netscaler.adc.sslcertkey module – Configuration for certificate key resource.

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.sslcertkey.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for certificate key resource.

Parameters

Parameter

Comments

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

bundle

string

Parse the certificate chain as a single file after linking the server certificate to its issuer’s certificate within the file.

Choices:

  • "YES"

  • "NO"

cert

string

Name of and, optionally, path to the X509 certificate file that is used to form the certificate-key pair. The certificate file should be present on the appliance’s hard-disk drive or solid-state drive. Storing a certificate in any location other than the default might cause inconsistency in a high availability setup. /nsconfig/ssl/ is the default path.

certkey

any

Name for the certificate and private-key pair. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the certificate-key pair is created.

The following requirement applies only to the Citrix ADC CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my cert” or ‘my cert’).

deletefromdevice

boolean

Delete cert/key file from file system.

Choices:

  • false

  • true

expirymonitor

any

Issue an alert when the certificate is about to expire.

Choices:

  • "ENABLED"

  • "DISABLED"

fipskey

string

Name of the FIPS key that was created inside the Hardware Security Module (HSM) of a FIPS appliance, or a key that was imported into the HSM.

hsmkey

string

Name of the HSM key that was created in the External Hardware Security Module (HSM) of a FIPS appliance.

inform

string

Input format of the certificate and the private-key files. The three formats supported by the appliance are:

PEM - Privacy Enhanced Mail

DER - Distinguished Encoding Rule

PFX - Personal Information Exchange

Choices:

  • "DER"

  • "PEM"

  • "PFX"

key

string

Name of and, optionally, path to the private-key file that is used to form the certificate-key pair. The certificate file should be present on the appliance’s hard-disk drive or solid-state drive. Storing a certificate in any location other than the default might cause inconsistency in a high availability setup. /nsconfig/ssl/ is the default path.

linkcertkeyname

string

Name of the Certificate Authority certificate-key pair to which to link a certificate-key pair.

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nodomaincheck

boolean

Override the check for matching domain names during a certificate update operation.

Choices:

  • false

  • true

notificationperiod

any

Time, in number of days, before certificate expiration, at which to generate an alert that the certificate is about to expire.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

ocspstaplingcache

boolean

Clear cached ocspStapling response in certkey.

Choices:

  • false

  • true

passplain

string

Pass phrase used to encrypt the private-key. Required when adding an encrypted private-key in PEM format.

password

boolean

Passphrase that was used to encrypt the private-key. Use this option to load encrypted private-keys in PEM format.

Choices:

  • false

  • true

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

sslcertkey_sslocspresponder_binding

dictionary

Bindings for sslcertkey_sslocspresponder_binding resource

binding_members

list / elements=dictionary

List of binding members

Default: []

mode

string

The mode in which to configure the bindings.

If mode is set to desired, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state.

If mode is set to bind, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified.

If mode is set to unbind, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified.

Choices:

  • "desired" ← (default)

  • "bind"

  • "unbind"

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When absent, the resource will be deleted from the NetScaler ADC node.

When unset, the resource will be unset on the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "absent"

  • "unset"

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Notes

Note

Examples

- name: Create and link server ssl certkey
  delegate_to: localhost
  netscaler.adc.sslcertkey:
    state: present
    certkey: test-certkey
    cert: test-cert.cert
    key: test-cert.key
    linkcertkeyname: root-certkey  # This will link the root certkey to the server certkey

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)