-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
sslocspresponder
-
-
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
sslocspresponder
Configuration for OCSP responser resource.
Properties
(click to see Operations)
Name | Data Type | Permissions | Description |
---|---|---|---|
name |
|
Read-write | Name for the OCSP responder. Cannot begin with a hash (#) or space character and must contain only ASCII alphanumeric, underscore (_), hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the responder is created. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my responder” or ‘my responder’). Minimum length = 1 Maximum length = 127 |
url |
|
Read-write | URL of the OCSP responder. Minimum length = 1 Maximum length = 127 |
cache |
|
Read-write | Enable caching of responses. Caching of responses received from the OCSP responder enables faster responses to the clients and reduces the load on the OCSP responder. Default value: DISABLED Possible values = ENABLED, DISABLED |
cachetimeout |
|
Read-write | Timeout for caching the OCSP response. After the timeout, the Citrix ADC sends a fresh request to the OCSP responder for the certificate status. If a timeout is not specified, the timeout provided in the OCSP response applies. Default value: 1 Minimum value = 1 Maximum value = 43200 |
batchingdepth |
|
Read-write | Number of client certificates to batch together into one OCSP request. Batching avoids overloading the OCSP responder. A value of 1 signifies that each request is queried independently. For a value greater than 1, specify a timeout (batching delay) to avoid inordinately delaying the processing of a single certificate. Minimum value = 1 Maximum value = 8 |
batchingdelay |
|
Read-write | Maximum time, in milliseconds, to wait to accumulate OCSP requests to batch. Does not apply if the Batching Depth is 1. Minimum value = 1 Maximum value = 10000 |
resptimeout |
|
Read-write | Time, in milliseconds, to wait for an OCSP response. When this time elapses, an error message appears or the transaction is forwarded, depending on the settings on the virtual server. Includes Batching Delay time. Minimum value = 100 Maximum value = 120000 |
ocspurlresolvetimeout |
|
Read-write | Time, in milliseconds, to wait for an OCSP URL Resolution. When this time elapses, an error message appears or the transaction is forwarded, depending on the settings on the virtual server. Minimum value = 100 Maximum value = 2000 |
respondercert |
|
Read-write | . Minimum length = 1 |
trustresponder |
|
Read-write | A certificate to use to validate OCSP responses. Alternatively, if -trustResponder is specified, no verification will be done on the reponse. If both are omitted, only the response times (producedAt, lastUpdate, nextUpdate) will be verified. |
producedattimeskew |
|
Read-write | Time, in seconds, for which the Citrix ADC waits before considering the response as invalid. The response is considered invalid if the Produced At time stamp in the OCSP response exceeds or precedes the current Citrix ADC clock time by the amount of time specified. Default value: 300 Minimum value = 0 Maximum value = 86400 |
signingcert |
|
Read-write | Certificate-key pair that is used to sign OCSP requests. If this parameter is not set, the requests are not signed. Minimum length = 1 |
usenonce |
|
Read-write | Enable the OCSP nonce extension, which is designed to prevent replay attacks. Possible values = YES, NO |
insertclientcert |
|
Read-write | Include the complete client certificate in the OCSP request. Possible values = YES, NO |
httpmethod |
|
Read-write | HTTP method used to send ocsp request. POST is the default httpmethod. If request length is > 255, POST wil be used even if GET is set as httpMethod. Default value: POST Possible values = GET, POST |
ocspaiarefcount |
|
Read-only | No of CA certs referencing this AIA responder. |
ocspipaddrstr |
|
Read-only | DNS resolved IP address. |
port |
|
Read-only | Port number on which OCSP Server listens. Range 1 - 65535 * in CLI is represented as 65535 in NITRO API |
__count |
|
Read-only | count parameter |
Operations
(click to see Properties)
ADD | DELETE | UPDATE | UNSET | GET (ALL) | GET | COUNT |
Some options that you can use for each operations:
-
Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".
