[BUG] Citrix NetScaler Build 51.5: GUI Secure Only not working through SSL/VPN

Citrix NetScaler GUI console reachable through http while “Secure Only” is enabled when using an SSL/VPN connection.

To make sure your NetScaler implementation is compliant with PCI-DSS standards you have to make sure you cannot approach the Management Console in a non-encrypted manner. During my most recent implementations using Build 51.5nc I noticed that although having enabled this option I can still access the GUI through an unencrypted http connection instead of https when connected by an Access Gateway SSL/VPN connection.

Citrix Support has confirmed this bug and is working on a solution.

Web Interface for Citrix NetScaler – Error “Import SSL certificate failed”

I always create(d) the certificate on a Microsoft IIS Server then exported it as a .pfx import into Citrix NetScaler and let the Citrix NetScaler convert it to a .pem certificate. After this step you can Install the certificate by choosing the same .pem certificate for the Certificate File Name field and Private Key File Name field (see screenshot below). Citrix NetScaler will extract the right certificate from within the .pem file.

With some certificates you would have to download the root certificate and link it to the installed certificate.

After this step you can bind the newly installed certificate to the Access Gateway Virtual Server and it will work fine!

Read more of this post