If you have a Citrix Netscaler and you need to manage it, you have to connect to the NetScaler IP (NIP) with a browser.  But if you try to connect to it via HTTPS either with IE or Firefox you will get an “Invalid Certificate” Error.

 

Trying to follow the instructions in the Citrix Article (CTX122521) “How to Replace the Default Certificate of a NetScaler Appliance with a Trusted CA Certificate that Matches the Hostname of the Appliance” is just too cumbersome, and I knew there had to be an easier way to do it via the GUI, and there is:

Note:
Before we start I am assuming you already have a certificate installed in the NetScaler, either a cert that matches the host name of the NetScaler or a Wild Card cert

If you dont know how to install a certificate on the NetScalers, I suggest you read these article
How to Generate and Install a Public SSL Certificate on a NetScaler Appliance (CTX109260)
– How to Transfer Certificates from IIS to the NetScaler(CTX109031)
 

 

  1.  Log into your NetScaler using an account with “superuser” powers (nsroot, etc)
  2. Expand the “Load Balancing” Tab and click on “Services”
  3. On the right side under services click the “Internal Services” tab
  4. Highlight the “nshttps-127.0.0.1-443” service and click the “Open” button
  5. In the “Configure Service” window, click the “SSL Settings” tab
  6. Under the “Configured” certificates you will see the default “ns-server-certificate”, highlight it and click the “Remove” button
  7. Under the “Available” certificates, highlight the certificate you want to use and click the “Add” button (in my case, the “Pinchii Wildcard SSL Cert” from Godaddy)
  8. Hit “Ok” and close out of that window
  9. Repeat the same procedure for “nsrpcs-127.0.0.1-3008” and “nsrpcs-127.0.0.1-3009” as these are the “services” used when you configure the NetScalers using the “Web Start Client” Java App
  10. Hit “Save” and then “Refresh All” to save your new configuration to the NetScalers

 

Thats it, now next time you try to login to your NetScalers with a HTTPS connection you will have a valid SSL cert and you should have no warnings or problems with IE or Firefox

Facebook Twitter Email Linkedin Digg Delicious