Retrieve expiry information about SSL certificates in a Citrix ADC VPX Appliance

A typical deployment of a Citrix ADC appliance contains multiple load balancing configurations that process SSL transactions. SSL certificates bound to these configurations can expire at different times. You can retrieve the expiry information about SSL certificates in a Citrix ADC VPX Appliance. The expiry information helps you in renewing the SSL certificates on time.

Before you begin

Before youretrieve expiry information about SSL certificates in a Citrix ADC VPX Appliance, make sure that:

  • You have deployed a Citrix ADC VPX appliance and the appliance is UP and running in your setup. For more information, see Deploy a Citrix ADC VPX instance.

  • You have a basic understanding of SSL certificates in a Citrix ADC appliance. For more information, see: SSL certificates.

Steps to retrieve expiry information about SSL certificates in a Citrix ADC VPX Appliance

You use the sslcertkey NITRO API object to retrieve expiry information about the SSL certificates in a Citrix ADC appliance.

The Citrix ADC appliance responds with the following expiry information along with other details about SSL certificates in the appliance:

  • daystoexpiration. This attribute represents thedays remaining for a SSL certificate to expire.

For more information about the sslcertkey object and its properties, see Citrix NITRO API reference for sslcertkey.

Request components

Request field Value
HTTP Method GET
URL http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslcertkey
or
http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslcertkey?attrs=certkey,cert,key,daystoexpiration
Request Headers Content-Type: application/json

Curl request

Use the following curl command syntax to retrieve detailed information about SSL certificates in a Citrix ADC appliance:

curl -X GET -H "Content-Type: application/json" -u <username>:<examplepassword> http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslcertkey

Use the following curl command syntax to retrieve only the expiry information about SSL certificates in a Citrix ADC appliance:

curl -X GET -H "Content-Type: application/json" -u nsroot:examplepassword http://<Citrix-ADC-IP-address(NSIP)>/nitro/v1/config/sslcertkey?attrs=certkey,cert,key,daystoexpiration

Example

Example description Curl request Response payload
Retrieve only the expiry information about SSL certificates in a Citrix ADC appliance, which has Citrix ADC IP address (NSIP) of 192.0.0.33. curl -X GET -H "Content-Type: application/json" -u nsroot:examplepassword http://192.0.0.33/nitro/v1/config/sslcertkey?attrs=certkey,cert,key,daystoexpiration {
“errorcode”: 0,
“message”: “Done”,
“severity”: “NONE”,
“sslcertkey”: [
{
“certkey”: “ns-server-certificate”,
“cert”: “ns-server.cert”,
“key”: “ns-server.key”,
“daystoexpiration”: 5509
},
{
“certkey”: “serverrsa_2048”,
“cert”: “complete/server/server_rsa_2048.pem”,
“key”: “complete/server/server_rsa_2048.ky”,
“daystoexpiration”: 5652
}
]
}
Retrieve expiry information about SSL certificates in a Citrix ADC VPX Appliance