Home » KBArticles » Citrix NetScaler Certficates – Creating a Private RSA

Citrix NetScaler Certficates – Creating a Private RSA

Step Description Screenshot
 1 Log into the NetScaler web interface

http://192.168.1.50

 2 Expand traffic management

Right Click SSL

And select Enable Feature

Note: The yellow exclamation will disappear when the feature is enabled

Disabled

Enabled

3 Expand SSL > SSL Files > and click the button Create RSA Key
4 In this example we will enter the details shown:

Then click Create

Key filename: gateway.jsconsulting.services.privatekey

Key Size(bits)*: 2048

Public Exponent Value: F4

Key Format: PEM

PEM Encoding Algorithm: DES3

PEM & Confirm Password: <mypassword>

Note: the larger the key size the more CPU will be used encrypting and decrypting the certificates

DES3 is simply DES applied 3 times (so in theory it’s more secure)

 5 Note: The private key should be downloaded and stored away from the NetScaler device (especially if the NetScaler is stored in a DMZ). This is in case the NetScaler device is compromised in any way. If your private keys are lost or compromised you would have to revoke your existing certificates and new certificates should be generated.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.