menu, expand Traffic Management and then click SSL.NetScaler VPX Console 10.1
  7. On the NetScaler > Traffic Management > SSL page, under Tools, click Manage Certificates / Keys / CSRs.
  8. In the Manage Certificates / Keys / CSRs window, select your CSR or request file (i.e. example.csr) and then click View.NetScaler VPX Manage Certificates / Keys / CSRs
  9. In the your "CSR" window (i.e. example.csr), copy the text of your CSR, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the order form.

    Note: During your SSL Certificate ordering process, make sure that you select Citrix (Other) when asked to Select Server Software. This option ensures that you receive all the required certificates for Citrix NetScaler Certificate Installation (Intermediate and SSL Certificates).

    NetScaler VPX CSR window

    Ready to Order Your Citrix NetScaler SSL Certificates

  10. After you receive your SSL Certificate, you can install it.