-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
sslprofile
-
-
-
-
-
videooptimizationdetectionpolicylabel_videooptimizationdetectionpolicy_binding
-
videooptimizationdetectionpolicy_videooptimizationglobaldetection_binding
-
videooptimizationglobaldetection_videooptimizationdetectionpolicy_binding
-
videooptimizationglobalpacing_videooptimizationpacingpolicy_binding
-
videooptimizationpacingpolicylabel_videooptimizationpacingpolicy_binding
-
videooptimizationpacingpolicy_videooptimizationglobalpacing_binding
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
sslprofile
Configuration for SSL profile resource.
Properties
(click to see Operations )
Name | Data Type | Permissions | Description |
---|---|---|---|
name |
|
Read-write | Name for the SSL profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the profile is created.
Minimum length = 1 Maximum length = 127 |
sslprofiletype |
|
Read-write | Type of profile. Front end profiles apply to the entity that receives requests from a client. Backend profiles apply to the entity that sends client requests to a server.
Default value: FrontEnd Possible values = BackEnd, FrontEnd |
ssllogprofile |
|
Read-write | The name of the ssllogprofile.
Minimum length = 1 Maximum length = 127 |
dhcount |
|
Read-write | Number of interactions, between the client and the Citrix ADC, after which the DH private-public pair is regenerated. A value of zero (0) specifies infinite use (no refresh).
This parameter is not applicable when configuring a backend profile. Allowed DH count values are 0 and >= 500. Minimum value = 0 Maximum value = 65534 |
dh |
|
Read-write | State of Diffie-Hellman (DH) key exchange.
This parameter is not applicable when configuring a backend profile. Default value: DISABLED Possible values = ENABLED, DISABLED |
dhfile |
|
Read-write | The file name and path for the DH parameter.
Minimum length = 1 |
ersa |
|
Read-write | State of Ephemeral RSA (eRSA) key exchange. Ephemeral RSA allows clients that support only export ciphers to communicate with the secure server even if the server certificate does not support export clients. The ephemeral RSA key is automatically generated when you bind an export cipher to an SSL or TCP-based SSL virtual server or service. When you remove the export cipher, the eRSA key is not deleted. It is reused at a later date when another export cipher is bound to an SSL or TCP-based SSL virtual server or service. The eRSA key is deleted when the appliance restarts.
This parameter is not applicable when configuring a backend profile. Default value: ENABLED Possible values = ENABLED, DISABLED |
ersacount |
|
Read-write | The refresh count for the re-generation of RSA public-key and private-key pair.
Minimum value = 0 Maximum value = 65534 |
sessreuse |
|
Read-write | State of session reuse. Establishing the initial handshake requires CPU-intensive public key encryption operations. With the ENABLED setting, session key exchange is avoided for session resumption requests received from the client.
Default value: ENABLED Possible values = ENABLED, DISABLED |
sesstimeout |
|
Read-write | The Session timeout value in seconds.
Minimum value = 0 Maximum value = 4294967294 |
cipherredirect |
|
Read-write | State of Cipher Redirect. If this parameter is set to ENABLED, you can configure an SSL virtual server or service to display meaningful error messages if the SSL handshake fails because of a cipher mismatch between the virtual server or service and the client.
This parameter is not applicable when configuring a backend profile. Default value: DISABLED Possible values = ENABLED, DISABLED |
cipherurl |
|
Read-write | The redirect URL to be used with the Cipher Redirect feature. |
clientauth |
|
Read-write | State of client authentication. In service-based SSL offload, the service terminates the SSL handshake if the SSL client does not provide a valid certificate.
This parameter is not applicable when configuring a backend profile. Default value: DISABLED Possible values = ENABLED, DISABLED |
clientcert |
|
Read-write | The rule for client certificate requirement in client authentication.
Possible values = Mandatory, Optional |
dhkeyexpsizelimit |
|
Read-write | This option enables the use of NIST recommended (NIST Special Publication 800-56A) bit size for private-key size. For example, for DH params of size 2048bit, the private-key size recommended is 224bits. This is rounded-up to 256bits.
Default value: DISABLED Possible values = ENABLED, DISABLED |
sslredirect |
|
Read-write | State of HTTPS redirects for the SSL service.
