Hidden Control Characters in CertificateKey File
You can use OpenSSL implementation of BSD Unix distribution on ADC to import/export the certificate and key files. The exported files are free of the control characters that are preventing successful installation of the certificate and key files:
-
Use a secure copy program (WinSCP ) to copy the certificate and key files to the/nsconfig/ssl directory of the ADC appliance.
The Certificate and Key files can also be uploaded to the ADC using the Configuration Utility. Navigate to Traffic Management > SSL > Manage Certificates / Keys / CSRs > Upload as shown in the following screen shots: -
Open a Secure Shell (SSH) session to the appliance, and after authentication, run the shell command to switch to shell.
-
Navigate to /nsconfig/ssl directory:
cd /nsconfig/ssl -
Use OpenSSL to import and export the certificate file. The following example is for PEM or Base64 certificates:
openssl x509 -in <certificateFileName> -out <newCertificateFileName> -
Use OpenSSL to import and export the key file. The following example is for PEM or Base64 key files:
openssl rsa -in <keyFileName> -out <newKeyFileName>
You will now be able to successfully import the certificate on the ADC appliance by using the new exported version of the files.
SSL Certificate not Encoded in Base-64 Format
Open the certificate on a Windows computer and convert it to Base-64 encoded X.509 (.CER) and then install the certificate on the appliance:
-
Go to Start > Run and type mmc on a Windows machine.
-
Double-click and open the certificate file that you want to convert.
-
Click Details.
-
Click Copy to File.
-
Select the Base-64 encoded X.509 (.CER) option.
-
Click Next.
-
Browse to the location you want to save the converted certificate. Name the file with a .cer extension.
-
Click Next.
Install the converted certificate on the NetScaler appliance.
PKCS #7 Certificate Incorrectly Converted to PEM Format
This error occurs when the PKCS #7 (.p7b) certificate is incorrectly converted to PEM format. Refer to CTX124783 – How to Convert a PKCS #7 Certificate to PEM Format for the correct procedure.