Add SSL certificates to Citrix ADC 13.0 – Part 2

Posted by

Part 2 – Installing an SSL certificate on Citrix ADC.

In Part 1, we generated the “Private Key” and the CSR. Hopefully you have activated and downloaded the SSL Certificate from your CA by now and we can continue to install the SSL Certificates on the ADC. First we need to upload the issued certificate (the .crt file) and the intermediate certificate (.ca-bundle file) to the ADC.

4. Upload issued certificates to the ADC

Login to your ADC management portal and navigate to “Configuration > Traffic Management > SSL. Click “Manage Certificates / Keys / CSRs”

Click on “Upload” and navigate to the SSL Certificates you downloaded from your CA.

Select the issued certificate (the .crt file) and the intermdiate certificate (.ca-bundle file). Once uploaded, the .crt and .ca-bundle files will show in the list (see below).

5. Install the uploaded certificates

Now that the issued certificate (the .crt file) and the intermediate certificate (.ca-bundle file) are both uploaded to the ADC, we need to install the Certificate.

Navigate to “Configuration > Traffic Management > SSL > Certificates”

Click the “Get Started” button (see below).

Click “Install”

  • Enter a name for the Certificate-Key pair name.
  • For the Certificate File name field, Click “Choose File > Appliance” and choose the Certificate (.crt) you uploaded to the ADC in the previous steps (gateway_organization_com.crt)
  • For the Key File name field, Click “Choose File > Appliance” and choose the “Private Key” previously generated with th CSR. This will be the .key file you uploaded to the ADC in the previous steps (name_rsa_key.key)
  • Leave “Notify When Expires” ticked
  • Leave notification period on 30 Days
  • Click install.

The certificate will install on th ADC and you will no see it listed (see below).

The certificate will now install on the ADC and show in the list of certificates (see below).

Even though we have now successfully installed the Certificate on the ADC, we still need to install the intermediate certificate ( .ca-bundle file) in order for the Certificate to be trusted.

Under Server Certificates, Click install again

This image has an empty alt attribute; its file name is 10-1.jpg

Note: Only the “Certificate-Key pair name” and “Certificate File name” fields are required for intermediate certificate (CA Bundle) files.

  • Enter a name for the Certificate-Key pair name. This will be for the intermediate certificate
  • For the Certificate File name field, Click “Choose File > Appliance” and choose the intermediate certificate (.ca-bundle file) you uploaded to the ADC along with the .crt (gateway_organization_com.crt)
  • Leave “Notify When Expires” ticked
  • Leave notification period on 30 Days
  • Click install.

The intermediate certificate ( .ca-bundle file) will now install on the ADC and show in the list of certificates along with the previously installed certificate (.crt file) (see below).

6. Link the installed certificates

The final thing to do is to link the certificate to the intermediatery certificate (CA Bundle).

Hover over the certificate you created (Gateway_Key_Pair), click the (…) button and click link (see below)

Now choose the intermeditary certificate that was installed previously and click OK (see below).

Success

That’s it – we have succssfully generated a Private Key and a CSR. We have then used the generated CSR to obtain an SSL Certificate from our CA. The obtained certificate has been uploaded to the ADC and paried with the Private Key. The intermidiate certificate has also been uploaded to the ADC, and linked to the certificate.

The certificate can now be used, by binding it to a vserver.

Part 1 – Add SSL certificates to Citrix ADC 13.0

One comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.