For an SSL session, if the client browser receives a redirect message, the browser tries to connect to the new location. However, the secure SSL session breaks if the object has moved from a secure site (https://) to an unsecure site (http://). Typically, a warning message appears on the screen, prompting the user to continue or disconnect. If SSL Redirect is ENABLED, the redirect message is automatically converted from http:// to https:// and the SSL session does not break. This parameter is not applicable when configuring a backend profile. Default value: DISABLED Possible values = ENABLED, DISABLED |
redirectportrewrite |
|
Read-write | State of the port rewrite while performing HTTPS redirect. If this parameter is set to ENABLED, and the URL from the server does not contain the standard port, the port is rewritten to the standard.
Default value: DISABLED Possible values = ENABLED, DISABLED |
ssl3 |
|
Read-write | State of SSLv3 protocol support for the SSL profile.
Note: On platforms with SSL acceleration chips, if the SSL chip does not support SSLv3, this parameter cannot be set to ENABLED. Default value: DISABLED Possible values = ENABLED, DISABLED |
tls1 |
|
Read-write | State of TLSv1.0 protocol support for the SSL profile.
Default value: ENABLED Possible values = ENABLED, DISABLED |
tls11 |
|
Read-write | State of TLSv1.1 protocol support for the SSL profile.
Default value: ENABLED Possible values = ENABLED, DISABLED |
tls12 |
|
Read-write | State of TLSv1.2 protocol support for the SSL profile.
Default value: ENABLED Possible values = ENABLED, DISABLED |
tls13 |
|
Read-write | State of TLSv1.3 protocol support for the SSL profile.
Default value: DISABLED Possible values = ENABLED, DISABLED |
snienable |
|
Read-write | State of the Server Name Indication (SNI) feature on the virtual server and service-based offload. SNI helps to enable SSL encryption on multiple domains on a single virtual server or service if the domains are controlled by the same organization and share the same second-level domain name. For example, *.sports.net can be used to secure domains such as login.sports.net and help.sports.net.
Default value: DISABLED Possible values = ENABLED, DISABLED |
ocspstapling |
|
Read-write | State of OCSP stapling support on the SSL virtual server. Supported only if the protocol used is higher than SSLv3. Possible values ENABLED: The appliance sends a request to the OCSP responder to check the status of the server certificate and caches the response for the specified time. If the response is valid at the time of SSL handshake with the client, the OCSP-based server certificate status is sent to the client during the handshake. DISABLED: The appliance does not check the status of the server certificate. . Default value: DISABLED Possible values = ENABLED, DISABLED |
serverauth |
|
Read-write | State of server authentication support for the SSL Backend profile.
Default value: DISABLED Possible values = ENABLED, DISABLED |
commonname |
|
Read-write | Name to be checked against the CommonName (CN) field in the server certificate bound to the SSL server.
Minimum length = 1 |
pushenctrigger |
|
Read-write | Trigger encryption on the basis of the PUSH flag value. Available settings function as follows
|
sendclosenotify |
|
Read-write | Enable sending SSL Close-Notify at the end of a transaction.
Default value: YES Possible values = YES, NO |
cleartextport |
|
Read-write | Port on which clear-text data is sent by the appliance to the server. Do not specify this parameter for SSL offloading with end-to-end encryption.
Range 1 - 65535 * in CLI is represented as 65535 in NITRO API |
insertionencoding |
|
Read-write | Encoding method used to insert the subject or issuer’s name in HTTP requests to servers.
Default value: Unicode Possible values = Unicode, UTF-8 |
denysslreneg |
|
Read-write | Deny renegotiation in specified circumstances. Available settings function as follows
|
quantumsize |
|
Read-write | Amount of data to collect before the data is pushed to the crypto hardware for encryption. For large downloads, a larger quantum size better utilizes the crypto resources.
Default value: 8192 Possible values = 4096, 8192, 16384 |
strictcachecks |
|
Read-write | Enable strict CA certificate checks on the appliance.
Default value: NO Possible values = YES, NO |
encrypttriggerpktcount |
|
Read-write | Maximum number of queued packets after which encryption is triggered. Use this setting for SSL transactions that send small packets from server to Citrix ADC.
