Rm ssl fipsKey ns-server.key import ssl fipsKey ns-server.key -key ns-server.key -inform PEM -exponent F4 add ssl certKey ns-server-certificate -cert ns-server.cert -fipsKey ns-server.key -inform PEM '.' -expiryMonitor DISABLED -bundle NO; Run the following command to identify the internal services: show service –internal grep SSL.

• Citrix Netscaler Internal Failure In Ssl Cert Key Generation Tool Free
• Citrix Netscaler Internal Failure In Ssl Cert Key Generation Tool Download

Citrix NetScaler VPX: Instructions for creating your CSR and installing your SSL Certificate with the NetScaler device console. Citrix NetScaler VPX: Create CSR and Install SSL Certificate Use these instructions to create your CSR (certificate signing request) and then, to install your SSL and intermediate certificates. Generate a server test certificate by using the GUI Navigate to Traffic Management SSL and, in the SSL Certificates group, select Create and Install a Server Test Certificate. The official version of this content is in English. From release 12.1 build 50.x, you can create an RSA or DSA key in PKCS#8 format. All SSL certificates and keys are stored in the /nsconfig/ssl folder on the appliance. For added security, you can use the Data Encryption Standard (DES) or triple DES (3DES) algorithm to encrypt the private key stored on the appliance. CSR generation instructions for Citrix Netscaler are located here. To backup, export, and move a SSL/TLS certificate from a Windows system with its private key to a Citrix Netscaler perform the following. “Internal failure in SSL cert/key generation tool” Solution To avoid this issue, type the correct password in the Import Password field when importing PCKS12 certificate on a NetScaler appliance.

Applicable Products

• XenApp 6.5
• XenApp 6.0 for Windows Server 2008 R2
• XenApp 5.0 for Windows Server 2008

Objective

This article describes how to create and configure server certificates for SSL Relay.
SSL Relay can be used to secure communication between Web Interface and the XenApp XML server, as well as secure communications from the ICA Client to the server. Regardless of the scenario being used, unique server certificates must be created for each server using SSL Relay.
This article uses an internal domain Certificate Authority to create a certificate template and sign the requests from the XenApp servers.
Note: It is assumed you have a Certificate Authority in place.

Instructions

Creating the certificate template

Citrix Netscaler Internal Failure In Ssl Cert Key Generation Tool Free

1. To create a new certificate template, open the Certificate Authority Snap-in from Administrative Tools. Right-click and click Manage.
   

2. Right-click Web Server and click Duplicate Template.
   

3. A dialog box opens prompting for a 2003 or 2008 Enterprise. For this template, select Windows Server 2003 Enterprise for a version 2 template that will be accessible using the Web Enrollment used later in this article.
   

4. Name the new certificate template and extend the validity, if desired. In this case, the template is named SSL Relay and the validity is changed to 5 years.
   

5. Click the Request Handling tab and select the Allow private key to be exported option.
   

   Here, RK stands for Round Key. Generate round key from other round key chain. Alice splits the plaintext into a left piece and a right piece, L 0 and R 0. That is, RK 0 = S. The left side of round i+1 is set as the right side of round i. Alice sets the value of round key zero to the initial secret key.

6. On the Security tab, ensure domain admins or the account you plan to use for enrollment have rights for enrollment.
   Click OK to close the dialog box and close the manage certificates window. For this template to be available, right-click Certificate Templates and select New > Certificate Template to Issue.
   

7. Select SSL Relay from the list.

Requesting the certificate from the XenApp server

1. Open Inter​net Explorer from the XenApp server and browse to the Certificate Authority using HTTPS. HTTPS is required for the certificate request.
   https://mycertserver.domain.com/certsrv

   1. Select Request a certificate.
      

   2. Select advanced certificate request.

   3. Select Create and submit a request to this CA.
      

   4. Select SSL Relay from the template drop-down and enter the details in the form. The name must be the Fully Qualified Domain Name (FQDN) of the XenApp server.
      

   5. Select Mark key as exportable option and give the certificate a Friendly Name then click Submit.

2. Confirm the dialog to accept this operation and then select Install this Certificate. The certificate is saved to the current user personal certificate store, but must be saved to the computer personal store. Open the MMC Snap-in on the XenApp server, and enter MMC in the run prompt.

3. From the File menu, select Add/Remote Snap-in. Select Certificates and add both the current user and computer certificate stores.
   

4. From the current user store, expand Personal > Certificates. Right-click the server certificate that was created in the preceding steps and select all tasks > export.

5. From the wizard click Next on the first screen, select Yes, export the private key and click Next. On the export file format screen do not update the defaults, click Next. Create a password for the private key and click Next. Choose a file name and save the certificate at any location on the local file system.

6. After the certificate has been exported, from the Certificates MMC expand the Computer store > Personal > Certificate.
   

7. Right-click Certificates and select All Tasks > Import. Browse to the saved location of the PFX file that was exported in the preceding step and import the certificate (Note: Select All Files from the select window). Enter the password created in Step 5 and select Mark this key as exportable option.
   

8. Click Next until finish.

Configure SSL Relay

Citrix Netscaler Internal Failure In Ssl Cert Key Generation Tool Download

1. Open the SSL Relay Configuration tool from the Start menu under Citrix > Administration Tools. Select Enable SSL Relay and ensure the appropriate certificate is selected from the drop-down list.
   

2. From the Connections tab, delete the entry that lists the server IP address. Ensure only the FQDN is remaining.
   

3. Ensure the XML Port is listed correctly. In this case, XML is using port 8080 and 1494 is used for ICA. Click OK and reboot the server. Now the server can be used for SSL Relay.

4. Repeat this process for any server in the farm that requires SSL Relay.