By the time I need to renew my NetScaler Certificates I always forget how to do it. Plus most of the time its a last minute rushed change. So here is the basic steps:
- Backup the Netscaler Config
pscp -v -p -pw <password> nsroot@<IP Address>:/nsconfig/* "c:\SSL_BACKUP\"
- Save Running Config
- Save Config – Configuration/System/Diagnostics/Technical Support Tools/Generate support file
- Extract the Private & Public keys from the PFX file provided by your Certificate Authority using openssl command:
openssl pkcs12 –in xxxx.pfx –out xxxx.crt –nokeys –clcerts openssl pkcs12 –in xxxx.pfx –clcerts –out privatekey.pem openssl rsa –in privatekey.pem –out xxxx.key
- Connect to the NetScaler Management Interface via your Browser and select Configurations/SSL/Certificates
- Right click on Certificate and select Update, locate your Certificate.crt file & Private.Key file by selecting Browse Local > enter password if Certificate has a password otherwise leave it blank and click OK and Overwrite existing file.
- Check the Expiry date has been updated
- Upload the Intermediate Certificate Authority and Link to all corresponding keys..
- Verify the SSL Certificate by using SSL Certificate Verification Tool – https://ssl-tools.verisign.com/#certChecker)
- Make sure DR Netscaler with the same url is updated as well. Test the DR Netscaler by changing your local host file IP address of that UTL to the IP address of that DR NetScaler