You can import an existing certificate from a Windows-based computer running Internet Information Services (IIS) or from a computer running the Secure Gateway.
When you export the certificate, make sure you also export the private key. In some cases, you cannot export the private key, which means you cannot install the certificate on NetScaler Gateway. If this occurs, use the Certificate Signing Request (CSR) to create a new certificate. For details, see Creating a Certificate Signing Request.
When you export a certificate and private key from Windows, the computer creates a Personal Information Exchange (.pfx) file. This file is then installed on NetScaler Gateway as a PKCS#12 certificate.
If you are replacing the Secure Gateway with NetScaler Gateway, you can export the certificate and private key from the Secure Gateway. If you are doing an in-place migration from the Secure Gateway to NetScaler Gateway, the fully qualified domain name (FQDN) on the application and the appliance must be the same. When you export the certificate from the Secure Gateway, you immediately retire the Secure Gateway, install the certificate on NetScaler Gateway, and then test the configuration. The Secure Gateway and NetScaler Gateway cannot be running on your network at the same time if they have the same FQDN. For more information about replacing the Secure Gateway, see Replacing the Secure Gateway with NetScaler Gateway.
If you are using Windows Server 2003 or Windows Server 2008, you can use the Microsoft Management Console to export the certificate. For more information, see the Windows online Help.
Leave the default values for all the other options, define a password, and save the .pfx file to your computer. When the certificate is exported, you then install it on NetScaler Gateway.