netscaler.adc.sslcert module – Configuration for cerificate resource.

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.sslcert.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for cerificate resource.

Parameters

Parameter

Comments

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

cacert

string

Name of the CA certificate file that issues and signs the Intermediate-CA certificate or the end-user client and server certificates.

cacertform

string

Format of the CA certificate.

Choices:

  • "DER"

  • "PEM"

cakey

string

Private key, associated with the CA certificate that is used to sign the Intermediate-CA certificate or the end-user client and server certificate. If the CA key file is password protected, the user is prompted to enter the pass phrase that was used to encrypt the key.

cakeyform

string

Format for the CA certificate.

Choices:

  • "DER"

  • "PEM"

caserial

string

Serial number file maintained for the CA certificate. This file contains the serial number of the next certificate to be issued or signed by the CA. If the specified file does not exist, a new file is created, with /nsconfig/ssl/ as the default path. If you do not specify a proper path for the existing serial file, a new serial file is created. This might change the certificate serial numbers assigned by the CA certificate to each of the certificates it signs.

certfile

string

Name for and, optionally, path to the generated certificate file. /nsconfig/ssl/ is the default path.

certform

string

Format in which the certificate is stored on the appliance.

Choices:

  • "DER"

  • "PEM"

certtype

string

Type of certificate to generate. Specify one of the following:

* ROOT_CERT - Self-signed Root-CA certificate. You must specify the key file name. The generated Root-CA certificate can be used for signing end-user client or server certificates or to create Intermediate-CA certificates.

* INTM_CERT - Intermediate-CA certificate.

* CLNT_CERT - End-user client certificate used for client authentication.

* SRVR_CERT - SSL server certificate used on SSL servers for end-to-end encryption.

Choices:

  • "ROOT_CERT"

  • "INTM_CERT"

  • "CLNT_CERT"

  • "SRVR_CERT"

days

float

Number of days for which the certificate will be valid, beginning with the time and day (system time) of creation.

keyfile

string

Name for and, optionally, path to the private key. You can either use an existing RSA or DSA key that you own or create a new private key on the Citrix ADC. This file is required only when creating a self-signed Root-CA certificate. The key file is stored in the /nsconfig/ssl directory by default.

If the input key specified is an encrypted key, you are prompted to enter the PEM pass phrase that was used for encrypting the key.

keyform

string

Format in which the key is stored on the appliance.

Choices:

  • "DER"

  • "PEM"

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

pempassphrase

string

0

reqfile

string

Name for and, optionally, path to the certificate-signing request (CSR). /nsconfig/ssl/ is the default path.

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

sslcertkey_sslocspresponder_binding

dictionary

Bindings for sslcertkey_sslocspresponder_binding resource

binding_members

list / elements=dictionary

List of binding members

Default: []

mode

string

The mode in which to configure the bindings.

If mode is set to desired, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state.

If mode is set to bind, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified.

If mode is set to unbind, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified.

Choices:

  • "desired" ← (default)

  • "bind"

  • "unbind"

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When created, the `create` operation will be applied on the resource.

Choices:

  • "created"

Default: "present"

subjectaltname

string

Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called “Subject Alternative Names” (SAN). Names include:

  1. Email addresses

  2. IP addresses

  3. URIs

  4. DNS names (This is usually also provided as the Common Name RDN within the Subject field of the main certificate.)

  5. directory names (alternative Distinguished Names to that given in the Subject)

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Notes

Note

Examples

- name: Create ssl cert certname.cert
  delegate_to: localhost
  netscaler.adc.sslcert:
    state: created
    certfile: certname.cert
    reqfile: certname.csr
    keyform: PEM
    days: 1480
    certform: PEM
    cacert: root_cert.cert
    cacertform: PEM
    cakey: root_cert.key
    cakeyform: PEM
    caserial: root_cert.srl
    certtype: SRVR_CERT

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)