Skip to content

Archive

Tag: Netscaler

I renewed a SSL certificate on my Exchange Servers and needed to update it on my NetScaler.
 
To import the SSL certificate to NetScaler you need to export and convert the certificate. This is common usage for using a “Windows Certificate” on a Linux system or in a Java certificate store.
 
The steps to accomplish this:

  • Export the certificate from Exchange to a .pfx-file.
  • Extract the Certificate and Private Key from the .pfx-file. Windows does not support doing this natively, you need to have OpenSSL installed.
  • Import the Certificate and the Private Key file to NetScaler (or another appliance).

 
 
 

Export the certificate from Exchange 2010 Management Console
 

Go to Server Configuration and select the certificate you want to export.
 
 
crtexport2
Enter filename and a password.
 
 
 
 

Export the certificate from Exchange admin center (Exchange 2013)
 

Go to Servers and select Certificates
 
 

Mark the certificate and klick the (more) icon and select Export Exchange certificate.
 
 

Enter UNC Path and Password.

 
 
 
 

Convert the exported certificate
For this step you need to install OpenSSL: https://www.openssl.org/community/binaries.html

Read more about the PKCS#12 file utility: http://www.openssl.org/docs/manmaster/apps/pkcs12.html

 
 
 
 

Import the certificate to NetScaler
crtexport8
Go to Traffic Management > SSL > SSL Certificates and click Update.
 
 
crtexport9
Use the dropdown on the “Browse” button to select Local file rather than first uploading the file to the NetScaler.

 
 
 
 

I downloaded Netscaler VPX for Hyper-V from Citrix downloads and tried to import it to my Hyper-V 2012R2 machine but it failed with an error “Hyper-V did not find virtual machines to import from location“.
 

Reason for the import failing is because the NSVPX image has been created on 2008R2(Hyper-V2) and due to changes to the platform they are incompatible. You can read more about it here.

 

The short answer is to create a new machine.

Create a new virtual machine with the following settings: (values in bold are mandatory)
Specify Generation: Generation 1
Assign Memory: Startup memory: 2048 (do not select dynamic memory)
Configure Networking: Connection: (Select your preferred Connection)
Connect Virtual Hard Disk: Use an existing virtual hard disk (the .vhd image).

…and make sure the following is configured: (edit if needed)
Number of virtual processors:2
Network Adapter: May not be a “Legacy Network Adapter”

 
 

PowerShell equivalent of above:

 

Now configure your network settings. You will need at least one adapter for the management IP address (NSIP) for the NetScaler. Additional adapters may be needed in your environment.

 

Netscaler VPX Express is a free version of the NetScaler VPX appliance, but with a few limitations. You don’t have the same throughput, there is no SSL Offload and you need to renew the (free)license every year.. which is good enough for some cases.

 

Update 2015-04: Follow the link: Import Netscaler VPX to Hyper-V 2012R2.

 


 

Information below is kept for future reference.
 

Convert a NSVPX VMDK(VMWare) to VHD(Hyper-V)

 

I wanted to test the Netscaler VPX Express in my homelab but at the time there were no download available for Hyper-V. There were downloads for VMWare, XEN and KMS hypervisors.

I downloaded the current image for VMWare, “NetScaler VPX for ESX 10.5.e Build 52.1115.e

In an earlier post, i wrote how to convert an vmdk image to Hyper-V:

 

Create a new virtual machine with the following settings: (values in bold are mandatory)
Specify Generation: Generation 1
Assign Memory: Startup memory: 2048 (do not select dynamic memory)
Configure Networking: Connection: (Select your preferred Connection)
Connect Virtual Hard Disk: Use an existing virtual hard disk (the image above).

…and make sure the following is configured: (edit if needed)
Number of virtual processors: 2
Network Adapter: May not be a “Legacy Network Adapter”

 

Start the machine

If you get the “Invalid Slice” message you need to repair the bootloader, which can be done with the FreeBSD LiveCD.

Download the “FreeBSD-8.4-RELEASE-i386-livefs.iso”, mount it and reboot the machine.

 
From the Main Menu, select the following:

 
From the Configuration Menu, select:

 

freebsdvpxfdisk
Now select the freebsd partition and press “S” to make it bootable and “W” to write changes.

 
When asked for Boot Manager, select:

 
Press “Q” to finish and then exit the installer, make sure the CD-image is unmounted and reboot.

You should now be able to boot the netscaler.

 

After some initial configuration, login with the default credentials: NSROOT/NSROOT.