Default value: 45 Minimum value = 10 Maximum value = 50 |
pushflag |
|
Read-write | Insert PUSH flag into decrypted, encrypted, or all records. If the PUSH flag is set to a value other than 0, the buffered records are forwarded on the basis of the value of the PUSH flag. Available settings function as follows 0 - Auto (PUSH flag is not set.) 1 - Insert PUSH flag into every decrypted record. 2 -Insert PUSH flag into every encrypted record. 3 - Insert PUSH flag into every decrypted and encrypted record. Minimum value = 0 Maximum value = 3 |
dropreqwithnohostheader |
|
Read-write | Host header check for SNI enabled sessions. If this check is enabled and the HTTP request does not contain the host header for SNI enabled sessions(i.e vserver or profile bound to vserver has SNI enabled and ‘Client Hello’ arrived with SNI extension), the request is dropped.
Default value: NO Possible values = YES, NO |
snihttphostmatch |
|
Read-write | Controls how the HTTP ‘Host’ header value is validated. These checks are performed only if the session is SNI enabled (i.e when vserver or profile bound to vserver has SNI enabled and ‘Client Hello’ arrived with SNI extension) and HTTP request contains ‘Host’ header. Available settings function as follows CERT - Request is forwarded if the ‘Host’ value is covered by the certificate used to establish this SSL session. Note: ‘CERT’ matching mode cannot be applied in TLS 1.3 connections established by resuming from a previous TLS 1.3 session. On these connections, ‘STRICT’ matching mode will be used instead. STRICT - Request is forwarded only if value of ‘Host’ header in HTTP is identical to the ‘Server name’ value passed in ‘Client Hello’ of the SSL connection. NO - No validation is performed on the HTTP ‘Host’ header value. Default value: CERT Possible values = NO, CERT, STRICT |
pushenctriggertimeout |
|
Read-write | PUSH encryption trigger timeout value. The timeout value is applied only if you set the Push Encryption Trigger parameter to Timer in the SSL virtual server settings.
Default value: 1 Minimum value = 1 Maximum value = 200 |
ssltriggertimeout |
|
Read-write | Time, in milliseconds, after which encryption is triggered for transactions that are not tracked on the Citrix ADC because their length is not known. There can be a delay of up to 10ms from the specified timeout value before the packet is pushed into the queue.
Default value: 100 Minimum value = 1 Maximum value = 200 |
clientauthuseboundcachain |
|
Read-write | Certficates bound on the VIP are used for validating the client cert. Certficates came along with client cert are not used for validating the client cert.
Default value: DISABLED Possible values = ENABLED, DISABLED |
sslinterception |
|
Read-write | Enable or disable transparent interception of SSL sessions.
Default value: DISABLED Possible values = ENABLED, DISABLED |
sslireneg |
|
Read-write | Enable or disable triggering the client renegotiation when renegotiation request is received from the origin server.
Default value: ENABLED Possible values = ENABLED, DISABLED |
ssliocspcheck |
|
Read-write | Enable or disable OCSP check for origin server certificate.
Default value: ENABLED Possible values = ENABLED, DISABLED |
sslimaxsessperserver |
|
Read-write | Maximum ssl session to be cached per dynamic origin server. A unique ssl session is created for each SNI received from the client on ClientHello and the matching session is used for server session reuse.
Default value: 10 Minimum value = 1 Maximum value = 1000 |
sessionticket |
|
Read-write | This option enables the use of session tickets, as per the RFC 5077.
Default value: DISABLED Possible values = ENABLED, DISABLED |
sessionticketlifetime |
|
Read-write | This option sets the life time of session tickets issued by NS in secs.
Default value: 300 Minimum value = 0 Maximum value = 172800 |
sessionticketkeyrefresh |
|
Read-write | This option enables the use of session tickets, as per the RFC 5077.
Default value: ENABLED Possible values = ENABLED, DISABLED |
sessionticketkeydata |
|
Read-write | Session ticket enc/dec key , admin can set it. |
sessionkeylifetime |
|
Read-write | This option sets the life time of symm key used to generate session tickets issued by NS in secs.
Default value: 3000 Minimum value = 600 Maximum value = 86400 |
prevsessionkeylifetime |
|
Read-write | This option sets the life time of symm key used to generate session tickets issued by NS in secs.
Default value: 0 Minimum value = 0 Maximum value = 172800 |
hsts |
|
Read-write | State of HSTS protocol support for the SSL profile. Using HSTS, a server can enforce the use of an HTTPS connection for all communication with a client.
