Citrix ADC 12.1 NITRO API Reference

sslocspresponder

Configuration for OCSP responser resource.

Properties

(click to see Operations)

Name Data Type Permissions Description
name Read-write Name for the OCSP responder. Cannot begin with a hash (#) or space character and must contain only ASCII alphanumeric, underscore (_), hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the responder is created.

The following requirement applies only to the Citrix ADC CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my responder” or ‘my responder’).
Minimum length = 1
Maximum length = 127
url Read-write URL of the OCSP responder.
Minimum length = 1
Maximum length = 127
cache Read-write Enable caching of responses. Caching of responses received from the OCSP responder enables faster responses to the clients and reduces the load on the OCSP responder.
Default value: DISABLED
Possible values = ENABLED, DISABLED
cachetimeout Read-write Timeout for caching the OCSP response. After the timeout, the Citrix ADC sends a fresh request to the OCSP responder for the certificate status. If a timeout is not specified, the timeout provided in the OCSP response applies.
Default value: 1
Minimum value = 1
Maximum value = 43200
batchingdepth Read-write Number of client certificates to batch together into one OCSP request. Batching avoids overloading the OCSP responder. A value of 1 signifies that each request is queried independently. For a value greater than 1, specify a timeout (batching delay) to avoid inordinately delaying the processing of a single certificate.
Minimum value = 1
Maximum value = 8
batchingdelay Read-write Maximum time, in milliseconds, to wait to accumulate OCSP requests to batch. Does not apply if the Batching Depth is 1.
Minimum value = 1
Maximum value = 10000
resptimeout Read-write Time, in milliseconds, to wait for an OCSP response. When this time elapses, an error message appears or the transaction is forwarded, depending on the settings on the virtual server. Includes Batching Delay time.
Minimum value = 100
Maximum value = 120000
ocspurlresolvetimeout Read-write Time, in milliseconds, to wait for an OCSP URL Resolution. When this time elapses, an error message appears or the transaction is forwarded, depending on the settings on the virtual server.
Minimum value = 100
Maximum value = 2000
respondercert Read-write .
Minimum length = 1
trustresponder Read-write A certificate to use to validate OCSP responses. Alternatively, if -trustResponder is specified, no verification will be done on the reponse. If both are omitted, only the response times (producedAt, lastUpdate, nextUpdate) will be verified.
producedattimeskew Read-write Time, in seconds, for which the Citrix ADC waits before considering the response as invalid. The response is considered invalid if the Produced At time stamp in the OCSP response exceeds or precedes the current Citrix ADC clock time by the amount of time specified.
Default value: 300
Minimum value = 0
Maximum value = 86400
signingcert Read-write Certificate-key pair that is used to sign OCSP requests. If this parameter is not set, the requests are not signed.
Minimum length = 1
usenonce Read-write Enable the OCSP nonce extension, which is designed to prevent replay attacks.
Possible values = YES, NO
insertclientcert Read-write Include the complete client certificate in the OCSP request.
Possible values = YES, NO
httpmethod Read-write HTTP method used to send ocsp request. POST is the default httpmethod. If request length is > 255, POST wil be used even if GET is set as httpMethod.
Default value: POST
Possible values = GET, POST
ocspaiarefcount Read-only No of CA certs referencing this AIA responder.
ocspipaddrstr Read-only DNS resolved IP address.
port Read-only Port number on which OCSP Server listens.
Range 1 - 65535
* in CLI is represented as 65535 in NITRO API
__count Read-only count parameter

Operations

(click to see Properties)

ADD DELETE UPDATE UNSET GET (ALL) GET COUNT

Some options that you can use for each operations:

  • Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the Citrix ADC appliance, the URL is as follows:

    http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations:NITRO allows you to logon to the Citrix ADC appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note:In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

*Note:*

Mandatory parameters are marked in redand placeholder content is marked in <green>.

