We will now take the Certificate response file (CRT file) from our 3rd party Certificate Authority (CA) and install it onto the NetScaler device, then using both the CRT and Private key to combine and finally create a fully functional NetScaler certificate.
||Expand Traffic Management > SSL > SSL Files
||Browse for your Certificate file (provided by your 3rd Party CA)
Note: The file is uploaded to the NetScaler but not yet usable!
||Browse to Traffic Management > SSL > Server Certificates
||Give the new ‘Server Certificate’ a unique easily identifiable name
Certificate File: Choose the Certificate you just uploaded in step 2
Key File Name: select your private key file that is on the NetScaler
Provide the private key password
||Your certificate is now installed and ready to be used on NetScaler services, VIPs, NetScaler gateway etc.
Problem: When adding or revoking certificates we were getting the following error
0×80094009 – The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester.
Even though I was a domain AND enterprise admin!!!???? Panic!
Also our CA had been migrated and updated from Windows 2003 so there was some concern about the upgrade and its process and of course the testing done after.
After the CA was migrated we HAD tested the CA process, so we confirmed this was working previously.
Somewhere, somehow the CA now has corrupted ACL’s or something (or something like that)
1) Right click the CA Name > Properties
2) Certificate Managers tab
3) Tick ‘do not restrict certificate managers’
4) try your addition or deletion (just to check it works)
5) go back and undo step 3 – (i.e. tick to re-Restrict Certificate Managers)
6) You should now be able to add and delete certificate requests etc as expected as a Domain or enterprise admin