Jump to content


Problems importing existing wildcard cert

Started by Adam Ong , 12 August 2017 - 05:47 AM
3 replies to this topic

Adam Ong Members

Adam Ong
  • 33 posts

Posted 12 August 2017 - 05:47 AM

Our current Netscaler certificate is expiring soon and we are trying to replace it with an existing wildcard certificate.  I've following Carl's directions here http://www.carlstalhood.com/netscaler-certificates/#pfx but for some reason when I import the certificate into the NetScaler, it only creates an Encrypted Private Key not and RSA Private Key.  Certs have never really been my strong suit so I'm not sure what I'm doing wrong.  I exported our wildcard with the private key from a Windows IIS server and it looks correct.  When I try to install the certificate on the NS it gives me an invalid private key, or PEM pass phrase required for this private key.  Kinda stumped and we don't really want to have to renew our current cert if we don't have to.  Any ideas?  Thank you.

Carl Stalhood CTP Member

Carl Stalhood
  • 12,366 posts

Posted 12 August 2017 - 12:17 PM

Does the password contain any special characters?

Arnaud Pain Members

Arnaud Pain
  • 492 posts

Posted 12 August 2017 - 02:40 PM



When you export your certificate with Private Key from Windows IIS so it's a PFX format.

If so you will need specific steps to import it on your NetScaler.

You can find more information here: https://support.citrix.com/article/CTX136444



Adam Ong Members

Adam Ong
  • 33 posts

Posted 12 August 2017 - 06:50 PM

I figured it out, looks like there is glitch with the NetScaler when pairing keys.  It's outlined here https://support.citrix.com/article/CTX134233


After doing this, everything worked.