Developer Documentation
ADC NITRO APIs
Current Release 13.1 13

sslaction

August 17, 2023
Contributed by: 
C

Configuration for SSL action resource.

Properties

(click to see Operations )

Name Data Type Permissions Description
name Read-write Name for the SSL action. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the action is created. The following requirement applies only to the Citrix ADC CLI If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’). Minimum length = 1
clientauth Read-write Perform client certificate authentication.

Possible values = DOCLIENTAUTH, NOCLIENTAUTH
clientcertverification Read-write Client certificate verification is mandatory or optional.

Default value: Mandatory

Possible values = Mandatory, Optional
ssllogprofile Read-write The name of the ssllogprofile.

Minimum length = 1

Maximum length = 127
clientcert Read-write Insert the entire client certificate into the HTTP header of the request being sent to the web server. The certificate is inserted in ASCII (PEM) format.

Possible values = ENABLED, DISABLED
certheader Read-write Name of the header into which to insert the client certificate.
clientcertserialnumber Read-write Insert the entire client serial number into the HTTP header of the request being sent to the web server.

Possible values = ENABLED, DISABLED
certserialheader Read-write Name of the header into which to insert the client serial number.
clientcertsubject Read-write Insert the client certificate subject, also known as the distinguished name (DN), into the HTTP header of the request being sent to the web server.

Possible values = ENABLED, DISABLED
certsubjectheader Read-write Name of the header into which to insert the client certificate subject.
clientcerthash Read-write Insert the certificate’s signature into the HTTP header of the request being sent to the web server. The signature is the value extracted directly from the X.509 certificate signature field. All X.509 certificates contain a signature field.

Possible values = ENABLED, DISABLED
certhashheader Read-write Name of the header into which to insert the client certificate signature (hash).
clientcertfingerprint Read-write Insert the certificate’s fingerprint into the HTTP header of the request being sent to the web server. The fingerprint is derived by computing the specified hash value (SHA256, for example) of the DER-encoding of the client certificate.

Possible values = ENABLED, DISABLED
certfingerprintheader Read-write Name of the header into which to insert the client certificate fingerprint.
certfingerprintdigest Read-write Digest algorithm used to compute the fingerprint of the client certificate.

Possible values = SHA1, SHA224, SHA256, SHA384, SHA512
clientcertissuer Read-write Insert the certificate issuer details into the HTTP header of the request being sent to the web server.

Possible values = ENABLED, DISABLED
certissuerheader Read-write Name of the header into which to insert the client certificate issuer details.
sessionid Read-write Insert the SSL session ID into the HTTP header of the request being sent to the web server. Every SSL connection that the client and the Citrix ADC share has a unique ID that identifies the specific connection.

Possible values = ENABLED, DISABLED
sessionidheader Read-write Name of the header into which to insert the Session ID.
cipher Read-write Insert the cipher suite that the client and the Citrix ADC negotiated for the SSL session into the HTTP header of the request being sent to the web server. The appliance inserts the cipher-suite name, SSL protocol, export or non-export string, and cipher strength bit, depending on the type of browser connecting to the SSL virtual server or service (for example, Cipher-Suite: RC4- MD5 SSLv3 Non-Export 128-bit).

Possible values = ENABLED, DISABLED
cipherheader Read-write Name of the header into which to insert the name of the cipher suite.
clientcertnotbefore Read-write Insert the date from which the certificate is valid into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time from which it is valid.

Possible values = ENABLED, DISABLED
certnotbeforeheader Read-write Name of the header into which to insert the date and time from which the certificate is valid.
clientcertnotafter Read-write Insert the date of expiry of the certificate into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time at which the certificate expires.

Possible values = ENABLED, DISABLED
certnotafterheader Read-write Name of the header into which to insert the certificate’s expiry date.
owasupport Read-write If the appliance is in front of an Outlook Web Access (OWA) server, insert a special header field, FRONT-END-HTTPS: ON, into the HTTP requests going to the OWA server. This header communicates to the server that the transaction is HTTPS and not HTTP.

Possible values = ENABLED, DISABLED
forward Read-write This action takes an argument a vserver name, to this vserver one will be able to forward all the packets.

Minimum length = 1

Maximum length = 127
cacertgrpname Read-write This action will allow to pick CA(s) from the specific CA group, to verify the client certificate.

Minimum length = 1

Maximum length = 31
hits Read-only The number of times the action has been taken.
undefhits Read-only The number of times the action resulted in UNDEF.
referencecount Read-only The number of references to the action.
description Read-only Description of the action.
builtin <String[]> Read-only Flag to determine whether ssl action is built-in or not.

Possible values = MODIFIABLE, DELETABLE, IMMUTABLE, PARTITION_ALL
feature Read-only The feature to be checked while applying this config.
__count Read-only count parameter

Operations

(click to see Properties )

  • ADD
  • DELETE
  • GET (ALL)
  • GET
  • COUNT

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER: <username>

    X-NITRO-PASS: <password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

*Note: *

Mandatory parameters are marked in red and placeholder content is marked in green

add

URL: http:// <netscaler-ip-address> /nitro/v1/config/sslaction

HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload: 


