Web Interface on NetScaler nCore–first impression

I have been waiting anxiously on this feature for a while since it has been delayed by Citrix a number of times, this feature was already announced at Citrix Synergy (SF 2010) back in May. And now I had the chance to install it at a customer which was also very interested in decommisioning his (Microsoft Windows) Citrix Web Interface servers and replacing it with Web Interface on Citrix NetScaler. For me it is the chance to find out what the pros and cons are about this feature.


Installation was ok, if it was up to me the Citrix Web Interface was just like other components such as Access Gateway just to be enabled within a build. Maybe can expect this in future releases. I installed the Web Interface on a more recent build of the nCore version (Build 98.6) so I had to downgrade to get this working. Good to know is that the Access Gateway customizations were retained which I was very happy about. Because you are downgrading Citrix NetScaler asks you if you would like to import a different nsconfig file.


There are very few settings possible when working within the NetScaler GUI. There is a wizard which let’s you create the websites.


I thought the documentation was not very complete, first thing you want to do is customize the Citrix Web Interface which you can find nothing about in de Admin Guide. The files you need to customize are in /var/wi/tomcat/webapps/Citrix/<web interface name>

You have to customize Citrix Web interface in the WebInterface.conf which is located in /var/wi/tomcat/webapps/Citrix/<web interface name>/WEB-INF/. This file is the same format as used in regular Citrix Web Interface servers installed on Windows.


There is an issue when importing the certificate for Access Gateway Web Interface. The certificate used for Citrix Access Gateway needs to be imported in the Java Diablo Latte JRE Webserver. At first I got “Import SSL certificate failed. Following command execution failed: ./export_cert.sh /nsconfig/ssl/<certname.pem>”, so executed this command at the CLI and got the following output “keytool error: java.lang.Exception: Input not an X.509 certificate”. Opening up export_cert.sh seems to be a script built around the Java Keytool executable which doesn’t quite work just jet. I imported the original .pfx certificate in Windows and exported it as a X.509 certificate, uploaded it to the Citrix NetScaler en executed “keytool -import -trustcacerts -file /nsconfig/ssl/<certname.cer> –alias <alias>  -keystore $JAVA_HOME/jre/lib/security/cacerts” which succesfully imported the certificate in the JAVA keystore. It could be just coincedence that this happens when using Thawte certificates which I used in this environment, I googled more folks with this problem with Thawte certificates.


The Citrix Web Interface servers worked like a charm Smile. I will update this post (or a new one) with results when it will be put into production.


Many customers use a Citrix NetScaler MPX 5500 series, Citrix has limited the number of Web Interfaces on these particulair series to 3 which I think is too bad. Expecially because of the enormous gap with the MPX 7500 series which supports 25. In a standard Citrix infrastructure environment I would like at least 4 Web Interfaces to get everything going:
– Citrix Web Interface site / HTTP (inside);
– Citrix XenApp Services site / HTTP (inside);
– Citrix Web Interface for Access Gateway / SSL (outside);
– Citrix XenApp Services site for Citrix Receiver / SSL (outside).

The supported numbers by platform:


Another limitation is the fact that it can only be used on Citrix NetScaler, I would like to see this feature released on the Citrix Access Gateway Enterprise which makes it a more complete (Enterprise) product.

On top of the Web Interface on NetScaler nCore download page it states “The solution requires the use of NetScaler MPX or VPX models with nCore”. As you may or may not know there is no nCore version for the VPX platform (only Classic), but there will be an nCore version for the VPX platform released within the next 2 months. So as of then it will be possible to install Web Interface on the VPX platform and I for one will be very curious about the limitations that will be built in.

9 Responses to Web Interface on NetScaler nCore–first impression

  1. Hi Henry,

    Great post and next week installing two MPX 5500 in HA mode for on our customer and very and are eagerly awaiting the project for internal, external web interface and pnagent service and load balancing.. bulitin the new 9.2eNcore build.



  2. Hi Christian,

    Let me know how it works out, there is a number of (relatively) known issues related to the build and/or Web interface for nCore. But performance wise it runs like a rocket. 🙂

    Good Luck!


  3. Daniel Ruiz says:

    We been running WI on nCore 9.3 with no issues for our internal WI site for XD. We had to do some reconfigurations on the web.config file, however it seems copying most of the WI 5.4 web.config settings work fine.

    I would like to see the Receiver “Green screen” portal integrated and also get AGEE up to speed with the new look and feel of CAG 5.4.3 with the Green and Gray screens.

    Not sure if anyone has any clue when CTX will get this going.


  4. Roy says:

    I installed netscaler vpx enterprise and try to import the ncore package, but the message “this feature is not licenced” appears. I also tried to download the webinterface on netscaler but it seems no more availabe on the citrix website? Anybody an idea what to do?


  5. Roy says:

    I get the message this content is restricted. With my account i can download the netscaler license but it seems i cant view this page. I`m trying to import the webinterface.tgz into the netscaler vpx 10.1 but i can`t find the file specified in the download area.


    • This seems a licensing rights issue. Are you using a Citrix NetScaler Standard, Enterprise or Platinum version? I’m under the impression you are using NetScaler Gateway (formerly known as Citrix Access Gateway Enterprise).


  6. Roy says:

    From the manual it seems that i need nswi-1.5.tgz


    • The version should not matter. The most recent version is 1.7, I would advice to use the latest version, there are some annoying bugs on previous versions.


%d bloggers like this: