Product Documentation

Server Certificate Support Matrix on the NetScaler Appliance

Feb 05, 2018

The NetScaler appliance supports the following server certificates.

Table 1: Support on Frontend (FE) and Backend (BE) Service

 

MPX/SDX
(N2 CHIPS)

MPX/SDX
(N3 CHIPS)

VPX

MPX 9700/10500/12500/15500 FIPS with FW 2.2

MPX/SDX 14030/14060/14080 FIPS

 

FE

BE

FE

BE

FE

BE

FE

BE

FE

BE

MD5

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

SHA1

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

SHA224

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

SHA256

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

SHA384

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

SHA512

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

RSA Key

Up to 4096 bits

Up to 4096 bits

Up to 4096 bits

Up to 4096 bits

Up to 4096 bits

Up to 4096 bits

(12.0-56.x and later builds)

Up to 2048 bits

Up to 2048 bits

2048 and 3072 bits

2048 and 3072 bits

DH Key

Up to 2048 bits

Up to 2048 bits

Up to 2048 bits

Up to 2048 bits

Up to 4096 bits

Up to 4096 bits 
(12.0-56.x and later builds)

N

N

N

N

 

Note

  • In release 11.1 and earlier, a NetScaler appliance supports the following "signature algorithms" extensions in the back end client hello message:
    • RSA-MD5
    • RSA-SHA1
    • RSA-SHA256

          Because SHA 384 and SHA 512 signature algortihms extensions are not supported by the NetScaler appliance, some servers, such as Windows IIS servers, reset the connection.

  • Starting release 12.0, a NetScaler appliance supports all the signature_algorithms extensions.