Citrix NetScaler can be used to load balance various network traffic between servers including HTTP and HTTPS. This article goes through the steps of configuring load balancing and SSL Offloading, which helps reduce the load on the server.
Open a web browser and log on to the NetScaler web management console.
Expand System > Settings and click Configure Modes.
Deselect Layer 3 Mode (IP Forwarding) to prevent the NetScaler from being used as a router and click OK.
Click Configure Basic Features.
Select SSL Offloading and Load Balancing and click OK. Feature that you wish to use must be enabled before they work.
Expand Traffic Management > SSL and click Import PKCS#12 to import an existing PFX SSL certificate file.
Enter the certificate file name followed by the PEM file extension in Output File Name and click Choose File to browse for the PFX file.
Select the file and click Open.
Enter the password used to encrypt the PFX file in Import Password. Select DES or 3DES in Encoding Format and enter the same password or a new one into PEM Passphrase and Confirm PEM Passphrase to encrypt the PEM file.
Expand SSL > Certificates > Server Certificates and click Install to add the newly imported SSL certificate into the NetScaler configuration, so it can be used.
Enter the certificate name in Certificate-Key Pair Name and click Choose File.
Select the PEM file imported in earlier and click Open.
Enter the Password used to encrypt the PEM file and click Install.
Sometimes this warning messages shows up because it initially fails to execute the command on the secondary appliance, only if you have an HA pair configured. The chances are that it will successfully synchronize the appliances anyway. You can check the secondary appliances configuration to make sure the configuration change shows up. Click OK.
The SSL certificate should now appear in the list.
Import the root or intermediate Certificate Authority SSL certificate on to the NetScaler by going to CA Certificates and click Install.
Enter Certificate-Key Pair Name, click on the down arrow for Choose File and clickLocal.
Select the SSL certificate file and click Open.
The SSL certificate should show up in the list.
Go back to Server Certificates, select the SSL certificate imported earlier and click Link from the Action drop-down box. To make sure that the SSL certificate is fully trusted by the client machine it's good idea to link the SSL certificate with the root or intermediate CA certificate that signed it.
The NetScaler should automatically find the Certificate Authority used to sign the SSL certificate. Click OK.
Expand Traffic Management > Load Balancing > Servers to add the servers that will be load balanced by NetScaler and click Add.
Enter the server name in Name, its address in IP Address and click Create.