I renewed a SSL certificate on my Exchange Servers and needed to update it on my NetScaler.
To import the SSL certificate to NetScaler you need to export and convert the certificate. This is common usage for using a “Windows Certificate” on a Linux system or in a Java certificate store.
The steps to accomplish this:

  • Export the certificate from Exchange to a .pfx-file.
  • Extract the Certificate and Private Key from the .pfx-file. Windows does not support doing this natively, you need to have OpenSSL installed.
  • Import the Certificate and the Private Key file to NetScaler (or another appliance).


Export the certificate from Exchange 2010 Management Console

Go to Server Configuration and select the certificate you want to export.
Enter filename and a password.

Export the certificate from Exchange admin center (Exchange 2013)

Go to Servers and select Certificates

Mark the certificate and klick the (more) icon and select Export Exchange certificate.

Enter UNC Path and Password.


Convert the exported certificate
For this step you need to install OpenSSL: https://www.openssl.org/community/binaries.html

Read more about the PKCS#12 file utility: http://www.openssl.org/docs/manmaster/apps/pkcs12.html


Import the certificate to NetScaler
Go to Traffic Management > SSL > SSL Certificates and click Update.
Use the dropdown on the “Browse” button to select Local file rather than first uploading the file to the NetScaler.