XenHero Virtualization Blog

Cloud computing, technology, and other bites...

Category: NetScaler

NetScaler Clientless VPN with Azure MFA

This setup assumes you already have Azure SAML with conditional access configured for NetScaler Gateway external access. This post will modify that existing setup to allow access to an internal Sharepoint site via Clientless VPN. NetScaler 13 and StoreFront 1912 are used in the examples. read more

Issues attaching SSL Certificate to NetScaler Gateway/LB VIPS on AWS NetScalers Firmware version NS12.1 48.13.nc

Issue: You are attempting to attach server SSL certificates for Load-Balancing VIPs or NetScaler Gateways VIPs on AWS NetScalers on the latest build (NS12.1 48.13.nc) but get the error “Certificate is not a server certificate”.

Workaround: Releases on NS12.0 53.22.nc or earlier seem to work fine for AWS Cloud NetScalers. Have not tested non-cloud VPXs at this time.

To launch different NS versions on AWS:

Navigate to AWS EC2>Instances

Select ‘Launch Instance’

Navigate to the AWS Marketplace. Search ‘netscaler’

Scroll down to ‘NetScaler ADC VPX – Customer Licensed’. Select ‘Previous versions’

Select ‘Continue to Configuration’

Under Fulfillment Option, choose ‘Amazon Machine Image’

Choose your NS firmware version.

Click ‘Continue to Launch’

Under the Choose Action menu, choose to ‘Launch through EC2’. Click ‘Launch’

From here you will be able to choose your instance type, configure subnets, add storage, configure security groups as normal.

Setting up a Citrix XA/XD 7.13 Proof-of-Concept on AWS – Part 5 – NetScaler Config

Part 5 of setting up a Citrix XA/XD 7.13 POC on AWS.

Background: read more

Updating External Access Certificates for NetScaler 11.0

Background: The scenario is you are changing the URL that clients will use for external access to your Citrix environment. Perhaps the environment has an SSL certificate for 1 website but is changing the name (ie. from storefront.contoso.com to go.contoso.com) or upgrading to a wildcard certificate. In any case, here are the general steps you can follow for this process:

  1. Create a Certificate Signing Request (CSR)
  2. Submit CSR to CA
  3. Download new certificate from CA
  4. Update External Gateway SSL Cert on NetScaler
  5. Update Certificate Links on NetScaler
  6. Update NetScaler Gateway settings on StoreFront
  7. Test


  • Administrative access to NetScaler device that provides external access for your environment (also required if you plan on creating your CSR from the NetScaler)
  • Adminstrative access to StoreFront server
  • Access to an IIS server (I will be performing CSR from here)
  • read more