Cloud computing, technology, and other bites...

Category: NetScaler

Issues attaching SSL Certificate to NetScaler Gateway/LB VIPS on AWS NetScalers Firmware version NS12.1 48.13.nc

Issue: You are attempting to attach server SSL certificates for Load-Balancing VIPs or NetScaler Gateways VIPs on AWS NetScalers on the latest build (NS12.1 48.13.nc) but get the error “Certificate is not a server certificate”.

Workaround: Releases on NS12.0 53.22.nc or earlier seem to work fine for AWS Cloud NetScalers. Have not tested non-cloud VPXs at this time.

To launch different NS versions on AWS:

Navigate to AWS EC2>Instances

Select ‘Launch Instance’

Navigate to the AWS Marketplace. Search ‘netscaler’

Scroll down to ‘NetScaler ADC VPX – Customer Licensed’. Select ‘Previous versions’

Select ‘Continue to Configuration’

Under Fulfillment Option, choose ‘Amazon Machine Image’

Choose your NS firmware version.

Click ‘Continue to Launch’

Under the Choose Action menu, choose to ‘Launch through EC2’. Click ‘Launch’

From here you will be able to choose your instance type, configure subnets, add storage, configure security groups as normal.

Updating External Access Certificates for NetScaler 11.0

Background: The scenario is you are changing the URL that clients will use for external access to your Citrix environment. Perhaps the environment has an SSL certificate for 1 website but is changing the name (ie. from storefront.contoso.com to go.contoso.com) or upgrading to a wildcard certificate. In any case, here are the general steps you can follow for this process:

  1. Create a Certificate Signing Request (CSR)
  2. Submit CSR to CA
  3. Download new certificate from CA
  4. Update External Gateway SSL Cert on NetScaler
  5. Update Certificate Links on NetScaler
  6. Update NetScaler Gateway settings on StoreFront
  7. Test

Pre-requisites:

  • Administrative access to NetScaler device that provides external access for your environment (also required if you plan on creating your CSR from the NetScaler)
  • Adminstrative access to StoreFront server
  • Access to an IIS server (I will be performing CSR from here)
  • read more