This article describes how to export certificates from a NetScaler appliance as a PFX file to use on another host.

Requirements

You must have a working installation of the OpenSSL software and be able to execute openssl from the command line. The OpenSSL is also available from the NetScaler shell prompt and Configuration Utility.

Instructions

Export Certificates Through NetScaler CLI

To export certificates from the NetScaler appliance as a PFX file for use on another host, complete the following procedure:

1. Obtain the relevant certificate and key file from the NetScaler and place in a local directory of the workstation. All the certificate and key files are in nsconfig/ssl directory.
   Certificates from NetScaler can be obtained by use of WinScp.

2. Open a command line interface and change the directory to the location of the OpenSSL executable (in <drive>:\openssl\bin by default).

3. Type the following (pfx used in this example):
   C:\OpenSSL\bin>openssl pkcs12 -export -in <yourcertificatename.cer> -inkey <yourcertificatekey.key> -out <desiredfilename.pfx>

   - yourcertifcatename.cer is the certificate name present on the NetScaler.
   - yourcertificatekey is the key associated with certificate yourcertificatename.
   - desiredfilename is the name that you want to assign to the PFX file.

4. Type Export Password: <enter desired pfx pwd here>
   Verifying - Enter Export Password: <confirm pwd>

Export Certificates Through NetScaler GUI

To export certificates from the NetScaler appliance as a PFX file for use on another host, complete the following procedure:

1. Obtain the relevant certificate and key file from the NetScaler and place in a local directory of the workstation.
   Navigate to Traffic Management > SSL, click on Manage Certificates / Keys / CSRs.

   

2. Click the certificate that you want to download and choose Download. This step is optional as isn't possible to export certificates and private keys directly from the appliance without downloading them.

   

3. Navigate to Traffic Management > SSL > Export PKCS#12.
   

4. Choose the output file name for PFX file.

5. Choose the certificate and key stored in the local disk (if you followed Step 2) or from the appliance.

6. Fill out the export password and press ok.

See OpenSSL documentation for complete options and details.