An SSL certificate
is an integral element of the SSL encryption and decryption process. The
certificate is used during an SSL handshake to establish the identity of the
being used for processing SSL transactions must be bound to the virtual server
that receives the SSL data. If you have multiple virtual servers receiving SSL
data, a valid certificate-key pair must be bound to each of them.
You can use a
valid, existing SSL certificate that you have uploaded to the NetScaler
appliance. As an alternative for testing purposes, you can create your own SSL
certificate on the appliance. Intermediate certificates created by using a FIPS
key on the NetScaler cannot be bound to an SSL virtual server.
As a part of the SSL handshake, in the certificate request message during
client authentication, the server lists the distinguished names (DNs) of all
the certificate authorities (CAs) bound to the server from which it will accept
a client certificate. If you do not want the DN name of a specific CA
certificate to be sent to the SSL client, set the
skipCA flag. This setting indicates that the particular
CA certificate's distinguished name should not be sent to the SSL client.
For details on how
to create your own certificate, see
recommends that you use only valid SSL certificates that have been issued by a
trusted certificate authority.