ADC CLI Commands

ssl-caCertGroup

The following operations can be performed on “ssl-caCertGroup”:

rm unbind show bind add

rm ssl caCertGroup

Deletes the specified CA certificate group.

Synopsis

rm ssl caCertGroup

Arguments

caCertGroupName Name given to the CA certificate group. The name will be used to add the CA certificates to the group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my file” or ‘my file’).

Example

rm ssl cacertgroup

unbind ssl caCertGroup

Unbinds the specified CA certificates from the group.

Synopsis

unbind ssl caCertGroup

Arguments

caCertGroupName Name given to the CA certificate group. The name will be used to add the CA certificates to the group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my file” or ‘my file’).

certkeyName Name of the certificate-key pair.

Example

unbind ssl cacertgroup

show ssl caCertGroup

Lists information about either all CA certificate groups or the specified CA certificate group.

Synopsis

show ssl caCertGroup []

Arguments

caCertGroupName Name of the CA certificate group for which to show detailed information.

Output

stateflag caCertGroupReferences Count for ssl actions referring to this ca certificate group.

certkeyName Name for the certkey added to the Citrix ADC. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the certificate-key pair is created.The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my cert” or ‘my cert’).

ocspCheck The state of the OCSP check parameter. (Mandatory/Optional)

crlCheck The state of the CRL check parameter. (Mandatory/Optional)

devno count

Example

1) show ssl cacertgroup 2) show ssl cacertgroup

bind ssl caCertGroup

Binds the specified CA certificates to the group.

Synopsis

bind ssl caCertGroup \( \[-crlCheck \( Mandatory | Optional ) | -ocspCheck \( Mandatory | Optional )] )

Arguments

caCertGroupName Name given to the CA certificate group. The name will be used to add the CA certificates to the group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my file” or ‘my file’).

certkeyName Name of the certificate-key pair.

crlCheck Rule to use for the CRL corresponding to the CA certificate during client authentication. Available settings function as follows:

  • MANDATORY - Deny SSL clients if the CRL is missing or expired, or the Next Update date is in the past, or the CRL is incomplete.
  • OPTIONAL - Allow SSL clients if the CRL is missing or expired, or the Next Update date is in the past, or the CRL is incomplete, but deny if the client certificate is revoked in the CRL.

Possible values: Mandatory, Optional Default value: CRLCHECK_OPTIONAL

ocspCheck Rule to use for the OCSP responder associated with the CA certificate during client authentication. If MANDATORY is specified, deny all SSL clients if the OCSP check fails because of connectivity issues with the remote OCSP server, or any other reason that prevents the OCSP check. With the OPTIONAL setting, allow SSL clients even if the OCSP check fails except when the client certificate is revoked.

Possible values: Mandatory, Optional

Example

bind ssl cacertgroup

add ssl caCertGroup

Creates a new CA certificate group.

Synopsis

add ssl caCertGroup

Arguments

caCertGroupName Name given to the CA certificate group. The name will be used to add the CA certificates to the group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my file” or ‘my file’).

Example

add ssl cacertgroup [cacertgroup_name]

ssl-caCertGroup