Product Documentation

Importing SSL Files from Remote Hosts

May 20, 2014
You can now import SSL resources, such as certificates, private keys , CRLs, and DH keys, from remote hosts even if FTP access to these hosts is not available. This is especially helpful in environments where shell access to the remote host is restricted. Default folders are created in /nsconfig/ssl as follows:
  • For certificate files: /nsconfig/ssl/certfile
  • For private keys: the /nsconfig/ssl/keyfile
  • For CRLs: /var/netscaler/ssl/crlfile
  • For DH keys: /nsconfig/ssl/dhfile

Imports from both HTTP and HTTPS servers are supported. However, the import fails if the file is on an HTTPS server that requires client certificate authentication for access.

Note: The import command is not stored in the configuration (ns.conf) file, because reimporting the file after a restart might cause an error.

To import a certificate file from a remote host by using the command line

At the command prompt, type:

import ssl certFile [<name>] [<src>]

Example

import ssl certfile my-certfile http://www.example.com/file_1 
> show ssl certfile 
     Name : my-certfile 
     URL : http://www.example.com/file_1

To remove a certificate file, use the rm ssl certFile command, which accepts only the <name> argument.

To import a key file from a remote host by using the command line

At the command prompt, type:

import ssl keyFile [<name>] [<src>]

Example

import ssl keyfile my-keyfile http://www.example.com/key_file 
> show ssl keyfile 
     Name : my-keyfile 
     URL : http://www.example.com/key_file

To remove a key file, use the rm ssl keyFile command, which accepts only the <name> argument.

To import a CRL file from a remote host by using the command line

At the command prompt, type:

import ssl crlFile [<name>] [<src>]

Example

import ssl crlfile my-crlfile http://www.example.com/crl_file 
> show ssl crlfile 
     Name : my-crlfile 
     URL : http://www.example.com/crl_file

To remove a CRL file, use the rm ssl crlFile command, which accepts only the <name> argument.

To import a DH file from a remote host by using the command line

At the command prompt, type:

import ssl dhFile [<name>] [<src>]

Example

import ssl dhfile my-dhfile http://www.example.com/dh_file 
> show ssl dhfile 
     Name : my-dhfile 
     URL : http://www.example.com/dh_file

To remove a DH file, use the rm ssl dhFile command, which accepts only the <name> argument.

To import an SSL resource by using the configuration utility

Navigate to Traffic Management > SSL > Imports, and then select the appropriate tab.