ssl action¶
The following operations can be performed on "ssl action":
add ssl action¶
Creates a new SSL action. An SSL action defines SSL settings that you can apply to the selected requests. You associate an action with one or more policies. Data in client connection requests or responses is compared to a rule (expression) specified in the policy, and the action is applied to connections that match the rule.
Synopsys¶
add ssl action <name> [-clientAuth ( DOCLIENTAUTH | NOCLIENTAUTH )] [-clientCert ( ENABLED | DISABLED ) -certHeader <string>] [-clientCertSerialNumber ( ENABLED | DISABLED ) -certSerialHeader <string>] [-clientCertSubject ( ENABLED | DISABLED ) -certSubjectHeader <string>] [-clientCertHash ( ENABLED | DISABLED ) -certHashHeader <string>] [-clientCertIssuer ( ENABLED | DISABLED ) -certIssuerHeader <string>] [-sessionID ( ENABLED | DISABLED ) -sessionIDHeader <string>] [-cipher ( ENABLED | DISABLED ) -cipherHeader <string>] [-clientCertNotBefore ( ENABLED | DISABLED ) -certNotBeforeHeader <string>] [-clientCertNotAfter ( ENABLED | DISABLED ) -certNotAfterHeader <string>] [-OWASupport ( ENABLED | DISABLED )]
Arguments¶
name
Name for the SSL action. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the action is created.
The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
clientAuth
Perform client certificate authentication.
Possible values: DOCLIENTAUTH, NOCLIENTAUTH
clientCert
Insert the entire client certificate into the HTTP header of the request being sent to the web server. The certificate is inserted in ASCII (PEM) format.
Possible values: ENABLED, DISABLED
certHeader
Name of the header into which to insert the client certificate.
clientCertSerialNumber
Insert the entire client serial number into the HTTP header of the request being sent to the web server.
Possible values: ENABLED, DISABLED
certSerialHeader
Name of the header into which to insert the client serial number.
clientCertSubject
Insert the client certificate subject, also known as the distinguished name (DN), into the HTTP header of the request being sent to the web server.
Possible values: ENABLED, DISABLED
certSubjectHeader
Name of the header into which to insert the client certificate subject.
clientCertHash
Insert the certificate signature (hash) into the HTTP header of the request being sent to the web server.
Possible values: ENABLED, DISABLED
certHashHeader
Name of the header into which to insert the client certificate signature (hash).
clientCertIssuer
Insert the certificate issuer details into the HTTP header of the request being sent to the web server.
Possible values: ENABLED, DISABLED
certIssuerHeader
Name of the header into which to insert the client certificate issuer details.
sessionID
Insert the SSL session ID into the HTTP header of the request being sent to the web server. Every SSL connection that the client and the NetScaler share has a unique ID that identifies the specific connection.
Possible values: ENABLED, DISABLED
sessionIDHeader
Name of the header into which to insert the Session ID.
cipher
Insert the cipher suite that the client and the NetScaler appliance negotiated for the SSL session into the HTTP header of the request being sent to the web server. The appliance inserts the cipher-suite name, SSL protocol, export or non-export string, and cipher strength bit, depending on the type of browser connecting to the SSL virtual server or service (for example, Cipher-Suite: RC4- MD5 SSLv3 Non-Export 128-bit).
Possible values: ENABLED, DISABLED
cipherHeader
Name of the header into which to insert the name of the cipher suite.
clientCertNotBefore
Insert the date from which the certificate is valid into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time from which it is valid.
Possible values: ENABLED, DISABLED
certNotBeforeHeader
Name of the header into which to insert the date and time from which the certificate is valid.
clientCertNotAfter
Insert the date of expiry of the certificate into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time at which the certificate expires.
Possible values: ENABLED, DISABLED
certNotAfterHeader
Name of the header into which to insert the certificate's expiry date.
OWASupport
If the appliance is in front of an Outlook Web Access (OWA) server, insert a special header field, FRONT-END-HTTPS: ON, into the HTTP requests going to the OWA server. This header communicates to the server that the transaction is HTTPS and not HTTP.
Possible values: ENABLED, DISABLED
Example¶
add ssl action certInsert_act -clientCert ENABLED -certHeader CERT
rm ssl action¶
Removes the specified SSL action.
Synopsys¶
rm ssl action <name>
Arguments¶
name
Name of the SSL action to remove.
Example¶
rm ssl action certInsert_act
show ssl action¶
Displays information about all the SSL actions configured on the appliance, or displays detailed information about the specified SSL action.
Synopsys¶
show ssl action [<name>]
Arguments¶
name
Name of the SSL action for which to show detailed information.
Outputs¶
stateflag
clientAuth
Perform client certificate authentication.
clientCert
Insert the entire client certificate into the HTTP header of the request being sent to the web server. The certificate is inserted in ASCII (PEM) format.
certHeader
clientCertSerialNumber
Insert the entire client serial number into the HTTP header of the request being sent to the web server.
certSerialHeader
clientCertSubject
Insert the client certificate subject, also known as the distinguished name (DN), into the HTTP header of the request being sent to the web server.
certSubjectHeader
clientCertHash
Insert the certificate signature (hash) into the HTTP header of the request being sent to the web server.
certHashHeader
clientCertIssuer
Insert the certificate issuer details into the HTTP header of the request being sent to the web server.
certIssuerHeader
sessionID
Insert the SSL session ID into the HTTP header of the request being sent to the web server. Every SSL connection that the client and the NetScaler share has a unique ID that identifies the specific connection.
sessionIDHeader
cipher
Insert the cipher suite that the client and the NetScaler appliance negotiated for the SSL session into the HTTP header of the request being sent to the web server. The appliance inserts the cipher-suite name, SSL protocol, export or non-export string, and cipher strength bit, depending on the type of browser connecting to the SSL virtual server or service (for example, Cipher-Suite: RC4- MD5 SSLv3 Non-Export 128-bit).
cipherHeader
OWASupport
If the appliance is in front of an Outlook Web Access (OWA) server, insert a special header field, FRONT-END-HTTPS: ON, into the HTTP requests going to the OWA server. This header communicates to the server that the transaction is HTTPS and not HTTP.
clientCertNotBefore
Insert the date from which the certificate is valid into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time from which it is valid.
certNotBeforeHeader
clientCertNotAfter
Insert the date of expiry of the certificate into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time at which the certificate expires.
certNotAfterHeader
hits
The number of times the action has been taken.
undefHits
The number of times the action resulted in UNDEF.
referenceCount
The number of references to the action.
description
Description of the action
flags
builtin
Flag to determine whether ssl action is built-in or not
devno
count
Example¶
show ssl action1 Configured SSL action:1) Name: certInsert_act Data Insertion Action: Cert Header: ENABLED Cert Tag: CERT