-
Getting Started with Citrix NetScaler
-
Deploy a Citrix NetScaler VPX instance
-
Install a Citrix NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for Installing NetScaler VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the NetScaler Virtual Appliance by using OpenStack
-
Provisioning the NetScaler Virtual Appliance by using the Virtual Machine Manager
-
Configuring NetScaler Virtual Appliances to Use SR-IOV Network Interface
-
Configuring NetScaler Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the NetScaler Virtual Appliance by using the virsh Program
-
-
Deploying NetScaler VPX Instances on AWS
-
Upgrade and downgrade a NetScaler appliance
-
-
-
-
-
-
Overriding Static Proximity Behavior by Configuring Preferred Locations
-
Example of a Complete Parent-Child Configuration Using the Metrics Exchange Protocol
-
Configuring Global Server Load Balancing for DNS Queries with NAPTR records
-
Using the EDNS0 Client Subnet Option for Global Server Load Balancing
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Use source IP address of the client when connecting to the server
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
Import and convert SSL files
-
Support for Gemalto SafeNet Network hardware security module
-
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Import and convert SSL files
You can now import SSL resources, such as certificates, private keys , CRLs, and DH keys, from remote hosts even if FTP access to these hosts is not available. This is especially helpful in environments where shell access to the remote host is restricted. Default folders are created in /nsconfig/ssl as follows:
- For certificate files: /nsconfig/ssl/certfile
- For private keys: the /nsconfig/ssl/keyfile
- For CRLs: /var/netscaler/ssl/crlfile
- For DH keys: /nsconfig/ssl/dhfile
Imports from both HTTP and HTTPS servers are supported. However, the import fails if the file is on an HTTPS server that requires client certificate authentication for access.
Note:
The import command is not stored in the configuration (ns.conf) file, because reimporting the file after a restart might cause an error.
Import a certificate file
You can use the CLI and GUI to import a file (resource) from a remote host.
Import a certificate file from a remote host by using the CLI
At the command prompt, type:
import ssl certFile [<name>] [<src>]
Example:
import ssl certfile my-certfile http://www.example.com/file_1
show ssl certfile
Name : my-certfile
URL : http://www.example.com/file_1
To remove a certificate file, use the rm ssl certFile command, which accepts only the ‘name’ argument.
Import a key file from a remote host by using the CLI
At the command prompt, type:
import ssl keyFile [<name>] [<src>]
Example:
import ssl keyfile my-keyfile http://www.example.com/key_file
show ssl keyfile
Name : my-keyfile
URL : http://www.example.com/key_file
To remove a key file, use the rm ssl keyFile command, which accepts only the ‘name’ argument.
Import a CRL file from a remote host by using the CLI
At the command prompt, type:
import ssl crlFile [<name>] [<src>]
To remove a CRL file, use the rm ssl crlFile command, which accepts only the <name> argument.
Example:
import ssl crlfile my-crlfile http://www.example.com/crl_file
show ssl crlfile
Name : my-crlfile
URL : http://www.example.com/crl_file
Import a DH file from a remote host by using the CLI
At the command prompt, type:
import ssl dhFile [<name>] [<src>]
Example:
import ssl dhfile my-dhfile http://www.example.com/dh_file
show ssl dhfile
Name : my-dhfile
URL : http://www.example.com/dh_file
To remove a DH file, use the rm ssl dhFile command, which accepts only the <name> argument.
Import an SSL resource by using the GUI
Navigate to Traffic Management > SSL > Imports, and then select the appropriate tab.
Import PKCS#8 and PKCS#12 certificates
If you want to use certificates and keys that you already have on other secure servers or applications in your network, you can export them, and then import them to the NetScaler appliance. You might have to convert exported certificates and keys before you can import them to the NetScaler appliance.
For the details of how to export certificates from secure servers or applications in your network, see the documentation of the server or application from which you want to export.
Note:
For installation on the NetScaler appliance, key and certificate names cannot contain spaces or special characters other than those supported by the UNIX file system. Follow the appropriate naming convention when you save the exported key and certificate.
A certificate and private key pair is commonly sent in the PKCS#12 format. The appliance supports PEM and DER formats for certificates and keys. To convert PKCS#12 to PEM or DER, or PEM or DER to PKCS#12, see the “Convert SSL certificates for import or export” section later in this page.
The NetScaler appliance does not support PEM keys in PKCS#8 format. However, you can convert these keys to a supported format by using the OpenSSL interface, which you can access from the CLI or the configuration utility. Before you convert the key, you need to verify that the private key is in PKCS#8 format. Keys in PKCS#8 format typically start with the following text:
-----BEGIN ENCRYPTED PRIVATE KEY-----
leuSSZQZKgrgUQ==
-----END ENCRYPTED PRIVATE KEY-----
Open the OpenSSL interface from the CLI
- Open an SSH connection to the appliance by using an SSH client, such as PuTTY.
- Log on to the appliance by using the administrator credentials.
- At the command prompt, type shell.
- At the shell prompt type openssl.
Open the OpenSSL interface from the GUI
Navigate to Traffic Management > SSL and, in the Tools group, select OpenSSL interface.
Convert a non-supported PKCS#8 key format to an encrypted supported key format by using the OpenSSL interface
At the OpenSSL prompt, type one of the following commands, depending on whether the non-supported key format is of type rsa or dsa:
OpenSSL>rsa- in <PKCS#8 Key Filename> -des3 -out <encrypted Key Filename>
OpenSSL>dsa -in <PKCS#8 Key Filename> -des3 -out <encrypted Key Filename>
Parameters for converting an unsupported key format to a supported key format
- PKCS#8 Key Filename: The input file name of the incompatible PKCS#8 private key.
- encrypted Key Filename: The output file name of the compatible encrypted private key in PEM format.
- unencrypted Key Filename: The output file name of the compatible unencrypted private key in PEM format.
Convert SSL certificates for import or export
A NetScaler appliance supports the PEM and DER formats for SSL certificates. Other applications, such as client browsers and some external secure servers, require various public key cryptography standard (PKCS) formats. The NetScaler appliance can convert the PKCS#12 format (the personal information exchange syntax standard) to PEM or DER format for importing a certificate to the appliance, and can convert PEM or DER to PKCS#12 for exporting a certificate. For additional security, conversion of a file for import can include encryption of the private key with the DES or DES3 algorithm.
Note:
If you use the GUI to import a PKCS#12 certificate, and the password contains a dollar sign ($), backquote (`), or escape () character, the import may fail. If it does, the ERROR: Invalid password message appears. If you must use a special character in the password, be sure to prefix it with an escape character () unless all imports are performed by using the CLI.
Convert the format of a certificate by using the CLI
At the command prompt, type the following command:
convert ssl pkcs12 <outfile> [-import [-pkcs12File <inputFilename>] [-des | -des3] [-export [-certFile <inputFilename>] [-keyFile <inputFilename>]]
During the operation, you are prompted to enter an import password or an export password. For an encrypted file, you are also prompted to enter a passphrase.
Example:
convert ssl pkcs12 Cert-Import-1.pem -import -pkcs12File Cert-Import-1.pfx -des
convert ssl pkcs12 Cert-Client-1.pfx -export -certFile Cert-Client-1 -keyFile Key-Client-1
Convert the format of a certificate by using the GUI
Navigate to Traffic Management > SSL and, in the Tools group, select Import PKCS#12 or Export PKCS#12.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.