NetScaler creating a multi-domain certificate (SAN)

1. Create a OpenSSL profile on the local computer by modifying the fields below for your own needs.
Note 1: In the example used in this article, the configuration file is named "Req.conf".
Note 2: "Req_extensions" will place the subject alternative name in the CSR, and "X509_extensions" will be used when creating the actual certificate file.

[Req]
Distinguished_name = Req_distinguished_name
Req_extensions = V3_req
prompt = No
[Req_distinguished_name]
C = CN
ST = Province
L = City
O = Company
OU = organizational unit
CN = www.company.com
[V3_req]
Keyusage = KeyEncipherment, dataencipherment
Extendedkeyusage = Serverauth
SubjectAltName = @alt_names
[Alt_names]
Dns.1 = www.company.com
Dns.2 = company.com
Dns.3 = Www.company.net
Dns.4 = Company.net

2. Upload the file to the/Nsconfig/ssl directory on the NetScaler device.

3. Log on to the NetScaler command line interface as Nsroot and switch to the shell prompt.

Run the following command to create a certificate signing request and a new key file (note that, due to the CA version, you may need to change sha256 to SHA1):

Shell
Cd/nsconfig/ssl
OpenSSL req-new-out company.com.csr-newkey rsa:2048-nodes-sha256-keyout company.com.key.temp-config req.conf

Run the following command to verify the certificate signing request:

OpenSSL req-text-noout-verify-in COMPANY.COM.CSR

Run the following command to move the key file to the correct format used on NetScaler:

OpenSSL rsa-in company.com.key.temp-out Company.com.key
RM company.com.key.temp

4. Download the certificate signing request File "COMPANY.COM.CSR" and provide it to your certification authority for signature.

5. Upload the certificate provided by the certification authority to the/NSCONFIG/SSL directory on the NetScaler device and install the certificate using the "Company.com.key" file that you created earlier.

NetScaler creating a multi-domain certificate (SAN)