Default value: DISABLED Possible values = ENABLED, DISABLED |
maxage |
|
Read-write | Set the maximum time, in seconds, in the strict transport security (STS) header during which the client must send only HTTPS requests to the server.
Default value: 0 Minimum value = 0 Maximum value = 4294967294 |
includesubdomains |
|
Read-write | Enable HSTS for subdomains. If set to Yes, a client must send only HTTPS requests for subdomains.
Default value: NO Possible values = YES, NO |
preload |
|
Read-write | Flag indicates the consent of the site owner to have their domain preloaded.
Default value: NO Possible values = YES, NO |
skipclientcertpolicycheck |
|
Read-write | This flag controls the processing of X509 certificate policies. If this option is Enabled, then the policy check in Client authentication will be skipped. This option can be used only when Client Authentication is Enabled and ClientCert is set to Mandatory.
Default value: DISABLED Possible values = ENABLED, DISABLED |
zerorttearlydata |
|
Read-write | State of TLS 1.3 0-RTT early data support for the SSL Virtual Server. This setting only has an effect if resumption is enabled, as early data cannot be sent along with an initial handshake.
Early application data has significantly different security properties - in particular there is no guarantee that the data cannot be replayed. Default value: DISABLED Possible values = ENABLED, DISABLED |
tls13sessionticketsperauthcontext |
|
Read-write | Number of tickets the SSL Virtual Server will issue anytime TLS 1.3 is negotiated, ticket-based resumption is enabled, and either (1) a handshake completes or (2) post-handhsake client auth completes.
This value can be increased to enable clients to open multiple parallel connections using a fresh ticket for each connection. No tickets are sent if resumption is disabled. Default value: 1 Minimum value = 1 Maximum value = 10 |
dhekeyexchangewithpsk |
|
Read-write | Whether or not the SSL Virtual Server will require a DHE key exchange to occur when a PSK is accepted during a TLS 1.3 resumption handshake.
A DHE key exchange ensures forward secrecy even in the event that ticket keys are compromised, at the expense of an additional round trip and resources required to carry out the DHE key exchange. If disabled, a DHE key exchange will be performed when a PSK is accepted but only if requested by the client. If enabled, the server will require a DHE key exchange when a PSK is accepted regardless of whether the client supports combined PSK-DHE key exchange. This setting only has an effect when resumption is enabled. Default value: NO Possible values = YES, NO |
allowextendedmastersecret |
|
Read-write | When set to YES, attempt to use the TLS Extended Master Secret (EMS, as
described in RFC 7627) when negotiating TLS 1.0, TLS 1.1 and TLS 1.2 connection parameters. EMS must be supported by both the TLS client and server in order to be enabled during a handshake. This setting applies to both frontend and backend SSL profiles. Default value: NO Possible values = YES, NO |
alpnprotocol |
|
Read-write | Protocol to negotiate with client and then send as part of the ALPN extension in the server hello message. Possible values are HTTP1.1, HTTP2 and NONE. Default is none i.e. ALPN extension will not be sent. This parameter is relevant only if ssl connection is handled by the virtual server of type SSL_TCP. This parameter has no effect if TLSv1.3 is negotiated.
Default value: NONE Possible values = NONE, HTTP1.1, HTTP2 |
ciphername |
|
Read-write | The cipher group/alias/individual cipher configuration. |
cipherpriority |
|
Read-write | cipher priority.
Minimum value = 1 |
strictsigdigestcheck |
|
Read-write | Parameter indicating to check whether peer entity certificate during TLS1.2 handshake is signed with one of signature-hash combination supported by Citrix ADC.
Default value: DISABLED Possible values = ENABLED, DISABLED |
nonfipsciphers |
|
Read-only | State of usage of ciphers that are not FIPS approved. Valid only for an SSL service bound with a FIPS key and certificate.
Default value: DISABLED Possible values = ENABLED, DISABLED |
crlcheck |
|
Read-only | The state of the CRL check parameter. (Mandatory/Optional).
Possible values = Mandatory, Optional |
ocspcheck |
|
Read-only | The state of the OCSP check parameter. (Mandatory/Optional).
