This article describes how to set up a self-signed certificate on NetScaler.
A self-signed SSL Certificate (mostly used for test purposes) is needed to test NetScaler’s SSL offloading feature internally (in a non-production environment).
Introduction to SSL Certificate
Any organizational or individual website that requires to handle confidential or sensitive information needs to have an SSL certificate. An SSL certificate installed on a web server mitigates the risk of sensitive information from being stolen by ensuring end users are connecting to correct host. It not only authenticates a website’s identity but also participates in generating the session key which is used later for encryption of entire session.
A certificate, contains information about the owner of the certificate who it is issued to as well as the issuing authority who certifies (signs) this information. It also contains a public key and a hash to ensure that the certificate has not been tampered with. The client browser or application usually has a list of well-known Certification Authorities (CA) or root CA Certificates whom it trusts. As it trusts the issuing authority it also trusts any certificate signed by that issuer. This public key (which is attached to the certificate) is used encrypt the data that is passed during SSL session.
SSL Certificate on NetScaler
As the NetScaler appliance offloads SSL operations from the server, the server’s certificate and private key must be present on the appliance, and the certificate must be paired with its corresponding private key. This certificate-key pair must then be bound to the virtual server that processes the SSL transactions.
For the purpose of testing this SSL offloading feature internally, we can create and load a test certificate on the NetScaler and bind it to a SSL virtual server.