-
Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER:<username>
X-NITRO-PASS:<password>
Note:In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
*Note:
*
Mandatory parameters are marked in redand placeholder content is marked in <green>.
add
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"sslocspresponder":{
<b>"name":<String_value>,
</b><b>"url":<String_value>,
</b>"cache":<String_value>,
"cachetimeout":<Double_value>,
"batchingdepth":<Double_value>,
"batchingdelay":<Double_value>,
"resptimeout":<Double_value>,
"ocspurlresolvetimeout":<Double_value>,
"respondercert":<String_value>,
"trustresponder":<Boolean_value>,
"producedattimeskew":<Double_value>,
"signingcert":<String_value>,
"usenonce":<String_value>,
"insertclientcert":<String_value>,
"httpmethod":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 201 Created HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
delete
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder/name_value<String>
HTTP Method:DELETE
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue>
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
update
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder
HTTP Method:PUT
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"sslocspresponder":{
<b>"name":<String_value>,
</b>"url":<String_value>,
"cache":<String_value>,
"cachetimeout":<Double_value>,
"batchingdepth":<Double_value>,
"batchingdelay":<Double_value>,
"resptimeout":<Double_value>,
"ocspurlresolvetimeout":<Double_value>,
"respondercert":<String_value>,
"trustresponder":<Boolean_value>,
"producedattimeskew":<Double_value>,
"signingcert":<String_value>,
"usenonce":<String_value>,
"insertclientcert":<String_value>,
"httpmethod":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
unset
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?action=unset
HTTP Method:POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json
Request Payload:
{"sslocspresponder":{
<b>"name":<String_value>,
</b>"trustresponder":true,
"insertclientcert":true,
"cache":true,
"cachetimeout":true,
"batchingdepth":true,
"batchingdelay":true,
"resptimeout":true,
"ocspurlresolvetimeout":true,
"respondercert":true,
"producedattimeskew":true,
"signingcert":true,
"usenonce":true,
"httpmethod":true
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error
get (all)
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder
Query-parameters:
attrs
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
filter
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?filter=property-name1:property-val1,property-name2:property-val2
Use this query-parameter to get the filtered set of sslocspresponder resources configured on Citrix ADC. Filtering can be done on any of the properties of the resource.
view
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?view=summary
Note:By default, the retrieved results are displayed in detail view (?view=detail).
pagination
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?pagesize=#no;pageno=#no
Use this query-parameter to get the sslocspresponder resources in chunks.
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "sslocspresponder": [ {
"name":<String_value>,
"url":<String_value>,
"cache":<String_value>,
"cachetimeout":<Double_value>,
"batchingdepth":<Double_value>,
"batchingdelay":<Double_value>,
"ocspurlresolvetimeout":<Double_value>,
"resptimeout":<Double_value>,
"producedattimeskew":<Double_value>,
"respondercert":<String_value>,
"trustresponder":<Boolean_value>,
"signingcert":<String_value>,
"usenonce":<String_value>,
"insertclientcert":<String_value>,
"ocspaiarefcount":<Double_value>,
"httpmethod":<String_value>,
"ocspipaddrstr":<String_value>,
"port":<Integer_value>
}]}
<!--NeedCopy-->
get
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder/name_value<String>
Query-parameters:
attrs
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder/name_value<String>?attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
view
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder/name_value<String>?view=summary
Note:By default, the retrieved results are displayed in detail view (?view=detail).
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "sslocspresponder": [ {
"name":<String_value>,
"url":<String_value>,
"cache":<String_value>,
"cachetimeout":<Double_value>,
"batchingdepth":<Double_value>,
"batchingdelay":<Double_value>,
"ocspurlresolvetimeout":<Double_value>,
"resptimeout":<Double_value>,
"producedattimeskew":<Double_value>,
"respondercert":<String_value>,
"trustresponder":<Boolean_value>,
"signingcert":<String_value>,
"usenonce":<String_value>,
"insertclientcert":<String_value>,
"ocspaiarefcount":<Double_value>,
"httpmethod":<String_value>,
"ocspipaddrstr":<String_value>,
"port":<Integer_value>
}]}
<!--NeedCopy-->
count
URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?count=yes
HTTP Method:GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json
Response:
HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:
Content-Type:application/json
Response Payload:
{ "sslocspresponder": [ { "__count": "#no"} ] }
<!--NeedCopy-->
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.