How to Export NetScaler Certificates as a PFX file

As with one of my previous blog posts:

Generating CSR and installing certificate on NetScaler VPX 1000
https://blog.terenceluk.com/2012/10/generating-csr-and-installing.html

I am aware that there is a Citrix KB article:

How to Export Certificates Used on NetScaler as pfx File
http://support.citrix.com/article/CTX120668

… that provides instructions on how to export a certificate on a NetScaler to a PFX file but as with the Citrix guide that demonstrates how to generate a CSR, I feel that I still need to give the process quite a bit of thought when filling in the fields. This is not to say that Citrix’s guide is written poorly but it’s not as clear for people such as myself who don’t work with NetScalers day in and day out.

Begin by navigating to Traffic Management –> SSL and click on the option Export PKCS#12:

image

The following screen will be displayed:

image

Each field actually has a question mark that allows you to hoover over for more information about the field:

image

image

image

Upon first looking at the fields, I wasn’t exactly sure what to fill in until I read the descriptions and cross referenced my previous blog post:

https://blog.terenceluk.com/2012/10/generating-csr-and-installing.html

… so to make filling these fields easier for myself, I’ve listed the fields and added comments beside them:

PKCS12 File Name – provide a name for the pfx you are exporting (this is the new file that will get generated so a name such as citrix-domain-com.pfx)

Certificate File Name – click on the Browse (Appliance) button to bring up the .crt file you received from a CA such as GoDaddy

Key Filename – click on the Browse (Appliance) button and select the RSA key you generated for the appliance

Export Password – Give the exported PFX file a password

PEM Passphrase – Unless you have a Passphrase set, this can be left blank

image

Once the export is complete, click on the Manage Certificates / Keys / CSRs option under Tools:

image

You should now see the PFX file you’ve created. Proceed and download it:

image

Test the certificate by trying to import it onto a server via the MMC console, open it and make sure that the certificate has the You have a private key that corresponds to this certificate note at the bottom of the Certificate Information:

image

4 Responses