Sometimes there can be some certificates that exist between the newly created NetScaler cert and the Root CA Certificate. These certificates ‘in the middle’ are known as intermediary or subordinate certificates and form a link or ‘chain’ between the root CA certificate and our newly created NetScaler certificate.
When some operating systems don’t have the full chain of intermediary certificates installed (and trusted) they will display a ‘certificate invalid’ message even when the certificate itself is valid. This is because the operating system is unable to verify your server certificate all the way up the certificate chain to the root certificate. These certificates can be installed and provide to the end users to greater enhance the user’s ability to connect to the NetScalers regardless of their endpoint or client device.
|1||Example: Connecting to a service or VIP on the NetScaler interface where we have bound the new Certificate shows an error in Chrome on Mac OSX
Note: This will vary between operating system and between CA certificate providers
|2||Log into the NetScaler web interface|
|3||Expand SSL > SSL Files
Click SSL > Certificates > CA Certificates
|4||Upload the bundled certificate from your 3rd party CA
|5||Expand SSL > SSL Files
Click SSL > Certificates > Server Certificates
Tick your newly created server certificate
Select Action – ‘Link’
|6||Select the CA Certificate uploaded in step 3
Tip: The NetScaler will automatically select the correct / valid certificate (if it is installed correctly and exists)
|7||Repeat this step for every certificate in the certificate chain including the root certificate|
If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud
Signup below to receive a free 200 page Citrix NetScaler Introduction guide!