add

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"sslocspresponder":{
<b>"name":<String_value>,
</b><b>"url":<String_value>,
</b>"cache":<String_value>,
"cachetimeout":<Double_value>,
"batchingdepth":<Double_value>,
"batchingdelay":<Double_value>,
"resptimeout":<Double_value>,
"ocspurlresolvetimeout":<Double_value>,
"respondercert":<String_value>,
"trustresponder":<Boolean_value>,
"producedattimeskew":<Double_value>,
"signingcert":<String_value>,
"usenonce":<String_value>,
"insertclientcert":<String_value>,
"httpmethod":<String_value>
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 201 Created HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

delete

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder/name_value<String>

HTTP Method:DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

update

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder

HTTP Method:PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"sslocspresponder":{
<b>"name":<String_value>,
</b>"url":<String_value>,
"cache":<String_value>,
"cachetimeout":<Double_value>,
"batchingdepth":<Double_value>,
"batchingdelay":<Double_value>,
"resptimeout":<Double_value>,
"ocspurlresolvetimeout":<Double_value>,
"respondercert":<String_value>,
"trustresponder":<Boolean_value>,
"producedattimeskew":<Double_value>,
"signingcert":<String_value>,
"usenonce":<String_value>,
"insertclientcert":<String_value>,
"httpmethod":<String_value>
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

unset

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?action=unset

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:


{"sslocspresponder":{
<b>"name":<String_value>,
</b>"trustresponder":true,
"insertclientcert":true,
"cache":true,
"cachetimeout":true,
"batchingdepth":true,
"batchingdelay":true,
"resptimeout":true,
"ocspurlresolvetimeout":true,
"respondercert":true,
"producedattimeskew":true,
"signingcert":true,
"usenonce":true,
"httpmethod":true
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the error

get (all)

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder

Query-parameters:

attrs

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

filter

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?filter=property-name1:property-val1,property-name2:property-val2

Use this query-parameter to get the filtered set of sslocspresponder resources configured on Citrix ADC. Filtering can be done on any of the properties of the resource.

view

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

pagination

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?pagesize=#no;pageno=#no

Use this query-parameter to get the sslocspresponder resources in chunks.

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "sslocspresponder": [ {
"name":<String_value>,
"url":<String_value>,
"cache":<String_value>,
"cachetimeout":<Double_value>,
"batchingdepth":<Double_value>,
"batchingdelay":<Double_value>,
"ocspurlresolvetimeout":<Double_value>,
"resptimeout":<Double_value>,
"producedattimeskew":<Double_value>,
"respondercert":<String_value>,
"trustresponder":<Boolean_value>,
"signingcert":<String_value>,
"usenonce":<String_value>,
"insertclientcert":<String_value>,
"ocspaiarefcount":<Double_value>,
"httpmethod":<String_value>,
"ocspipaddrstr":<String_value>,
"port":<Integer_value>
}]}

<!--NeedCopy-->

get

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder/name_value<String>

Query-parameters:

attrs

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder/name_value<String>?attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

view

http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder/name_value<String>?view=summary

Note:By default, the retrieved results are displayed in detail view (?view=detail).

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "sslocspresponder": [ {
"name":<String_value>,
"url":<String_value>,
"cache":<String_value>,
"cachetimeout":<Double_value>,
"batchingdepth":<Double_value>,
"batchingdelay":<Double_value>,
"ocspurlresolvetimeout":<Double_value>,
"resptimeout":<Double_value>,
"producedattimeskew":<Double_value>,
"respondercert":<String_value>,
"trustresponder":<Boolean_value>,
"signingcert":<String_value>,
"usenonce":<String_value>,
"insertclientcert":<String_value>,
"ocspaiarefcount":<Double_value>,
"httpmethod":<String_value>,
"ocspipaddrstr":<String_value>,
"port":<Integer_value>
}]}

<!--NeedCopy-->

count

URL:http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslocspresponder?count=yes

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for Citrix ADC specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:


{ "sslocspresponder": [ { "__count": "#no"} ] }

<!--NeedCopy-->
sslocspresponder