Possible values = Mandatory, Optional |
snicert |
|
Read-only | The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing. |
skipcaname |
|
Read-only | The flag is used to indicate whether this
particular CA certificate’s CA_Name needs to be sent to the SSL client while requesting for client certificate in a SSL handshake. |
invoke |
|
Read-only | Invoke flag. This attribute is relevant only for ADVANCED policies. |
labeltype |
|
Read-only | Type of policy label invocation.
Possible values = vserver, service, policylabel |
service |
|
Read-only | Service. |
builtin | <String[]> | Read-only | Flag to determine whether ssl profile is built-in or not.
Possible values = MODIFIABLE, DELETABLE, IMMUTABLE, PARTITION_ALL |
feature |
|
Read-only | The feature to be checked while applying this config. |
sslpfobjecttype |
|
Read-only | Internal flag to indicate what type of object binds this profile: monitor or service. |
ssliverifyservercertforreuse |
|
Read-only | Verify the origin server’s certificate before reusing the front-end SSL session. Making it hidden since we always verify for now.
Default value: ENABLED Possible values = ENABLED, DISABLED |
__count |
|
Read-only | count parameter |
Operations
(click to see Properties )
- ADD
- DELETE
- UPDATE
- UNSET
- GET (ALL)
- GET
- COUNT
Some options that you can use for each operations:
-
Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:
http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes
If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.
-
Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,
To do this, you must specify the username and password in the request header of the NITRO request as follows:
X-NITRO-USER: <username>
X-NITRO-PASS: <password>
Note: In such cases, make sure that the request header DOES not include the following:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
*Note:
*
Mandatory parameters are marked in red and placeholder content is marked in green
add
URL: http:// <netscaler-ip-address> /nitro/v1/config/sslprofile
HTTP Method: POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"sslprofile":{
<b> "name":<String_value>,
</b> "sslprofiletype":<String_value>,
"ssllogprofile":<String_value>,
"dhcount":<Double_value>,
"dh":<String_value>,
"dhfile":<String_value>,
"ersa":<String_value>,
"ersacount":<Double_value>,
"sessreuse":<String_value>,
"sesstimeout":<Double_value>,
"cipherredirect":<String_value>,
"cipherurl":<String_value>,
"clientauth":<String_value>,
"clientcert":<String_value>,
"dhkeyexpsizelimit":<String_value>,
"sslredirect":<String_value>,
"redirectportrewrite":<String_value>,
"ssl3":<String_value>,
"tls1":<String_value>,
"tls11":<String_value>,
"tls12":<String_value>,
"tls13":<String_value>,
"snienable":<String_value>,
"ocspstapling":<String_value>,
"serverauth":<String_value>,
"commonname":<String_value>,
"pushenctrigger":<String_value>,
"sendclosenotify":<String_value>,
"cleartextport":<Integer_value>,
"insertionencoding":<String_value>,
"denysslreneg":<String_value>,
"quantumsize":<String_value>,
"strictcachecks":<String_value>,
"encrypttriggerpktcount":<Double_value>,
"pushflag":<Double_value>,
"dropreqwithnohostheader":<String_value>,
"snihttphostmatch":<String_value>,
"pushenctriggertimeout":<Double_value>,
"ssltriggertimeout":<Double_value>,
"clientauthuseboundcachain":<String_value>,
"sslinterception":<String_value>,
"sslireneg":<String_value>,
"ssliocspcheck":<String_value>,
"sslimaxsessperserver":<Double_value>,
"sessionticket":<String_value>,
"sessionticketlifetime":<Double_value>,
"sessionticketkeyrefresh":<String_value>,
"sessionticketkeydata":<String_value>,
"sessionkeylifetime":<Double_value>,
"prevsessionkeylifetime":<Double_value>,
"hsts":<String_value>,
"maxage":<Double_value>,
"includesubdomains":<String_value>,
"preload":<String_value>,
"skipclientcertpolicycheck":<String_value>,
"zerorttearlydata":<String_value>,
"tls13sessionticketsperauthcontext":<Double_value>,
"dhekeyexchangewithpsk":<String_value>,
"allowextendedmastersecret":<String_value>,
"alpnprotocol":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 201 Created
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
delete
URL: http:// <netscaler-ip-address> /nitro/v1/config/sslprofile/ name_value<String>
HTTP Method: DELETE
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
update
URL: http:// <netscaler-ip-address> /nitro/v1/config/sslprofile
