Citrix Secure Web Gateway, formerly NetScaler Secure Web Gateway

This article provides steps to export a root CA certificate with private key from a Microsoft Authority Server. This root CA certificate can be used on your NetScaler Secure Web Gateway server.

Instructions

1.Log on to the Domain Controller that has the target Certificate Authority installed. 

2. Open the Certificate Authority MMC (run certsrv.msc).

The Certification Authority Backup Wizard starts.

4.  On the Certification Authority Backup Wizard screen click Next

6. On the Select a Password page, enter a password and confirm it. This password will be required when processing and importing the key into NetScaler Secure Web Gateway server.

7. Click Next and then Finish. When the process is complete, you will have a .p12 file (example CA_name.p12) file in the folder you specified. This file contains both the public key and private key for the certificate.


 

8. Next, using OpenSSL or the NetScaler GUI export the private key and certificate from the .p12 file format.

Login to NetScaler GUI console


9.Click Configuration-->Traffic Management-->SSL.

10.From the Tools node, Click Import PKCS#12

11.On Import PKCS12 File screen enter Output File Name, PKCS12 File and password exported in step 7



12.Click OK to convert the file.

13. Make an SSH connection to the NetScaler Secure Web Gateway server.

14.Use the following syntax to add the root CA certificate converted in step 11
Add ssl certkey <certkeyname> -cert <string> -key <string>
Example:

add ssl certKey MyprivateCA -cert "/nsconfig/ssl/CArootKey" -key "/nsconfig/ssl/CArootKey"

15. The above CA root is now available to use on your NetScaler Secure Web Gateway server.