CSR code is an encoded text file used for certificate activation. This code contains the company/contact details and the domain name which needs to be secured.
For a successful SSL configuration further on, a Private Key needs to be generated along with the CSR code. Unlike the CSR, the Private Key will not be exported from the server and will not be used for SSL activation. Nevertheless, this file will be required to install the certificate on Citrix NetScaler VPX after it is issued.
In order to generate a CSR/Private Key pair on Citrix NetScaler VPX, log into your device console, click on the Configuration tab, expand the Traffic Management left-side menu and select SSL:
On the next page, it is necessary to click Create RSA Key in the SSL Keys section.
At this point, you need to fill in the form to have a Private Key generated:
Key Filename - make up a name for the Private Key file in order to differentiate it from other key files. It may be your domain name, for instance.
Key Size - we recommend entering 2048. It is the minimum possible value and the standard size which is accepted by all modern devices.
Public Exponent Value - it is recommended to use the default value F4. This feature is related to the speed of encryption and the cipher algorithms to be used.
Key Format - choose the PEM format from the drop-down list as it is the format supported by Citrix NetScaler VPX.
The PEM Encoding Algorithm, PEM Passphrase and Confirm PEM Passphrase fields should be left blank since this Private Key encryption feature is obsolete now.
After all the required fields are filled in, click OK and return to the main page of the NetScaler console.
On the homepage of the console, choose the Configuration tab, expand the Traffic Management left-side menu and select SSL again. In the SSL Certificates menu, click Create CSR (Certificate Signing Request).
On the next page, it is necessary to fill in the fields with the following information:
Request Filename - make up a name for the CSR code in order to differentiate it from other codes that are stored on your server.
Key Filename - click Browse and select the Private Key that was generated before.
Key Format - choose the PEM format as it is the format supported by NetScaler VPX.
PEM Passphrase - leave this field blank since the Private Key has not been encrypted with a password.
Country - select your country from the drop-down list.
State or Province - specify the full name of your state or region.
Organization Name - enter the name of your company. If you do not have a registered company, enter NA.
City - provide the full name of your city or locality.
Email address - specify your email address. You may also leave this field blank as this email is no longer used for communication between the certificate applicant and the certificate authority.
Organization Unit - enter the company division or department (IT, Sales, etc.). It is possible to specify NA here as well.
Common name - indicate the fully qualified domain name/subdomain the certificate needs to be activated for. If you are generating a CSR code for a wildcard certificate, the following format should be used: *.example.com (the asterisk stands for the subdomains that will be covered by the SSL).
The attribute fields Challenge Password and Organization Name should be left blank as they both are considered obsolete.
After all the necessary fields are filled in, click Create > Close to finalize CSR generation.
Now, you need to locate the CSR code in your NetScaler VPX console.
Get back to the homepage of the console, select the Configuration tab, expand the Traffic Management tree menu and click SSL. In the Tools section, click Manage Certificates / Keys / CSRs.
On the next page, select the .csr file generated before and click View.
At this point, it is necessary to copy the CSR code including the header -----BEGIN CERTIFICATE REQUEST----- and footer -----END CERTIFICATE REQUEST----- or click Save to download the code on your computer.