Appendix D. Using Public CA-signed SSL Wildcard Certificates on NetScaler Gateway™
When you get ready to move to production, you will need a valid certificate signed by a public certificate authority. There are many vendors to purchase these certificates from, ranging from expensive, well-known vendors to the cheap ones. Verisign is well-recognized, just as GoDaddy is. Do yourself a favor and shop around. The cheapest one I could find for a wildcard certificate was LuckyRegister. I will demonstrate the concept of using public CA-signed SSL wildcard certificates on NetScaler Gateway using this website.
Another option is to use the Class 2 Verification certificate option from www.StartSSL.com. With this, you can create unlimited certificates for unlimited domains including wildcard certificates.
To remain flexible in our deployment, we will also use a wildcard certificate, for example, *.xenpipe.com, so that we can create and use different subdomains (ng.xenpipe.com) and still have our certificates work.
Note
The reason you want to use a certificate signed by a valid public Certificate Authority (CA) is because those vendors have trusted root certificates built into all of the browsers your clients use. You won't have to import any certificates and the certificate you purchase will be trusted by the clients connecting to NetScaler. Once you move from Proof of Concept to production, you really should use a public CA-signed certificate.