{"sslaction":{
<b>      "name":<String_value>,
</b>      "clientauth":<String_value>,
      "clientcertverification":<String_value>,
      "ssllogprofile":<String_value>,
      "clientcert":<String_value>,
      "certheader":<String_value>,
      "clientcertserialnumber":<String_value>,
      "certserialheader":<String_value>,
      "clientcertsubject":<String_value>,
      "certsubjectheader":<String_value>,
      "clientcerthash":<String_value>,
      "certhashheader":<String_value>,
      "clientcertfingerprint":<String_value>,
      "certfingerprintheader":<String_value>,
      "certfingerprintdigest":<String_value>,
      "clientcertissuer":<String_value>,
      "certissuerheader":<String_value>,
      "sessionid":<String_value>,
      "sessionidheader":<String_value>,
      "cipher":<String_value>,
      "cipherheader":<String_value>,
      "clientcertnotbefore":<String_value>,
      "certnotbeforeheader":<String_value>,
      "clientcertnotafter":<String_value>,
      "certnotafterheader":<String_value>,
      "owasupport":<String_value>,
      "forward":<String_value>,
      "cacertgrpname":<String_value>
}}

<!--NeedCopy-->

Response:

HTTP Status Code on Success: 201 Created

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

delete

URL: http:// <netscaler-ip-address> /nitro/v1/config/sslaction/ name_value<String>

HTTP Method: DELETE

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL: http:// <netscaler-ip-address> /nitro/v1/config/sslaction

Query-parameters:

attrs

http:// <netscaler-ip-address> /nitro/v1/config/sslaction? attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

filter

http:// <netscaler-ip-address> /nitro/v1/config/sslaction? filter=property-name1:property-val1,property-name2:property-val2

Use this query-parameter to get the filtered set of sslaction resources configured on NetScaler.Filtering can be done on any of the properties of the resource.

view

http:// <netscaler-ip-address> /nitro/v1/config/sslaction? view=summary

Use this query-parameter to get the summary output of sslaction resources configured on NetScaler.

Note: By default, the retrieved results are displayed in detail view (?view=detail).

pagination

http:// <netscaler-ip-address> /nitro/v1/config/sslaction? pagesize=#no;pageno=#no

Use this query-parameter to get the sslaction resources in chunks.

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload: 


{ "sslaction": [ {
      "name":<String_value>,
      "clientauth":<String_value>,
      "clientcertverification":<String_value>,
      "clientcert":<String_value>,
      "certheader":<String_value>,
      "clientcertserialnumber":<String_value>,
      "certserialheader":<String_value>,
      "clientcertsubject":<String_value>,
      "certsubjectheader":<String_value>,
      "clientcerthash":<String_value>,
      "certhashheader":<String_value>,
      "clientcertfingerprint":<String_value>,
      "certfingerprintheader":<String_value>,
      "certfingerprintdigest":<String_value>,
      "clientcertissuer":<String_value>,
      "certissuerheader":<String_value>,
      "sessionid":<String_value>,
      "sessionidheader":<String_value>,
      "cipher":<String_value>,
      "cipherheader":<String_value>,
      "owasupport":<String_value>,
      "forward":<String_value>,
      "cacertgrpname":<String_value>,
      "clientcertnotbefore":<String_value>,
      "certnotbeforeheader":<String_value>,
      "clientcertnotafter":<String_value>,
      "certnotafterheader":<String_value>,
      "hits":<Double_value>,
      "undefhits":<Double_value>,
      "referencecount":<Double_value>,
      "description":<String_value>,
      "ssllogprofile":<String_value>,
      "builtin":<String[]_value>,
      "feature":<String_value>
}]}

<!--NeedCopy-->

get

URL: http:// <netscaler-ip-address> /nitro/v1/config/sslaction/ name_value<String>

Query-parameters:

attrs

http:// <netscaler-ip-address> /nitro/v1/config/sslaction/ name_value<String> ? attrs=property-name1,property-name2

Use this query parameter to specify the resource details that you want to retrieve.

view

http:// <netscaler-ip-address> /nitro/v1/config/sslaction/ name_value<String> ? view=summary

Use this query-parameter to get the summary output of sslaction resources configured on NetScaler.

Note: By default, the retrieved results are displayed in detail view (?view=detail).

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload: 


{  "sslaction": [ {
      "name":<String_value>,
      "clientauth":<String_value>,
      "clientcertverification":<String_value>,
      "clientcert":<String_value>,
      "certheader":<String_value>,
      "clientcertserialnumber":<String_value>,
      "certserialheader":<String_value>,
      "clientcertsubject":<String_value>,
      "certsubjectheader":<String_value>,
      "clientcerthash":<String_value>,
      "certhashheader":<String_value>,
      "clientcertfingerprint":<String_value>,
      "certfingerprintheader":<String_value>,
      "certfingerprintdigest":<String_value>,
      "clientcertissuer":<String_value>,
      "certissuerheader":<String_value>,
      "sessionid":<String_value>,
      "sessionidheader":<String_value>,
      "cipher":<String_value>,
      "cipherheader":<String_value>,
      "owasupport":<String_value>,
      "forward":<String_value>,
      "cacertgrpname":<String_value>,
      "clientcertnotbefore":<String_value>,
      "certnotbeforeheader":<String_value>,
      "clientcertnotafter":<String_value>,
      "certnotafterheader":<String_value>,
      "hits":<Double_value>,
      "undefhits":<Double_value>,
      "referencecount":<Double_value>,
      "description":<String_value>,
      "ssllogprofile":<String_value>,
      "builtin":<String[]_value>,
      "feature":<String_value>
}]}

<!--NeedCopy-->

count

URL: http:// <netscaler-ip-address> /nitro/v1/config/sslaction? count=yes

HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response:

HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload: 


{ "sslaction": [ { "__count": "#no"} ] }

<!--NeedCopy-->
sslaction
August 17, 2023
Contributed by: 
C
August 17, 2023
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.