Documente Academic
Documente Profesional
Documente Cultură
The NetScaler appliance has a built in CA tools suite that you can use to create self-signed certificates for testing purposes. Caution: Because these certificates are signed by the NetScaler itself, not by an actual CA, you should not use them in a production environment. If you attempt to use a self-signed certificate in a production environment, users will receive a "certificate invalid" warning each time the virtual server is accessed. The NetScaler supports creation of the following types of certificates
Root-CA certificates Intermediate-CA certificates End-user certificates o server certificates o client certificates
Before generating a certificate, create a private key and use that to create a certificate signing request (CSR) on the appliance. Then, instead of sending the CSR out to a CA, use the NetScaler CA Tools to generate a certificate. For details on how to create a private key and a CSR, see Obtaining a Certificate from a Certificate Authority.
The type of the certificate being created. You can create a Root Certificate, an Intermediate Certificate, a Client Certificate or a Server Certificate. Select one of the following options
ROOT_CERT: Specifies a self-signed Root-CA certificate. If you choose this setting, you must also set the -keyFile parameter. The generated Root-CA certificate can be used for signing end-user certificates (Client/Server) or to create Intermediate-CA certificates. INTM_CERT: Specifies an Intermediate-CA certificate. CLNT_CERT: Specifies an end-user client certificate that is used for client authentication. SRVR_CERT: Specifies an SSL server certificate to be used on physical SSL servers for an SSL backend-encryption setup.
The parameters CAcert, CAkey, and CAserial, are mandatory when creating an intermediate, client, or server certificate. keyFile (Key File Name) The private key used to create the certificate. You can either use an existing RSA or DSA key that you own or create a new private key on the NetScaler. This file is required only when creating a self-signed Root-CA certificate. The key file is stored in the /nsconfig/ssl directory by default. Note: If the input key specified is an encrypted key, the user will be prompted to enter the PEM pass-phrase that was used for encrypting the key. keyform (Key Format) The file format in which the private key is stored. Possible values: PEM, DER. Default: PEM. days (Validity Period ) The number of days for which the created certificate will be valid. The certificate is valid from the time and day (system time) of its creation to the number of days specified in this field. Minimum value: 1. Maximum value: 3650. Default: 365 days. certForm (Certificate Format) The format in which to save the certificate. Possible values: PEM, DER. Default: PEM. CAcert (CA Certificate File Name) The CA certificate file that will issue and sign the Intermediate-CA certificate or the enduser certificates (Client/Server). The default input path for the CA certificate file is /nsconfig/ssl/. CAcertForm (CA Certificate File Format) The format in which to store the CA certificate. Possible values: PEM, DER. Default: PEM. CAkey (CA Key File Name) The private key associated with the CA certificate that is used to sign the IntermediateCA certificate or the end-user certificates (Client/Server). If the CA key file is password
protected, the user will be prompted to enter the pass-phrase used when encrypting the key. CAkeyForm (CA Key File Format) The file format in which the private key of the CA certificate is stored. Possible values: PEM, DER. Default: PEM. CAserial (CA Serial Number File) The serial number file maintained for the CA certificate. The file will contain the serial number of the next certificate to be issued/signed by the CA (-CAcert). If the specified file does not exist, a new file will be created. The NetScaler stores the newly generated file in the /nsconfig/ssl/ directory by default. Note: Specify the proper path of the existing serial file. Otherwise, a new serial file will be created, and that can change the certificate serial numbers assigned by the CA certificate to each of the certificate it signs.
o o o o o o o o
Certificate File Name* Certificate Format Certificate Type Certificate Request File Name* Key File Name* Key Format PEM Passphrase (For Encrypted Key)If the key is encrypted, you are prompted to enter the password at run-time on the CLI. Validity Period (Number of Days)
* A required parameter Note: Instead of typing the file name, you can use the browse button to launch the NetScaler file browser and select the file. 4. Click Create, and then click Close. The Root-CA certificate you created is saved on the NetScaler.
The name of the DH key that is created. The DH key is stored in the /nsconfig/ssl directory on the appliance by default. bits (DH Parameter Size) The size in bits of the DH key being generated. gen (DH Generator) The random number required for generating the DH key. This is required as part of the DH key generation algorithm. Possible Values: 2, 5. Default Value: 2