Creating a self-signed root CA certificate
First, you will create a self-signed root CA certificate to be used to sign the public-facing server certificate. To create a self-signed root CA certificate, perform the following steps:
Log in to NetScaler Gateway.
Note
The default username and password are
nsrootandnsroot, respectively.Navigate to Traffic Management | SSL and select Create RSA Key, as shown in the following screenshot:
Create the RSA key by entering the Key Filename and Key Size(bits) fields. Set Public Exponent Value as F4 and Key Format as PEM. Then, click on OK, as shown in the following screenshot:
Under SSL Certificates, select Create CSR (Certificate Signing Request). Enter the Request File Name and Key Filename fields that are created in the previous step. Choose PEM as the Key Format, create a password, enter the values in the Distinguished Name Fields section, and then click on OK, as shown in the following screenshot.
Note
Common Name must be different from the server certificate common name in the next step.
Create the certificate. Under SSL Certificates, select Create Certificate. Enter a name in Certificate File Name and choose Certificate Format as PEM. Select Root-CA for Certificate Type, enter a name for Certificate Request File Name, and choose PEM as Key Format. Enter Validity Period (Number of Days) and Key Filename and then click on OK, as shown in the following screenshot:
