How to Create and Install Self-signed Server and Root Certificate Authority (CA) Test Certificates for a CloudConnector Implementation

How to Create and Install Self-signed Server and Root Certificate Authority (CA) Test Certificates for a CloudConnector Implementation

book

Article ID: CTX137073

calendar_today

Updated On:

Description

This article describes how to manually create and install self-signed server and Root Certificate Authority (CA) test certificates using a Public Key Size of 2048 bits for a CloudConnector implementation between two NetScaler VPX appliances.

Requirements

  • Access to the Graphical User Interface (GUI) of the NetScaler VPX appliance
  • WinSCP or equivalent secure file transfer application
  • The procedure discussed in the article assumes that you have prior knowledge of completing the following tasks:
    - Creating a Private Key
    - Creating a Certificate Signing Request (CSR)
    - Obtaining a Certificate from a CA

  • Enable the SSL feature on both the NetScaler VPX appliances.

    User-added image

Instructions

Complete the following procedure to create the root CA files and the server files for both the NetScaler VPX appliances:

  1. Creating Root CA Files for NetScaler VPX Appliance

  2. Creating Server Files for NetScaler VPX Appliance

Creating Root CA Files for NetScaler VPX Appliance

Complete the following procedures on NetScaler VPX appliance 1 to create the following Root CA files:

  1. Creating Root CA Private Key

  2. Creating Root CA CSR

  3. Creating Root CA Certificate

Creating Root CA Private Key

  1. From the GUI, select SSL > SSL Keys > Create RSA Key.

  2. Specify the Key Filename.

  3. Specify Key Size (bits) as 2048.

  4. Click Create and then Close.

    User-added image

Creating Root CA CSR

  1. From the GUI, select SSL > SSL Certificates > Create Certificate Request.

  2. Specify a Request File Name.

  3. Click Browse and select the private key created in the Creating Root CA Private Key section.

  4. Specify the information for the Distinguished Name Fields.
    Note: You must specify the details for the ROOT CA Certificate for this appliance.

  5. Click Create and then Close.

    User-added image

Creating Root CA Certificate

  1. From the GUI, select SSL > SSL Certificates > Create Certificate.

  2. Specify the Certificate File Name.

  3. Select the Root-CA option for Certificate Type.

  4. Click Browse and select the CSR created in the Creating Root CA CSR section.

  5. Click Browse and select the private key created in the Creating Root CA Private Key section.

  6. Click Create and then Close.

    User-added image

Creating Server Files for NetScaler VPX Appliance

Complete the following procedure to create the following Server files:

  1. Creating Server Private Key

  2. Creating the Server CSR

  3. Creating Server Certificate

 Creating Server Private Key

  1. From the GUI, select SSL > SSL Keys > Create RSA Key.

  2. Specify the Key Filename.

  3. Specify the Key Size (bits) as 2048.

  4. Click Create and then Close.

    User-added image

Creating the Server CSR

  1. From the GUI, select SSL > SSL Certificates > Create Certificate Request.

  2. Specify the Request File Name.

  3. Click Browse and select the private key created in the Creating Server Private Key section.

  4. Specify the information for the Distinguished Name Fields.
    Note: You must specify the details for the Server Certificate for this appliance.

  5. Click Create and then Close.

    User-added image

Creating Server Certificate

  1. From the GUI, select SSL > SSL Certificates > Create Certificate.

  2. Specify the Certificate File Name.

  3. Select the Server option for Certificate Type.

  4. Click Browse and select the server CSR created in the Creating the Server CSR section for Certificate Request File Name.

  5. Click Browse and select the Root CA certificate created in the Creating Root CA Certificate section for CA Certificate File Name.

  6. Click Browse and select the file CA serial is available on the appliance or the file ns-root.srl.

    User-added image

    User-added image

    Or

    User-added image

  7. Select Install and then Close.

Repeat the procedures Creating Root CA Files for NetScaler VPX Appliance and Creating Server Files for NetScaler VPX Appliance on NetScaler VPX on appliance 2.

 

Issue/Introduction

This article describes how to manually create and install self-signed server and Root CA test certificates using a Public Key Size of 2048 bits for a CloudConnector implementation between two NetScaler VPX appliances.

Additional Information

The GUI on the Access Gateway Enterprise Edition appliance has a tool to create and install self-signed test Server and Root CA Certificates as shown in the following screen shot:

User-added image

When you select Create and Install a Server Test Certificate Wizard, the appliance prompts the user to provide Certificate File Name and Fully Qualified Domain Name.

User-added image

After you provide the preceding information, seven files are generated in the /nsconfig/ssl directory.

User-added image

The following are the server Certificate files generated:

Description

Certificate Name

Private Key of the server certificate

example.cer.key

CSR of the server certificate

example.cer.req

Server certificate

example.cer.cert

The following are the server Root CA files generated:

Description

Certificate Name

Private Key of the Root CA certificate

example.cer-root.key

CSR of the Root CA certificate

example.cer-root.req

Root CA certificate

example.cer-root.cert

Serial Number of the Certificate

CAserial

The new self-signed or test server certificate appears under SSL > Certificates.

User-added image

The limitation of the self-signed certificates is that its Public Key Size is 512 bits and security policies might require a strongest key size. You can verify the key size on the GUI in SSL > Certificates. Select the certificate and click Details.

User-added image
Powered by Wolken Software