Citrix NetScaler 12 – CLI upgrade helps

There is a new and shiny NetScaler version available – version 12! Smile

All the news and docs are available here, and you can download the latest bits from here. But, I will not write about them now – there is something else I would like to share.

Unlike with other (minor) upgrades, upgrading to this version… well, there were some “challenges”. If you have used Citrix NetScaler before, it has its nice and simple GUI, through which you can do many things… one of them being a system upgrade.

Upgrade process by using GUI is pretty straight-forward:

  • download the latest firmware from Citrix website (.tgz file)
  • login to the appliance and save current configuration
  • if you are using virtual appliances, you can also do a snapshot or checkpoint (depending on the virtualization platform you are using)
  • go to System System Upgrade and select the firmware file and click Upgrade

image

  • when installation completes, reboot the appliance
  • enjoy your shiny, new NetScaler 12 (upgraded in just 6 steps)! Smile

And now about “the other way”… Smile

As I’ve observed, upgrade option through GUI was not working (for me) in any of the major browsers (Chrome, Firefox, Edge or even Internet Explorer) – upload of firmware finishes and then… nothing really happens. Strange, but… it’s just my luck. No big deal! Smile

What helped in my case:

  • download the latest firmware from Citrix website (.tgz file)
  • use PuTTY to establish SSH connection to your appliance
  • run save config to save all the changes you have made to your existing configuration (but maybe forgot to save it before Smile)
  • if you are using virtual appliances, you can also do a snapshot or checkpoint (depending on the virtualization platform you are using)
  • type in shell (to enter the shell, where we will work with files)
  • create a folder for the new version (I have simply called it 12, as in /var/nsinstall/12/, where I will upload the new firmware)
  • use PSCP (PuTTy Secure Copy Client), also a free command-line utility to copy firmware to the appliance, inside the newly created folder:

image

  • go back to PuTTy and extract the contents of this firmware:

  • once extracted, run the ./installns command, which will actually do the upgrade (something that was never triggered in my GUI upgrade attempts, obviously Smile)
  • when installation completes, reboot the appliance

image

  • enjoy your shiny, new NetScaler 12 (upgraded in just 11 steps)! Smile

image

image

For a longer, better explained… and official version, please check the Citrix docs, available here.

Note that nothing really changes in your usual upgrade routine – those steps are just in case you have trouble with the GUI, as I did (if your GUI works normally, with your browser, use it).

Hope it helps!

Cheers!

NetScaler, XenMobile and SSL certificates

So, you’ve finally decided to make yourself “a small Citrix lab” (XenMobile and NetScaler), but you’re having trouble with getting all the certificates in place. Fear not, I’m here to help!

Installing the SSL certificates for NetScaler is relatively simple, but still… some steps are easily forgotten and then… you need to troubleshoot. Smile

Steps to install the SSL certificate for NetScaler (correctly) are:

  1. Install the server certificate (for example, certificate for xms.yourdomain.com). The easiest way is to use .PFX certificate file, and you can install it through Traffic Management – SSL – Certificates – Server Certificates.
  2. Install the issuing and root CA’s certificates (.PEM files are OK) through Traffic Management – SSL – Certificates – CA Certificates.
  3. Create link (right click – Link) between the server certificate and issuing CA’s certificate.
  4. Create link (right click – Link) between the issuing CA’s certificate and root CA’s certificate.
  5. Check the certificate links on issuing CA’s certificate (right click – Certificate links). There should be two – one linking the server certificate, another the root certificate.
  6. Select the imported certificate for NetScaler Gateway usage.
  7. Select the imported certificate for (SSL) virtual servers as well. If you’re using NetScaler appliances in HA mode, force synchronization.
  8. Check if certificates are installed properly (for example, by opening the MAM interface with your browser – https://mam.yourdomain.com/ or https://mam.yourdomain.com:8443/).
  9. Check if certificate chain is in order as well – https://www.digicert.com/help/.

For XenMobile Server, there is some preparation work to do, to get it all right. Basically, you’ll need to combine all the (.PEM) certificate files into one, upload that to XenMobile Server, and restart.

Steps are:

  1. Combine individual (.PEM) certificate files (server, issuing and root CA) into one .PEM file by following instructions on this DigiCert site (you can use Notepad to achieve this). Your final .PEM file should look like this:
  2. —–BEGIN CERTIFICATE—–
    (server_certificate.pem content)
    —–END CERTIFICATE—–

    —–BEGIN CERTIFICATE—–
    (issuing_ca_certificate.pem content)
    —–END CERTIFICATE—–

    —–BEGIN CERTIFICATE—–
    (root_ca_certificate.pem content)
    —–END CERTIFICATE—–

  3. Upload the combined (.PEM) certificate file to XenMobile Server.
  4. Restart all the XenMobile Server nodes (one by one).
  5. Check if nodes picked up the certificate change (for example, by opening the XenMobile Server management interface with your browser – https://{node’s_IP_address}:4443).
  6. Check if certificate chain is in order as well – https://www.digicert.com/help/.

And… that’s it!

Oh, yeah – in case you’ve been living under a rock… don’t use the SHA-1 certificates anymore… they are obsolete now (info). Smile

Cheers!

MobilityDay 2016

As mentioned before, I was at the MobilityDay 2016 conference on Thursday, where I’ve had an honor to deliver a session about Citrix XenMobile & NetScaler solutions (yup, I know… it’s not Hyper-V… go figure… but my demo environment was still runnning on top of Hyper-V, so…).

Session was actually a short introduction to what Citrix XenMobile solution offers and how to set it all up, combined with NetScaler, for a complete management of mobile devices and mobile applications.

Conference was great, as always – so much old (and new) faces, with lots of fun. This time it was actually a 10th birthday of MobilityDay!

14470566_10205580989363163_284177836217597639_n(photo by Romeo)

Happy birthday, MobilityDay! (and congrats to the organizers) Smile

Slides are available at my SlideShare:

Cheers!