What is Ask SSL Support Desk?
It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community.

I’m trying to create a pfx file for wildcard cert *.example.com in Citrix Netscaler but I am Failing to do so. Ive crosses checked with the following directions. What am I doing wrong?


Short Answer:
That is because Citrix Netscaler cannot create pfx files.

Netscaler cannot Create pfx format files.
It creates pem apache format.

Netscaler systems do on the other hand have the ability to import a pfx file, but that pfx file has to be created from a server or application that has the ability to create a pfx. A pfx or also known as a p12 – pkcs#12 is a keystore file that stores the public key – SSL certificate along with the private key and any chaining intermediate CA certificates. Windows IIS/Exchange systems use pfx files for their encryption.

So in a scenario where a wildcard certificate is being used in a organization *.example.com and that SSL Certificate needs to be applied to multiple different systems its best to plan ahead and know what type of SSL Certificate keypair format those systems will need.

If I already know I have a Windows IIS system (using pfx files) that is going to use a wildcard certificate I should first create my csr keypair from the IIS system. After enrolling for an SSL certificate and getting it issued I would install the SSL Certificate back into the IIS system then export the SSL Certificate as a pfx file and then Import the pfx which would contain he private key into the Netscaler.

How to move certificate from Windows to Citrix Netscaler?

If you think you can create a CSR keypair from a Netscaler and get a pfx file to import into a WIndows IIS system then you are going to have a bad time. Its best to do it the other way around First creating the keypair/csr on windows and then export/import into Netscaler.

Posted by:
Dominic Rafael
Senior Lead IT Engineer
Be sure to Subscribe!!

LoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.