Home » KBArticles » Citrix NetScaler Certificates – Certificate Linking

Citrix NetScaler Certificates – Certificate Linking

Sometimes there can be some certificates that exist between the newly created NetScaler cert and the Root CA Certificate. These certificates ‘in the middle’ are known as intermediary or subordinate certificates and form a link or ‘chain’ between the root CA certificate and our newly created NetScaler certificate.

For example:

When some operating systems don’t have the full chain of intermediary certificates installed (and trusted) they will display a ‘certificate invalid’ message even when the certificate itself is valid. This is because the operating system is unable to verify your server certificate all the way up the certificate chain to the root certificate. These certificates can be installed and provide to the end users to greater enhance the user’s ability to connect to the NetScalers regardless of their endpoint or client device.

Step Description Screenshot
1 Example: Connecting to a service or VIP on the NetScaler interface where we have bound the new Certificate shows an error in Chrome on Mac OSX

Note: This will vary between operating system and between CA certificate providers

2 Log into the NetScaler web interface

 3 Expand SSL > SSL Files

Click SSL > Certificates > CA Certificates

Click Install

 4 Upload the bundled certificate from your 3rd party CA

Click Install

 5 Expand SSL > SSL Files

Click SSL > Certificates > Server Certificates

Tick your newly created server certificate

Select Action – ‘Link’

6 Select the CA Certificate uploaded in step 3

Tip: The NetScaler will automatically select the correct / valid certificate (if it is installed correctly and exists)

 7 Repeat this step for every certificate in the certificate chain including the root certificate

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Signup below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.