Kari Ruissalo Posted November 7, 2022 Share Posted November 7, 2022 If I run the Nitro Client on a recent NetScaler build (13.1 build 27.59) the feature in the topic still reports "operation under construction !!!!! Please try different operation".We're trying to find a way to automate the NetScaler certificate update process with Ansible, but we would first need to be able to create an RSA key on the box, then a CSR and post it to the Public CAs services.The only way we seem to be able to do this currently would be to run the openssl commands via SSH which is not optimal. Also, getting the RSA key based authentication seems to work quite randomly (we followed this instruction -> https://support.citrix.com/article/CTX109011/how-to-secure-ssh-access-to-the-netscaler-appliance-with-public-key-authentication).We also have ADM service so we could run some of the bits via that one.There was some buzz about the Venafi integration (https://www.citrix.com/blogs/2021/03/22/automate-ssl-certificate-lifecycle-with-citrix-adm-and-venafi-integration/) back in the days, but I haven't heard of that for a while, any experiences on this one? Link to comment Share on other sites More sharing options...
Richard Faulkner Posted November 21, 2022 Share Posted November 21, 2022 The problem with automating the SSL keys is just what you mentioned. You have to go to the shell, and not the NetScaler CLI in order to do any work on the certificates (OpenSSL). The RestAPI commands all line up with NetScaler CLI commands and the RestAPIs exist in the NetScaler portion, not the shell. I will reach out to the product team and see if this is something they are working on coding into the product. Link to comment Share on other sites More sharing options...
Isha Khurana Posted November 30, 2022 Share Posted November 30, 2022 Yes, the SSL Cert lifecycle automation is supported only through Venafi in ADM Service. Link to comment Share on other sites More sharing options...
Ramanuj Kumar Posted February 2, 2023 Share Posted February 2, 2023 Yes, SSL Cert lifecycle management is supported via Venafi integration in ADM Service. Below are few links, which can help you to look further:https://docs.citrix.com/en-us/citrix-application-delivery-management-service/application-analytics-and-management/dashboard/automate-ssl-management.html https://venafi.com/blog/automate-ssl-certificates-citrix-adm-service-and-venafi-integration/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now