How Do I Setup RSA Keys on NetScaler?

Use Case

• Ramesh wants to communicate with Suresh in a secure manner using RSA encryption algorithm.??

RSA is one of the widely used Public Key cryptosystem used for encrypted data exchange. ?? RSA stands for Rivest Shamir and Adleman, a combination of names of the designers who came up with the algorithm in 1977. RSA uses the concept of “Trap Door One-way function”. ?? A Trap Door One-way function is easy to compute on one direction but difficult to reverse the computation. Its strength relies on the hardness of prime factorization. The time required to compute prime factorization increases exponentially with increase in size of the number, as there are more steps involved. As the number grows the computer needs minutes, then hours and eventually needs hundreds and thousands of years to factor huge numbers. This concept of factorization is used to build the trapdoor solution. ??

Advantages of using RSA are as follows,

• There is no requirement for transmission of private keys. This improves security and convenience.

• Anyone who wants to compute private key, requires knowledge of the factorization of “n” which is the number used for generating the private key. If “n” is large, it would take hundreds of years to compute the factorization that leads to the private key even with the most powerful computer.??

Disadvantages of using RSA are as follows,

• While using RSA, it takes time to compute private and public key and there are secret key encryption methods which are significantly faster than RSA. Thus the disadvantage of RSA is computation speed as it takes more time compared to other methods.

In order to setup RSA keys on NetScaler, the following steps has to be followed.

1. Navigate to ?? Configuration tab -> Traffic Management -> SSL
   

2. Configure RSA Key parameters
   

• Key Filename indicates the filename which has the RSA parameters. The file( in this case “RSA_Key”) will get created at path /nsconfig/ssl/ by default.

• Key Size varies from minimum of 512 to a maximum of 4096.??

• Public Exponent value indicates the random number used along with public key mentioned above to encrypt user message.??

• Click “Create”. This will create RSA Key file at path /nsconfig/ssl by default.??

To generate RSA key using CLI command, “create ssl rsakey <RSAFile> [<bits>] [-exponent ( 3 | F4 )]” can be used.

The RSA file will contain the key inside ----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- in the created file.

To get server certificate, a Certificate Signing Request(CSR) has to be created.?? The Certificate Signing Request has to be sent to a Certificate Authority(CA), who issues a server certificate in return.

How to create a Certificate Signing Request?

Steps to generate Certificate Signing Request(CSR) are as follows,

1. Navigate to Traffic Management -> SSL??

2. Under SSL certificates click “Create Certificate Signing Request (CSR)
   

3. Enter the information required for creating a Certificate Signing Request.
   

This Certificate Signing Request has to be sent to a Certificate Authority to get the required Certificate. Using the RSA Key and Certificate received from CA, a Certificate-Key pair has to be created.??

How to create a Certificate-Key Pair?

A Certificate-Key pair can be created as follows:

1. Navigate to ?? Configuration tab -> Traffic Management -> SSL -> SSL Certificates
   

2. Click Install
   

• ???? Certificate-Key Pair Name indicates the name to be used for the certificate

• Certificate File Name indicates the name of the certificate received from CA

• Key File Name is the name of the RSA key file generated earlier.

This SSL certificate that is created can be bound to a vserver.

??