HTTP Method: PUT
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"sslprofile":{
<b> "name":<String_value>,
</b> "ssllogprofile":<String_value>,
"dh":<String_value>,
"dhfile":<String_value>,
"dhcount":<Double_value>,
"dhkeyexpsizelimit":<String_value>,
"ersa":<String_value>,
"ersacount":<Double_value>,
"sessreuse":<String_value>,
"sesstimeout":<Double_value>,
"cipherredirect":<String_value>,
"cipherurl":<String_value>,
"clientauth":<String_value>,
"clientcert":<String_value>,
"sslredirect":<String_value>,
"redirectportrewrite":<String_value>,
"ssl3":<String_value>,
"tls1":<String_value>,
"tls11":<String_value>,
"tls12":<String_value>,
"tls13":<String_value>,
"snienable":<String_value>,
"ocspstapling":<String_value>,
"serverauth":<String_value>,
"commonname":<String_value>,
"pushenctrigger":<String_value>,
"sendclosenotify":<String_value>,
"cleartextport":<Integer_value>,
"insertionencoding":<String_value>,
"denysslreneg":<String_value>,
"quantumsize":<String_value>,
"strictcachecks":<String_value>,
"encrypttriggerpktcount":<Double_value>,
"pushflag":<Double_value>,
"dropreqwithnohostheader":<String_value>,
"snihttphostmatch":<String_value>,
"pushenctriggertimeout":<Double_value>,
"ssltriggertimeout":<Double_value>,
"clientauthuseboundcachain":<String_value>,
"sslinterception":<String_value>,
"sslireneg":<String_value>,
"ssliocspcheck":<String_value>,
"sslimaxsessperserver":<Double_value>,
"hsts":<String_value>,
"maxage":<Double_value>,
"includesubdomains":<String_value>,
"preload":<String_value>,
"sessionticket":<String_value>,
"sessionticketlifetime":<Double_value>,
"sessionticketkeyrefresh":<String_value>,
"sessionticketkeydata":<String_value>,
"sessionkeylifetime":<Double_value>,
"prevsessionkeylifetime":<Double_value>,
"ciphername":<String_value>,
"cipherpriority":<Double_value>,
"strictsigdigestcheck":<String_value>,
"skipclientcertpolicycheck":<String_value>,
"zerorttearlydata":<String_value>,
"tls13sessionticketsperauthcontext":<Double_value>,
"dhekeyexchangewithpsk":<String_value>,
"allowextendedmastersecret":<String_value>,
"alpnprotocol":<String_value>
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
unset
URL: http:// <netscaler-ip-address> /nitro/v1/config/sslprofile? action=unset
HTTP Method: POST
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Content-Type:application/json
Request Payload:
{"sslprofile":{
<b> "name":<String_value>,
</b> "ssllogprofile":true,
"dh":true,
"dhfile":true,
"dhcount":true,
"dhkeyexpsizelimit":true,
"ersa":true,
"ersacount":true,
"sessreuse":true,
"sesstimeout":true,
"cipherredirect":true,
"cipherurl":true,
"clientauth":true,
"clientcert":true,
"sslredirect":true,
"redirectportrewrite":true,
"ssl3":true,
"tls1":true,
"tls11":true,
"tls12":true,
"tls13":true,
"snienable":true,
"ocspstapling":true,
"serverauth":true,
"commonname":true,
"pushenctrigger":true,
"sendclosenotify":true,
"cleartextport":true,
"insertionencoding":true,
"denysslreneg":true,
"quantumsize":true,
"strictcachecks":true,
"encrypttriggerpktcount":true,
"pushflag":true,
"dropreqwithnohostheader":true,
"snihttphostmatch":true,
"pushenctriggertimeout":true,
"ssltriggertimeout":true,
"clientauthuseboundcachain":true,
"sslinterception":true,
"sslireneg":true,
"ssliocspcheck":true,
"sslimaxsessperserver":true,
"hsts":true,
"maxage":true,
"includesubdomains":true,
"preload":true,
"sessionticket":true,
"sessionticketlifetime":true,
"sessionticketkeyrefresh":true,
"sessionticketkeydata":true,
"sessionkeylifetime":true,
"prevsessionkeylifetime":true,
"ciphername":true,
"cipherpriority":true,
"strictsigdigestcheck":true,
"skipclientcertpolicycheck":true,
"zerorttearlydata":true,
"tls13sessionticketsperauthcontext":true,
"dhekeyexchangewithpsk":true,
"allowextendedmastersecret":true,
"alpnprotocol":true
}}
<!--NeedCopy-->
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
get (all)
URL: http:// <netscaler-ip-address> /nitro/v1/config/sslprofile
Query-parameters:
attrs
http:// <netscaler-ip-address> /nitro/v1/config/sslprofile? attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
filter
http:// <netscaler-ip-address> /nitro/v1/config/sslprofile? filter=property-name1:property-val1,property-name2:property-val2
Use this query-parameter to get the filtered set of sslprofile resources configured on NetScaler.Filtering can be done on any of the properties of the resource.
