Dec. 18, 2015
Command Center provides a centralized view of Secure Socket Layer (SSL) certificates installed across all managed NetScaler devices. To manage SSL certificates, you need to ensure that certificate management is enabled. Then, you can view the current status of the certificates, and configure Command Center to update the status at regular intervals.
To prevent server downtime from expired SSL certificates, you can set severity levels, which will generate events when severity levels are met. You can configure these events to notify you when a certificate is about to expire. You can then generate Certificate Signing Requests (CSR) and update the certificates from Command Center.
Use the Audit Trail option to view the status of certificates that are updated. You can also download the certificates and the corresponding key pair to your local system.
You can link a NetScaler device’s certificate(s) to a CA certificate. However, make sure that all of the certificate(s) that you link to the same CA certificate have the same source and the same issuer. After you have linked the certificate(s) to a CA certificate, you can unlink them.
The certificate management option is enabled by default. If you do not want to manage certificates by using Command Center, you can disable the feature.
You can set the time interval for which you want Command Center to poll the real-time status of the SSL certificates. By default, Command Center polls the values every 24 hours.
You can set severity levels based on expiration values of certificates configured on managed devices. Command Center generates events when an assigned severity level is met. The default severity levels are as follows:
You can generate Certificate Signing Requests (CSR) for the certificates you want to renew. Command Center generates the CSR with the user details and information about the public/private key pair of the existing certificates. After the CSR is generated, you can download it and email it to a Certificate Authority (CA). After the CA signs the CSR, it becomes a valid certificate.
After you receive the renewed certificate from the Certificate Authority (CA), you can update the certificates from Command Center without needing to log on to the NetScaler.
You can view the update status of the certificate by using the Audit Trail option. The Audit Trail displays the details of the devices including the certificate update status (failed or success) for each device. You can also view the time a certificate was successfully updated.
You can also view the following:
You can download the SSL certificates and corresponding key files to your local system. Before you download the certificates, you need to enable archiving of SSL certificates on the Administration tab.
You can now link certificate (s) of a NetScaler device to a CA certificate. However, make sure that the certificate (s) have the same issuer.
If you have linked certificate (s) to a CA certificate, you can unlink them.
You can view the SSL certificates that are linked to the CA certificates.