Thursday, January 23, 2014

Updating SSL Certificate on Netscaler VPX Resource Already Exists Error

Updating or Replacing an SSL Certificate on Netscaler VPX 10

Resource Already Exists error Citrix Netscaler

When replacing or updating an SSL certificate on a Netscaler VPX version 10 appliance you get a Resource Already Exists error message. even when yo utry to add the certificate as a new certificate bypassing the update option in the Netscaler the message persists.

This can be caused by the same serial number or thumbprint on the re-issued certificate. This scenario is rare and most often occurs if there are two or more Netscalers in a load balance fail over configuration.

Oddly enough , this error can also occur if there is a problem with the SSL certificate itself. The cert can be from any CA and although it seemingly looks okay, closer inspection will reveal the certificate was generated with SHA2 encryption algorithm.  Have the certificate re-issued using SHA1. The Netscaler version 10 does not support SHA2 for SSL certs on virtual servers yet. Most likely, Netscaler 9 also does not support SHA1.

Contact your CA certificate provider and ask them to re-issue the certificate but generate it using SHA1 .