view
http:// <netscaler-ip-address> /nitro/v1/config/sslprofile? view=summary
Use this query-parameter to get the summary output of sslprofile resources configured on NetScaler.
Note: By default, the retrieved results are displayed in detail view (?view=detail).
pagination
http:// <netscaler-ip-address> /nitro/v1/config/sslprofile? pagesize=#no;pageno=#no
Use this query-parameter to get the sslprofile resources in chunks.
HTTP Method: GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Accept:application/json
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
Response Header:
Content-Type:application/json
Response Payload:
{ "sslprofile": [ {
"name":<String_value>,
"dh":<String_value>,
"dhfile":<String_value>,
"dhcount":<Double_value>,
"dhkeyexpsizelimit":<String_value>,
"ersa":<String_value>,
"ersacount":<Double_value>,
"sessreuse":<String_value>,
"sesstimeout":<Double_value>,
"cipherredirect":<String_value>,
"cipherurl":<String_value>,
"clientauth":<String_value>,
"clientcert":<String_value>,
"sslredirect":<String_value>,
"redirectportrewrite":<String_value>,
"nonfipsciphers":<String_value>,
"ssl3":<String_value>,
"tls1":<String_value>,
"tls11":<String_value>,
"tls12":<String_value>,
"tls13":<String_value>,
"snienable":<String_value>,
"ocspstapling":<String_value>,
"serverauth":<String_value>,
"commonname":<String_value>,
"pushenctrigger":<String_value>,
"sendclosenotify":<String_value>,
"cleartextport":<Integer_value>,
"insertionencoding":<String_value>,
"denysslreneg":<String_value>,
"quantumsize":<String_value>,
"strictcachecks":<String_value>,
"encrypttriggerpktcount":<Double_value>,
"pushflag":<Double_value>,
"dropreqwithnohostheader":<String_value>,
"snihttphostmatch":<String_value>,
"pushenctriggertimeout":<Double_value>,
"ssltriggertimeout":<Double_value>,
"cipherpriority":<Double_value>,
"ciphername":<String_value>,
"crlcheck":<String_value>,
"ocspcheck":<String_value>,
"snicert":<Boolean_value>,
"skipcaname":<Boolean_value>,
"invoke":<Boolean_value>,
"labeltype":<String_value>,
"sslprofiletype":<String_value>,
"clientauthuseboundcachain":<String_value>,
"ssllogprofile":<String_value>,
"service":<Double_value>,
"builtin":<String[]_value>,
"feature":<String_value>,
"sslpfobjecttype":<Double_value>,
"sslinterception":<String_value>,
"ssliverifyservercertforreuse":<String_value>,
"sslireneg":<String_value>,
"ssliocspcheck":<String_value>,
"sslimaxsessperserver":<Double_value>,
"sessionticket":<String_value>,
"sessionticketlifetime":<Double_value>,
"sessionticketkeyrefresh":<String_value>,
"sessionticketkeydata":<String_value>,
"sessionkeylifetime":<Double_value>,
"prevsessionkeylifetime":<Double_value>,
"hsts":<String_value>,
"maxage":<Double_value>,
"includesubdomains":<String_value>,
"preload":<String_value>,
"strictsigdigestcheck":<String_value>,
"skipclientcertpolicycheck":<String_value>,
"zerorttearlydata":<String_value>,
"tls13sessionticketsperauthcontext":<Double_value>,
"dhekeyexchangewithpsk":<String_value>,
"allowextendedmastersecret":<String_value>,
"alpnprotocol":<String_value>
}]}
<!--NeedCopy-->
get
URL: http:// <netscaler-ip-address> /nitro/v1/config/sslprofile/ name_value<String>
Query-parameters:
attrs
http:// <netscaler-ip-address> /nitro/v1/config/sslprofile/ name_value<String> ? attrs=property-name1,property-name2
Use this query parameter to specify the resource details that you want to retrieve.
view
http:// <netscaler-ip-address> /nitro/v1/config/sslprofile/ name_value<String> ? view=summary
Use this query-parameter to get the summary output of sslprofile resources configured on NetScaler.
