Hidden control characters in certificate\key file
You can use the OpenSSL implementation of the BSD Unix distribution on ADC to import/export certificate and key files. There are no control characters in the exported file. These characters will prevent the successful installation of the certificate and key files:
1. Use the secure copy program (WinSCP) to copy the certificate and key files to the /nsconfig/ssl directory of the ADC device.
Certificate and key files can also be uploaded to ADC using the configuration utility. Navigate to "Traffic Management"> "SSL"> "Manage Certificate/Key/CSR"> "Upload", as shown in the following screenshot:
2. Open a Secure Shell (SSH) session to the device, and after authentication, run a shell command to switch to Shell.
3. Navigate to the /nsconfig/ssl directory:
cd /nsconfig/ssl
4. Use OpenSSL to import and export certificate files. The following example applies to PEM or Base64 certificates:
openssl x509 -in <certificateFileName> -out <newCertificateFileName>
5. Use OpenSSL to import and export key files. The following example applies to PEM or Base64 key files:
openssl rsa -in <keyFileName> -out <newKeyFileName>
Now you can use the newly exported file version to successfully import the certificate on the ADC device.
SSL certificate that is not encoded in Base-64 format
Open the certificate on the Windows computer and convert it to Base-64 encoded X.509 (.CER), and then install the certificate on the device:
1. Go to Start>Run and type mmc on the Windows computer.
2. Double-click and open the certificate file to be converted.
3. Click Details.
4. Click Copy to file.
5. Select the Base-64 encoded X.509 (.CER) option.
6. Click Next.
7. Browse to the location where you want to save the converted certificate. Name the file with a .cer extension.
Click Next.
Install the converted certificate on the NetScaler device.
PKCS#7 certificate is incorrectly converted to PEM format
This error occurs when a PKCS#7 (.p7b) certificate is incorrectly converted to PEM format. For the correct process, please refer to CTX124783-How to convert PKCS#7 certificate to PEM format.
Cause
of the problem The reason for this problem is that there are hidden space control characters in the certificate/key file
Reference link: https://support.citrix.com/article/CTX137887