Skip to main content
John Billekens | Notes from the field

HowTo - NetScaler - Update Certificate

··3 mins
ADC Citrix Netscaler ADC Certificate Citrix Citrix ADC HowTo NetScaler
Author
John Billekens
Technical Consultant | End User Computing

group: “NetScaler”

In this how-to article I will explain the procedure how to update a certificate on a Citrix NetScaler. If you wait until a certificate is expired wil cause a lot of issues for your users or visitors. By being on time with the renewal will save you a lot of trouble.

This article assumes you already renewed the certificate and have a pfx (without the root and intermediate) with matching password available.

You can also follow this article to export a certificate with private key to a pfx file.

If you want to install a certificate on the NetScaler you can follow this guide.

Updating an existing certificate is preferred over adding a new certificate. When adding an updated certificate as new, you will have to update all the bindings for all VIP’s. You don’t have to do this when updating an existing certificate. 

First login to the NetScaler with enough permissions to update/replace the certificate.

Log in the NetScaler

Next browse to “Traffic Management” / “SSL” / “Certificates” / “All Certificates

Select the certificate you want to update by clicking on the 3 dots (…) in front of the certificate.

Select certificate to update

In the context menu that follows, select “Update”.

Select update

Next, check the checkbox ti “Update the certificate and key” this will enable you to change the certificate and key file.

Enable update

To select the certificate, click on the down “˅” symbol and select “Local”.

An open dialog box will appear and you can select the new pfx-file.

Select new local pfx

Click “Yes” on the “Confirm” dialog prompt that appears.

Select OK to update

Make sure you also change the “Key File Name” by selecting the new pfx file.

And don’t forget to change/update the password for the new pfx file.

Click “OK” if you made all the necessary changes.

NOTE: It’s best practice to use unique and long (generated) passwords for your pfx-files.

Update all fields and password

If all goes well, the certificate will be updated without any error’s.

It can be that you will be shown a message that the link is or will be broken. In the next steps we will validate and update the link if required.

Click the “Link” button to update/validate the link.

Link the new certificate

You will see all intermediate and root certificates if they are installed.

It might be that the new certificate requires an updated intermediate or root certificate. You can follow this guide to add the new certificate(s).

Click the “Link Certificates” button to complete the links.

Create link between certificates

When all goes well, you will see a full (green) line with certificate symbols under the intermediate and root certificate(s).

View linked certificates

And that’s it, the certificate is updated.

The next time the user initiates a new SSL session the new certificate will be used.

NOTE: If you have a pre-existing session to the webpage and you refresh (F5) the webpage. You might be presented with the previous (old) certificate. Just open an in-private browser session and start a new session to validate the new certificate.

Related

HowTo - NetScaler - Install Certificate

··3 mins
group: “NetScaler” In this how-to article I will explain the procedure how to install a new certificate on a Citrix NetScaler. Certificates are an important piece in a secure connection from a client to a server.

HowTo - Windows - Export certificate (pfx)

··3 mins
group: “Windows” Certificates are an important part of a modern environment. They make communication safer by encrypting the traffic between the client and server. A safe way to move certificates between servers or store them safely is by exporting the certificate (private and public key) to an encrypted format. A commonly used format is “pfx” (Personal Information Exchange also known as PKCS#12). A pfx file can contain one or more certificates and is encrypted with a password. Without the correct password the pfx is useless. You commonly see that a pfx contains a (web) server certificate and one or more intermediate certificate(s) and a root certificate.

Manipulate the 'NameID' SAML content - part 1

·8 mins
Some companies want to allow other (guest) companies to connect to their environment and for example allow them to open a Citrix Desktop. This can be achieved by Connecting an existing Citrix environment to the guest company via SAML (and yes there are other possibilities). SAML is an authentication method based on a two-way trust. Two Microsoft products that can offer SAML authentication are ADFS (Active Directory Federation Services, an on-premises solution) and the other is and Enterprise App you can configure from the Azure portal. The other requirement is Citrix FAS (Federated Authentication Services). In this article I will show you a way to connect a guest (company) via SAML to allow them access to your Citrix environment without the need for adding the guest companies suffix to your domain.