Recenlty I have been involved at a customer where we deployed a new NetScaler pair with the latest and greatest firmware version. We ran into an issue with certificates. In this blog I will talk about the issues we ran into and how you can solve them.
When running NetScaler firmware 220.127.116.11 and you want to install a PFX certificate there is a possibility that you receive the following error (No certificates present in the certificate bundle file):
If you do succeed to install the PFX on NetScaler you might get an error whilst binding the certificate to a vServer:
Certificate is not server certificate
These errors seem to be a bug in the GUI of NetScaler. You can solve this by doing the following:
- Upload the certificate file to /nsconfig/ssl
SSH into NetScaler and run: add ssl certkey <name_of_certificate> -cert /nsconfig/ssl/<Name_of_pfx> -key /nsconfig/ssl/ <name_of_pfx) -password <enteryourpasswordhere>
After running this on the CLI you are able to bind your certificate to vServers again.
Hope this helps you in adding certificates to your NetScaler again!
<UPDATED: 24-07-2018 - Changed command to add ssl certkey due to recent comments, my bad, I think it was a typo! </UPDATED>