From time to time I have to create a new virtual server on my NetScaler box, along with a new SSL certificate. Recent NetScaler versions provide you an easy option to create a test certificate with one click, but at some point you will need a real certificate there. In may cases the certificate you have is in FPX (aka PKCS#12) format, while NetScaler requires certificate and key pair in PEM or DES format. Solving this puzzle may not be so easy.
Fortunately, NetScaler itself comes with embedded OpenSSL support, and the following steps will help you handle certificate installation task even without deep OpenSSL knowledge.
root@ns1# root@ns1# pwd /nsconfig/ssl root@ns1# ls my-test* my-test.pfx root@ns1# openssl pkcs12 -nokeys -in my-test.pfx -out my-test.cert Enter Import Password: MAC verified OK root@ns1# openssl pkcs12 -nocerts -nodes -in my-test.pfx -out my-test.key Enter Import Password: MAC verified OK root@ns1# ls my-test* my-test.cert my-test.key my-test.pfx root@ns1# root@ns1#
Pay attention to the highlighted lines above – those are the commands that create certificate and keys files respectively.
Now you are ready to install your fresh pair on NetScaler.
Enjoy!
