-
-
-
-
-
-
-
-
ssl-action
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
ssl-action
The following operations can be performed on “ssl-action”:
show | rm | add |
show ssl action
Displays information about all the SSL actions configured on the appliance, or displays detailed information about the specified SSL action.
Synopsis
show ssl action [
Arguments
name Name of the SSL action for which to show detailed information.
Output
stateflag clientAuth Perform client certificate authentication.
clientCertVerification Client certificate verification is mandatory or optional.
clientCert Insert the entire client certificate into the HTTP header of the request being sent to the web server. The certificate is inserted in ASCII (PEM) format.
certHeader clientCertSerialNumber Insert the entire client serial number into the HTTP header of the request being sent to the web server.
certSerialHeader clientCertSubject Insert the client certificate subject, also known as the distinguished name (DN), into the HTTP header of the request being sent to the web server.
certSubjectHeader clientCertHash Insert the certificate’s signature into the HTTP header of the request being sent to the web server. The signature is the value extracted directly from the X.509 certificate signature field. All X.509 certificates contain a signature field.
certHashHeader clientCertFingerprint Insert the certificate’s fingerprint into the HTTP header of the request being sent to the web server. The fingerprint is derived by computing the specified hash value (SHA256, for example) of the DER-encoding of the client certificate.
certFingerprintHeader certFingerprintDigest clientCertIssuer Insert the certificate issuer details into the HTTP header of the request being sent to the web server.
certIssuerHeader sessionID Insert the SSL session ID into the HTTP header of the request being sent to the web server. Every SSL connection that the client and the Citrix ADC share has a unique ID that identifies the specific connection.
sessionIDHeader cipher Insert the cipher suite that the client and the Citrix ADC negotiated for the SSL session into the HTTP header of the request being sent to the web server. The appliance inserts the cipher-suite name, SSL protocol, export or non-export string, and cipher strength bit, depending on the type of browser connecting to the SSL virtual server or service (for example, Cipher-Suite: RC4- MD5 SSLv3 Non-Export 128-bit).
cipherHeader OWASupport If the appliance is in front of an Outlook Web Access (OWA) server, insert a special header field, FRONT-END-HTTPS: ON, into the HTTP requests going to the OWA server. This header communicates to the server that the transaction is HTTPS and not HTTP.
forward This action takes an argument a vserver name, to this vserver one will be able to forward all the packets.
caCertGrpName This action will allow to pick CA(s) from the specific CA group, to verify the client certificate.
clientCertNotBefore Insert the date from which the certificate is valid into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time from which it is valid.
certNotBeforeHeader clientCertNotAfter Insert the date of expiry of the certificate into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time at which the certificate expires.
certNotAfterHeader hits The number of times the action has been taken.
undefHits The number of times the action resulted in UNDEF.
referenceCount The number of references to the action.
description Description of the action
flags ssllogProfile The name of the ssllogprofile.
builtin Flag to determine whether ssl action is built-in or not
feature The feature to be checked while applying this config
devno count
Example
show ssl action 1 Configured SSL action: 1) Name: certInsert_act Data Insertion Action: Cert Header: ENABLED Cert Tag: CERT
rm ssl action
Removes the specified SSL action.
Synopsis
rm ssl action
Arguments
name Name of the SSL action to remove.
Example
rm ssl action certInsert_act
add ssl action
Creates a new SSL action. An SSL action defines SSL settings that you can apply to the selected requests. You associate an action with one or more policies. Data in client connection requests or responses is compared to a rule (expression) specified in the policy, and the action is applied to connections that match the rule.
Synopsis
add ssl action
Arguments
name Name for the SSL action. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the action is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).
clientAuth Perform client certificate authentication.
Possible values: DOCLIENTAUTH, NOCLIENTAUTH
clientCertVerification Client certificate verification is mandatory or optional.
Possible values: Mandatory, Optional Default value: Mandatory
ssllogProfile The name of the ssllogprofile.
clientCert Insert the entire client certificate into the HTTP header of the request being sent to the web server. The certificate is inserted in ASCII (PEM) format.
Possible values: ENABLED, DISABLED
certHeader Name of the header into which to insert the client certificate.
clientCertSerialNumber Insert the entire client serial number into the HTTP header of the request being sent to the web server.
Possible values: ENABLED, DISABLED
certSerialHeader Name of the header into which to insert the client serial number.
clientCertSubject Insert the client certificate subject, also known as the distinguished name (DN), into the HTTP header of the request being sent to the web server.
Possible values: ENABLED, DISABLED
certSubjectHeader Name of the header into which to insert the client certificate subject.
clientCertHash Insert the certificate’s signature into the HTTP header of the request being sent to the web server. The signature is the value extracted directly from the X.509 certificate signature field. All X.509 certificates contain a signature field.
Possible values: ENABLED, DISABLED
certHashHeader Name of the header into which to insert the client certificate signature (hash).
clientCertFingerprint Insert the certificate’s fingerprint into the HTTP header of the request being sent to the web server. The fingerprint is derived by computing the specified hash value (SHA256, for example) of the DER-encoding of the client certificate.
Possible values: ENABLED, DISABLED
certFingerprintHeader Name of the header into which to insert the client certificate fingerprint.
certFingerprintDigest Digest algorithm used to compute the fingerprint of the client certificate.
Possible values: SHA1, SHA224, SHA256, SHA384, SHA512
clientCertIssuer Insert the certificate issuer details into the HTTP header of the request being sent to the web server.
Possible values: ENABLED, DISABLED
certIssuerHeader Name of the header into which to insert the client certificate issuer details.
sessionID Insert the SSL session ID into the HTTP header of the request being sent to the web server. Every SSL connection that the client and the Citrix ADC share has a unique ID that identifies the specific connection.
Possible values: ENABLED, DISABLED
sessionIDHeader Name of the header into which to insert the Session ID.
cipher Insert the cipher suite that the client and the Citrix ADC negotiated for the SSL session into the HTTP header of the request being sent to the web server. The appliance inserts the cipher-suite name, SSL protocol, export or non-export string, and cipher strength bit, depending on the type of browser connecting to the SSL virtual server or service (for example, Cipher-Suite: RC4- MD5 SSLv3 Non-Export 128-bit).
Possible values: ENABLED, DISABLED
cipherHeader Name of the header into which to insert the name of the cipher suite.
clientCertNotBefore Insert the date from which the certificate is valid into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time from which it is valid.
Possible values: ENABLED, DISABLED
certNotBeforeHeader Name of the header into which to insert the date and time from which the certificate is valid.
clientCertNotAfter Insert the date of expiry of the certificate into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time at which the certificate expires.
Possible values: ENABLED, DISABLED
certNotAfterHeader Name of the header into which to insert the certificate’s expiry date.
OWASupport If the appliance is in front of an Outlook Web Access (OWA) server, insert a special header field, FRONT-END-HTTPS: ON, into the HTTP requests going to the OWA server. This header communicates to the server that the transaction is HTTPS and not HTTP.
Possible values: ENABLED, DISABLED
forward This action takes an argument a vserver name, to this vserver one will be able to forward all the packets.
caCertGrpName This action will allow to pick CA(s) from the specific CA group, to verify the client certificate.
Example
add ssl action certInsert_act -clientCert ENABLED -certHeader CERT
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.