Import PFX Certificate to NetScaler VPX

Please refer to the step below on how to import PFX Certificate to NetScaler VPX

Preparation of SSL Certificate
Download LetEncrypt Root & Intermediate Certificate and save it as LetsEncryptRoot.cer & LetsEncryptIntermediate.cer


Exported AventisLab.pfx from Windows Server

Upload the SSL Certificate to NetScaler VPX to /nsconfig/ssl with SCP

scp AventisLab.pfx [email protected]:/nsconfig/ssl
scp [email protected]:/nsconfig/ssl
scp LetsEncryptRoot.cer [email protected]:/nsconfig/ssl

Login to VPX and extract the Key from PFX

    cd /nsconfig/ssl

    #Extract the Private Key to AventisLabTempKey.pem
    openssl pkcs12 -in AventisLab.pfx -nocerts -out AventisLabTempKey.pem
    Enter Import Password:
    MAC verified OK
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:

“ERROR: Invalid private key, or PEM pass phrase required for this private key” is displayed if you use the exported key file above

Convert the key again in VPX

    openssl rsa -in AventisLabTempKey.pem -out AventisLabKey.pem

    #Export the Certification Only
    openssl pkcs12 -in AventisLab.pfx -clcerts -nokeys -out AventisLab.pem
    Enter Import Password:
    MAC verified OK

    exit #Back to NetScaler Shell

Import the PEM Certificate

#Replace the XXXXXX with Password to import the key
add ssl certKey -cert /nsconfig/ssl/AventisLab.pem -key /nsconfig/ssl/AventisLabKey.pem -password XXXXXX -expiryMonitor ENABLED -notificationPeriod 30

#Import the LetEncrypt Root & Intermediate Cert
add ssl certkey LetsEncryptIntermediate -cert LetsEncryptIntermediate.cer
add ssl certkey LetsEncryptRoot -cert LetsEncryptRoot.cer

Link the SSL, Intermediate & Root Certificate

    #Link the Wildcard Cert with Intermediate & Intermediate with Root 
    link ssl certkey LetsEncryptIntermediate
    link ssl certkey LetsEncryptIntermediate LetsEncryptRoot

Verify the Certs are linked successfully

> sh certlink
1)      Cert Name:        CA Cert Name: LetsEncryptIntermediate
2)      Cert Name: LetsEncryptIntermediate       CA Cert Name: LetsEncryptRoot

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top