Update an SSL Certificate on NetScaler using Graphic User Interface
Overview diagram of how to update an SSL certificate on NetScaler
To update an existing certificate from the GUI of the appliance, complete the following procedure:
From the NetScaler navigation panel expand Traffic Management expand Certificates, and click the Server Certificates node.
Note: In older NetScaler versions, if you don’t see the Server Certificates node, then click the Certificates node instead.
On the right, in the SSL Certificates page, select the certificate you want to update, and click Update.
In newer versions of NetScaler, check the box next to Update the certificate and key.
In the Certificate File Name field, click Choose File > Local, and browse to the updated .pfx file or certificate PEM file. The .pfx files are only supported in newer versions of NetScaler.
If you are uploading a .pfx file, NetScaler will prompt you to specify the .pfx file password.
If you uploaded a certificate .pem file, you will also have to upload a certificate .key file. If the .key is encrypted, then you’ll need to specify the encryption password.
If the common name of the new certificate does not match the old certificate, then check the box next to No Domain Check.
Click OK. This will automatically update every SSL Virtual Server on which this certificate is bound.
After replacing the certificate, you might have to update the certificate link to a new Intermediate certificate.
Right-click the updated certificate, and click Cert Links, to see if it is currently linked to an intermediate certificate.
If not linked to anything, then right-click the updated certificate, and click Link, to link it to an intermediate certificate. If it doesn’t give you an option to link it to, then you’ll first have to install the new intermediate certificate on the NetScaler under the CA Certificates node.
After you receive a renewed certificate from the certificate authority, you can update existing certificates from NetScaler MAS without needing to log on to individual NetScaler instances. For detailed instructions refer to Citrix Documentation – How to Update an Installed Certificate from NetScaler MAS.
Update an SSL Certificate on NetScaler using Command Line Interface
Certificates can be updated from the CLI by running update ssl certKey MyCert. However, the certificate files must be stored somewhere on the appliance, and already be in PEM format.
Use the following command to update the certificate from the command line interface:
update ssl certkey <Cert_Key_Name> [-cert <String>]
[(-key <String> [-password]) | -fipsKey <String>]
For detailed information about this command refer to Citrix Documentation.
Note: If the private key is password protected, you must specify the password. If you do not do so, you are prompted to specify the password.