netscaler.adc.sslaction module – Configuration for SSL action resource.

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.sslaction.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for SSL action resource.

Parameters

Parameter

Comments

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

cacertgrpname

string

This action will allow to pick CA(s) from the specific CA group, to verify the client certificate.

certfingerprintdigest

string

Digest algorithm used to compute the fingerprint of the client certificate.

Choices:

  • "SHA1"

  • "SHA224"

  • "SHA256"

  • "SHA384"

  • "SHA512"

certfingerprintheader

string

Name of the header into which to insert the client certificate fingerprint.

certhashheader

string

Name of the header into which to insert the client certificate signature (hash).

certheader

string

Name of the header into which to insert the client certificate.

certissuerheader

string

Name of the header into which to insert the client certificate issuer details.

certnotafterheader

string

Name of the header into which to insert the certificate’s expiry date.

certnotbeforeheader

string

Name of the header into which to insert the date and time from which the certificate is valid.

certserialheader

string

Name of the header into which to insert the client serial number.

certsubjectheader

string

Name of the header into which to insert the client certificate subject.

cipher

string

Insert the cipher suite that the client and the Citrix ADC negotiated for the SSL session into the HTTP header of the request being sent to the web server. The appliance inserts the cipher-suite name, SSL protocol, export or non-export string, and cipher strength bit, depending on the type of browser connecting to the SSL virtual server or service (for example, Cipher-Suite: RC4- MD5 SSLv3 Non-Export 128-bit).

Choices:

  • "ENABLED"

  • "DISABLED"

cipherheader

string

Name of the header into which to insert the name of the cipher suite.

clientauth

string

Perform client certificate authentication.

Choices:

  • "DOCLIENTAUTH"

  • "NOCLIENTAUTH"

clientcert

string

Insert the entire client certificate into the HTTP header of the request being sent to the web server. The certificate is inserted in ASCII (PEM) format.

Choices:

  • "ENABLED"

  • "DISABLED"

clientcertfingerprint

string

Insert the certificate’s fingerprint into the HTTP header of the request being sent to the web server. The fingerprint is derived by computing the specified hash value (SHA256, for example) of the DER-encoding of the client certificate.

Choices:

  • "ENABLED"

  • "DISABLED"

clientcerthash

string

Insert the certificate’s signature into the HTTP header of the request being sent to the web server. The signature is the value extracted directly from the X.509 certificate signature field. All X.509 certificates contain a signature field.

Choices:

  • "ENABLED"

  • "DISABLED"

clientcertissuer

string

Insert the certificate issuer details into the HTTP header of the request being sent to the web server.

Choices:

  • "ENABLED"

  • "DISABLED"

clientcertnotafter

string

Insert the date of expiry of the certificate into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time at which the certificate expires.

Choices:

  • "ENABLED"

  • "DISABLED"

clientcertnotbefore

string

Insert the date from which the certificate is valid into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time from which it is valid.

Choices:

  • "ENABLED"

  • "DISABLED"

clientcertserialnumber

string

Insert the entire client serial number into the HTTP header of the request being sent to the web server.

Choices:

  • "ENABLED"

  • "DISABLED"

clientcertsubject

string

Insert the client certificate subject, also known as the distinguished name (DN), into the HTTP header of the request being sent to the web server.

Choices:

  • "ENABLED"

  • "DISABLED"

clientcertverification

string

Client certificate verification is mandatory or optional.

Choices:

  • "Mandatory"

  • "Optional"

forward

string

This action takes an argument a vserver name, to this vserver one will be able to forward all the packets.

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

name

string

Name for the SSL action. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the action is created.

The following requirement applies only to the Citrix ADC CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my action” or ‘my action’).

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

owasupport

string

If the appliance is in front of an Outlook Web Access (OWA) server, insert a special header field, FRONT-END-HTTPS: ON, into the HTTP requests going to the OWA server. This header communicates to the server that the transaction is HTTPS and not HTTP.

Choices:

  • "ENABLED"

  • "DISABLED"

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

sessionid

string

Insert the SSL session ID into the HTTP header of the request being sent to the web server. Every SSL connection that the client and the Citrix ADC share has a unique ID that identifies the specific connection.

Choices:

  • "ENABLED"

  • "DISABLED"

sessionidheader

string

Name of the header into which to insert the Session ID.

ssllogprofile

string

The name of the ssllogprofile.

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When absent, the resource will be deleted from the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "absent"

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Notes

Note

Examples

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)