Product Documentation

NetScaler Certificate Management

Jun 28, 2016

NetScaler MAS now streamlines every aspect of certificate management for you. Through a single console, you can establish automated policies to ensure the right issuer, key strength, and correct algorithms, while keeping close tabs on certificates that are unused or soon to expire. To begin using NetScaler MAS’s SSL dashboard and its functionalities, you must understand what an SSL certificate is and how you can use NetScaler MAS to keep track of your SSL certificates.

An Secure Socket Layer (SSL) certificate, which is an integral part of any SSL transaction, is a digital data form (X509) that identifies a company (domain) or an individual. The certificate has a public key component that is visible to any client that wants to initiate a secure transaction with the server. The corresponding private key, which resides securely on the NetScaler appliance, is used to complete asymmetric key (or public key) encryption and decryption.

You can obtain an SSL certificate and key in either of the following ways:

  • From an authorized certificate authority (CA), such as VeriSign
  • By generating a new SSL certificate and key on the NetScaler appliance

NetScaler MAS provides a centralized view of SSL certificates installed across all managed NetScaler instances. On the SSL Dashboard, you can view graphs that help you keep track of certificate issuers, key strengths, signature algorithms, expired or unused certificates and so on. You can also see the distribution of SSL protocols that are running on your virtual servers and the keys that are enabled on them.

You can also set up notifications to inform you when certificates are about to expire and include information about which NetScaler instances use those certificates. You can then create NetScaler MAS.

You can link a NetScaler instance’s certificate(s) to a CA certificate. However, make sure that all of the certificate(s) that you link to the same CA certificate have the same source and the same issuer. After you have linked the certificate(s) to a CA certificate, you can unlink them.