-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
sslcert
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
sslcert
Configuration for cerificate resource.
Properties
(click to see Operations)
Name | Data Type | Permissions | Description |
---|---|---|---|
certfile |
|
Read-write | Name for and, optionally, path to the generated certificate file. /nsconfig/ssl/ is the default path. Maximum length = 63 |
reqfile |
|
Read-write | Name for and, optionally, path to the certificate-signing request (CSR). /nsconfig/ssl/ is the default path. Maximum length = 63 |
certtype |
|
Read-write | Type of certificate to generate. Specify one of the following: * ROOT_CERT - Self-signed Root-CA certificate. You must specify the key file name. The generated Root-CA certificate can be used for signing end-user client or server certificates or to create Intermediate-CA certificates. * INTM_CERT - Intermediate-CA certificate. * CLNT_CERT - End-user client certificate used for client authentication. * SRVR_CERT - SSL server certificate used on SSL servers for end-to-end encryption. Possible values = ROOT_CERT, INTM_CERT, CLNT_CERT, SRVR_CERT |
keyfile |
|
Read-write | Name for and, optionally, path to the private key. You can either use an existing RSA or DSA key that you own or create a new private key on the Citrix ADC. This file is required only when creating a self-signed Root-CA certificate. The key file is stored in the /nsconfig/ssl directory by default. If the input key specified is an encrypted key, you are prompted to enter the PEM pass phrase that was used for encrypting the key. Maximum length = 63 |
keyform |
|
Read-write | Format in which the key is stored on the appliance. Default value: PEM Possible values = DER, PEM |
pempassphrase |
|
Read-write | . Minimum length = 1 Maximum length = 31 |
days |
|
Read-write | Number of days for which the certificate will be valid, beginning with the time and day (system time) of creation. Default value: 365 Minimum value = 1 Maximum value = 3650 |
subjectaltname |
|
Read-write | Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called “Subject Alternative Names” (SAN). Names include: 1. Email addresses 2. IP addresses 3. URIs 4. DNS names (This is usually also provided as the Common Name RDN within the Subject field of the main certificate.) 5. directory names (alternative Distinguished Names to that given in the Subject). Minimum length = 1 |
certform |
|
Read-write | Format in which the certificate is stored on the appliance. Default value: PEM Possible values = DER, PEM |
cacert |
|
Read-write | Name of the CA certificate file that issues and signs the Intermediate-CA certificate or the end-user client and server certificates. Maximum length = 63 |
cacertform |
|
Read-write | Format of the CA certificate. Default value: PEM Possible values = DER, PEM |
cakey |
|
Read-write | Private key, associated with the CA certificate that is used to sign the Intermediate-CA certificate or the end-user client and server certificate. If the CA key file is password protected, the user is prompted to enter the pass phrase that was used to encrypt the key. Maximum length = 63 |
cakeyform |
|
Read-write | Format for the CA certificate. Default value: PEM Possible values = DER, PEM |
caserial |
|
Read-write | Serial number file maintained for the CA certificate. This file contains the serial number of the next certificate to be issued or signed by the CA. If the specified file does not exist, a new file is created, with /nsconfig/ssl/ as the default path. If you do not specify a proper path for the existing serial file, a new serial file is created. This might change the certificate serial numbers assigned by the CA certificate to each of the certificates it signs. Maximum length = 63 |
Operations
(click to see Properties)
Some options that you can use for each operations:
-
Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".
-
Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER:<username>
X-NITRO-PASS:<password>
Note:In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
*Note:
*
Mandatory parameters are marked in redand placeholder content is marked in <green>.
create
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslcert?action=create
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"sslcert":{
<b>"certfile":<String_value>,
</b><b>"reqfile":<String_value>,
</b><b>"certtype":<String_value>,
</b>"keyfile":<String_value>,
"keyform":<String_value>,
"pempassphrase":<String_value>,
"days":<Double_value>,
"subjectaltname":<String_value>,
"certform":<String_value>,
"cacert":<String_value>,
"cacertform":<String_value>,
"cakey":<String_value>,
"cakeyform":<String_value>,
"caserial":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.