Netscaler SSL Certificate Renewal and Install

By the time I need to renew my NetScaler Certificates I always forget how to do it. Plus most of the time its a last minute rushed change. So here is the basic steps:

  1. Backup the Netscaler Config
pscp -v -p -pw <password> nsroot@<IP Address>:/nsconfig/* "c:\SSL_BACKUP\"
  1. Save Running Config
  2. Save Config – Configuration/System/Diagnostics/Technical Support Tools/Generate support file
  3. Extract the Private & Public keys from the PFX file provided by your Certificate Authority using openssl command:
 openssl pkcs12 –in xxxx.pfx –out xxxx.crt –nokeys –clcerts
 openssl pkcs12 –in xxxx.pfx –clcerts –out privatekey.pem
 openssl rsa –in privatekey.pem –out xxxx.key
  1. Connect to the NetScaler Management Interface via your Browser and select Configurations/SSL/Certificates
  2. Right click on  Certificate and select Update, locate your Certificate.crt file & Private.Key file by selecting Browse Local > enter password if Certificate has a password otherwise leave it blank and click OK and Overwrite existing file.
  3. netscaler_Certs
  4. Check the Expiry date has been updated
  5. Upload the Intermediate Certificate Authority and Link to all corresponding keys.. 
  6. Verify the SSL Certificate by using SSL Certificate Verification Tool –
  7. Make sure DR Netscaler with the same url is updated as well. Test the DR Netscaler by changing your local host file IP address of that UTL to the IP address of that DR NetScaler

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s