Product Documentation

Additional NetScaler Configuration

Sep 01, 2016

1) Generate a key on the HSM.
Use third party tools to create keys on the HSM.

2) Add an HSM key on the ADC.

Important! The # character is not supported in a key name. If the key name include this character, the load key operation fails.

To add a Safenet HSM key by using the NetScaler command line

At the command prompt, type:

add ssl hsmkey <KeyName> -hsmType SAFENET -serialNum <serial #> -password

where:

-keyName is the key created on the HSM by using third party tools.

-serialNum is the serial number of the partition on the HSM on which the keys are generated.

-password is the password of the partition on which the keys are present.

To add a Safenet HSM key by using the NetScaler GUI

Navigate to Traffic Management > SSL > HSM and add an HSM key. You must specify the HSM Type as SAFENET.

3) Add a certificate-key pair on the ADC. You must first use a third party tool to generate a certificate associated with the key. Then, copy the certificate to the /nsconfig/ssl/ directory on the ADC.

Note: The key must be an HSM key.

To add a certkey pair on the ADC by using the NetScaler command line

At the command prompt, type:

add ssl certkey <CertkeyName> -cert <cert name> -hsmkey <KeyName>

To add a certkey pair on the ADC by using the NetScaler GUI

  1. Navigate to Traffic Management > SSL.
  2. In Getting Started, select Install Certificate (HSM) and create a certificate-key pair using an HSM key.

4) Create a virtual server and bind the certificate-key pair to this virtual server.

For information about creating a virtual server, see http://docs.citrix.com/en-us/netscaler/11/traffic-management/ssl/config-ssloffloading/config-ssl-vserver.html.

For information about adding a certificate-key pair, see http://docs.citrix.com/en-us/netscaler/11/traffic-management/ssl/config-ssloffloading/add-ssl-certkey.html.