Creating a certificate request
To create a certificate request, perform the following steps:
Navigate to Traffic Management | SSL. Under SSL Keys, select the Create RSA Key option, as shown in the following screenshot:
To create the RSA key, enter a Key Filename and Key Size(bits) value, set the Public Exponent Value as F4, choose PEM as Key Format, and click on OK, as shown in the following screenshot:
Under Tools, select Create CSR (Certificate Signing Request). Enter the Request File Name and Key Filename you have created in the previous step. Choose PEM as Key Format, enter the password from the time the RSA key was created, enter the details in the Distinguished Name Fields section, and click on OK, as shown in the following screenshot.
Note
Common Name must match the Fully Qualified Domain Name used to access the Site; for example,
ng.xenpipe.comis what we will use to connect to NetScaler Gateway. So, in this example, as before, we create a wildcard certificate that will work across all subdomains; hence, you see*.xenpipe.comin the Common Name field. If you don't do this, the certificate will not work.
Download the Certificate Signing Request from NetScaler Gateway. You can do this using WinSCP as we did in Appendix C, Creating Self-signed Certificates for NetScaler Gateway™, or you can use the NetScaler tool. Navigate to Traffic Management | SSL | Tools | Manage Certificates / Keys / CSRs as shown in the following screenshot:
Select the
requestfile you just created and click on Download…, as shown in the following screenshot:
Open the
requestfile using a text editor, for example, Notepad. Copy the text as shown in the following screenshot:Note
Certificate request files are encrypted and appear as a big block of garbled text. To submit a request to a public CA, you simply copy the text and paste it into the public CA's web form. We will see how to paste this text into the public CA's web form in the next section.
