Unable to Import a PFX Certificate on NetScaler with Error: "crl refresh disabled"

Unable to Import a PFX Certificate on NetScaler with Error: "crl refresh disabled"

book

Article ID: CTX207753

calendar_today

Updated On:

Description

When converting an SSL certificate from PFX to PEM format using the import PKCS12 option in NetScaler GUI, the following error is displayed:
ERROR: crl refresh disabled

User-added image

The following information is also recorded in the NetScaler log:
Dec 13 12:09:58 <local0.info> 10.104.31.30 12/13/2014:12:09:58 GMT  0-PPE-0 : UI CMD_EXECUTED 22099 0 :  User nsroot - Remote_ip 10.252.245.176 - Command "convert ssl pkcs12 test.pem -import -pkcs12File test.pfx -certFile test.pfx -password "********" -PEMPassPhrase "********"" - Status "ERROR: crl refresh disabled"

Resolution

Use one of the following workarounds to resolve this issue:

  1. Export the PFX file with an export password which does not contain any special characters.

  2. Use OpenSSL command to convert PFX to PEM format. Below command can be used for this conversion:
    openssl pkcs12 -in test.pfx -out test.pem -nodes

Problem Cause

This happens when the import password has some special characters.

Issue/Introduction

When converting an SSL certificate from PFX to PEM format using the import PKCS12 option in NetScaler GUI, the following error is displayed: ERROR: crl refresh disabled
Powered by Wolken Software