netscaler.adc.sslcrl module – Configuration for Certificate Revocation List resource.

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.sslcrl.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for Certificate Revocation List resource.

Parameters

Parameter

Comments

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

basedn

any

Base distinguished name (DN), which is used in an LDAP search to search for a CRL. Citrix recommends searching for the Base DN instead of the Issuer Name from the CA certificate, because the Issuer Name field might not exactly match the LDAP directory structure’s DN.

binary

any

Set the LDAP-based CRL retrieval mode to binary.

Choices:

  • "YES"

  • "NO"

binddn

any

Bind distinguished name (DN) to be used to access the CRL object in the LDAP repository if access to the LDAP repository is restricted or anonymous access is not allowed.

cacert

any

CA certificate that has issued the CRL. Required if CRL Auto Refresh is selected. Install the CA certificate on the appliance before adding the CRL.

cacertfile

string

Name of and, optionally, path to the CA certificate file.

/nsconfig/ssl/ is the default path.

cakeyfile

string

Name of and, optionally, path to the CA key file. /nsconfig/ssl/ is the default path

crlname

any

Name for the Certificate Revocation List (CRL). Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the CRL is created.

The following requirement applies only to the Citrix ADC CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my crl” or ‘my crl’).

crlpath

string

Path to the CRL file. /var/netscaler/ssl/ is the default path.

day

any

Day on which to refresh the CRL, or, if the Interval parameter is not set, the number of days after which to refresh the CRL. If Interval is set to MONTHLY, specify the date. If Interval is set to WEEKLY, specify the day of the week (for example, Sun=0 and Sat=6). This parameter is not applicable if the Interval is set to DAILY.

gencrl

string

Name of and, optionally, path to the CRL file to be generated. The list of certificates that have been revoked is obtained from the index file. /nsconfig/ssl/ is the default path.

indexfile

string

Name of and, optionally, path to the file containing the serial numbers of all the certificates that are revoked. Revoked certificates are appended to the file. /nsconfig/ssl/ is the default path

inform

string

Input format of the CRL file. The two formats supported on the appliance are:

PEM - Privacy Enhanced Mail.

DER - Distinguished Encoding Rule.

Choices:

  • "DER"

  • "PEM"

interval

any

CRL refresh interval. Use the NONE setting to unset this parameter.

Choices:

  • "MONTHLY"

  • "WEEKLY"

  • "DAILY"

  • "NOW"

  • "NONE"

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

method

any

Method for CRL refresh. If LDAP is selected, specify the method, CA certificate, base DN, port, and LDAP server name. If HTTP is selected, specify the CA certificate, method, URL, and port. Cannot be changed after a CRL is added.

Choices:

  • "HTTP"

  • "LDAP"

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

password

any

Password to access the CRL in the LDAP repository if access to the LDAP repository is restricted or anonymous access is not allowed.

port

any

Port for the LDAP server.

refresh

any

Set CRL auto refresh.

Choices:

  • "ENABLED"

  • "DISABLED"

revoke

string

Name of and, optionally, path to the certificate to be revoked. /nsconfig/ssl/ is the default path.

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

scope

any

Extent of the search operation on the LDAP server. Available settings function as follows:

One - One level below Base DN.

Base - Exactly the same level as Base DN.

Choices:

  • "Base"

  • "One"

server

any

IP address of the LDAP server from which to fetch the CRLs.

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When absent, the resource will be deleted from the NetScaler ADC node.

When created, the `create` operation will be applied on the resource.

When unset, the resource will be unset on the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "absent"

  • "created"

  • "unset"

time

any

Time, in hours (1-24) and minutes (1-60), at which to refresh the CRL.

url

any

URL of the CRL distribution point.

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Notes

Note

Examples

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)