Note: By default, the retrieved results are displayed in detail view (?view=detail).
HTTP Method: GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Accept:application/json
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
Response Header:
Content-Type:application/json
Response Payload:
{ "sslprofile": [ {
"name":<String_value>,
"dh":<String_value>,
"dhfile":<String_value>,
"dhcount":<Double_value>,
"dhkeyexpsizelimit":<String_value>,
"ersa":<String_value>,
"ersacount":<Double_value>,
"sessreuse":<String_value>,
"sesstimeout":<Double_value>,
"cipherredirect":<String_value>,
"cipherurl":<String_value>,
"clientauth":<String_value>,
"clientcert":<String_value>,
"sslredirect":<String_value>,
"redirectportrewrite":<String_value>,
"nonfipsciphers":<String_value>,
"ssl3":<String_value>,
"tls1":<String_value>,
"tls11":<String_value>,
"tls12":<String_value>,
"tls13":<String_value>,
"snienable":<String_value>,
"ocspstapling":<String_value>,
"serverauth":<String_value>,
"commonname":<String_value>,
"pushenctrigger":<String_value>,
"sendclosenotify":<String_value>,
"cleartextport":<Integer_value>,
"insertionencoding":<String_value>,
"denysslreneg":<String_value>,
"quantumsize":<String_value>,
"strictcachecks":<String_value>,
"encrypttriggerpktcount":<Double_value>,
"pushflag":<Double_value>,
"dropreqwithnohostheader":<String_value>,
"snihttphostmatch":<String_value>,
"pushenctriggertimeout":<Double_value>,
"ssltriggertimeout":<Double_value>,
"cipherpriority":<Double_value>,
"ciphername":<String_value>,
"crlcheck":<String_value>,
"ocspcheck":<String_value>,
"snicert":<Boolean_value>,
"skipcaname":<Boolean_value>,
"invoke":<Boolean_value>,
"labeltype":<String_value>,
"sslprofiletype":<String_value>,
"clientauthuseboundcachain":<String_value>,
"ssllogprofile":<String_value>,
"service":<Double_value>,
"builtin":<String[]_value>,
"feature":<String_value>,
"sslpfobjecttype":<Double_value>,
"sslinterception":<String_value>,
"ssliverifyservercertforreuse":<String_value>,
"sslireneg":<String_value>,
"ssliocspcheck":<String_value>,
"sslimaxsessperserver":<Double_value>,
"sessionticket":<String_value>,
"sessionticketlifetime":<Double_value>,
"sessionticketkeyrefresh":<String_value>,
"sessionticketkeydata":<String_value>,
"sessionkeylifetime":<Double_value>,
"prevsessionkeylifetime":<Double_value>,
"hsts":<String_value>,
"maxage":<Double_value>,
"includesubdomains":<String_value>,
"preload":<String_value>,
"strictsigdigestcheck":<String_value>,
"skipclientcertpolicycheck":<String_value>,
"zerorttearlydata":<String_value>,
"tls13sessionticketsperauthcontext":<Double_value>,
"dhekeyexchangewithpsk":<String_value>,
"allowextendedmastersecret":<String_value>,
"alpnprotocol":<String_value>
}]}
<!--NeedCopy-->
count
URL: http:// <netscaler-ip-address> /nitro/v1/config/sslprofile? count=yes
HTTP Method: GET
Request Headers:
Cookie:NITRO_AUTH_TOKEN= <tokenvalue>
Accept:application/json
Response:
HTTP Status Code on Success: 200 OK
HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error
Response Header:
Content-Type:application/json
Response Payload:
{ "sslprofile": [ { "__count": "#no"} ] }
<!--NeedCopy-->
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.