Note: This feature is not supported on the NetScaler FIPS platform.
Instead of adding
and linking individual certificates, you can now group a server certificate and
up to nine intermediate certificates in a single file, and then specify the
file's name when adding a certificate-key pair. Before you do so, make sure
that the following prerequisites are met.
- The certificates in the
file are in the following order:
- Server certificate (should
be the first certificate in the file)
- Optionally, a server key
- Intermediate certificate 1
- Intermediate certificate 2
- Intermediate certificate 3
(ic3), and so on
Intermediate certificate files are created for each intermediate certificate
with the name "<certificatebundlename>.pem_ic<n>" where n is
between 1 and 9. For example, bundle.pem_ic1, where bundle is the name of the
certificate set and ic1 is the first intermediate certificate in the set.
- Bundle option is selected.
- No more than nine
intermediate certificates are present in the file.
The file is
parsed and the server certificate, intermediate certificates, and server key
(if present) are identified. First, the server certificate and key are added.
Then, the intermediate certificates are added, in the order in which they were
added to the file, and linked accordingly.
An error is
reported if any of the following conditions exist:
- A certificate file for one
of the intermediate certificates already exists on the appliance.
- The key is placed before
the server certificate in the file.
- An intermediate
certificate is placed before the server certificate.
certificates are not in placed in the file in the same order as they are
- No certificates are
present in the file.
- A certificate is not in
the proper PEM format.
- The number of intermediate
certificates in the file exceeds nine.