Product Documentation

ssl_profile

Oct 21, 2015

SSL profiles list.

Properties

Name Data Type Read-Only? Description
clientsideprotoversion
<String>
No

SSL protocol version supported for client side negotiation. Use sv2 for SSL v2, sv3 for SSL v3, tv10 for TLS 1.0 or sv23 for allowing all of these three

Possible values = [sv2, sv3, tv10, sv23]

profileinuse
<Boolean>
Yes

Indicator stating if profile is in use or not

Possible values = [true, false]

serversideauthrequired
<Boolean>
No

Enable/disable server side authentication

Possible values = [true, false]

clientsiderenegotiation
<String>
No

Client renegotiation type

Possible values = [denied, old, compatible, new, oldignored]

availablecipherlist
<String>
Yes

List of all available ciphers

virtualhostname
<String>
No

Virtual host name of server for which the SSL profile is being configured

keycertname
<String>
No

Key/cert pair to be used in split mode for optimization of SSL profile

clientsideciphers
<String>
No

Chosen ciphers for client side

disablesessionreuse
<Boolean>
No

Indicate if we need to disable SSL session re-use

Possible values = [true, false]

proxytype
<String>
No

Parameter to set proxy type for optimizing this SSL profile

Possible values = [transparent, split]

serviceclasses
<[String,...]>
Yes

Serive classes attached to the profile

serversideciphers
<String>
No

Chosen ciphers for server side

name
<String>
No

CA Store Name

clientsidecipherlist
<String>
Yes

List of available ciphers for client side negotiation

serversiderenegotiation
<String>
No

Server renegotiation type

Possible values = [denied, old, compatible, new, oldignored]

certchainstorename
<String>
No

CA store to be used to validate client side negotiation

certverifycommonnames
<[String,...]>
No

List of black/white listed server CN

transparentkeyname
<String>
No

SSL key to be used in transparent mode to encrypty/decrypt SSL traffic for this profile

serversideauthkeycertname
<String>
No

Key/Cert to be used for server side authentication

buildcertchain
<Boolean>
No

Toggle to switch certificate chain building for authenticating client side negotiations

Possible values = [true, false]

serversideauthbuildcertchain
<Boolean>
No

Toggle to switch certificate chain building for authenticating server side negotiations

Possible values = [true, false]

serversidecipherlist
<String>
Yes

List of available ciphers for server side negotiation

profileenabled
<Boolean>
No

Enable/Disable profile

Possible values = [true, false]

caverifystorename
<String>
No

CA store to be used to validate server side negotiation

serversideprotoversion
<String>
No

SSL protocol version supported for server side negotiation. Use sv2 for SSL v2, sv3 for SSL v3, tv10 for TLS 1.0 or sv23 for allowing all of these three

Possible values = [sv2, sv3, tv10, sv23]

certverifyaction
<String>
No

Verify action for list of CN in certverifycommonnames

Possible values = [white_list, black_list, allow_all, sig_exp_only]

parsesubjectalternativenames
<Boolean>
No

Indicator if Subject Alternate Names are to be parsed or not

Possible values = [true, false]

Operations

Hinweis

Mandatory parameters are marked in red and placeholder content is marked in <green>.

ADD

Use this operation to add a SSL profile

HTTP Method: POST

URL: https://<cb_ip_address>/cb/nitro/v1/config/ssl_profile

Request Headers:

Authorization: Basic <base64 encoded(username:password)>
Content-Type: application/vnd.com.citrix.cloudbridge.ssl_profile+json

Request Payload: JSON

{"ssl_profile":{
"clientsideprotoversion": <string_value>,
"serversideauthrequired": <boolean_value>,
"clientsiderenegotiation": <string_value>,
"virtualhostname": <string_value>,
"keycertname": <string_value>,
"clientsideciphers": <string_value>,
"disablesessionreuse": <boolean_value>,
"proxytype": <string_value>,
"serversideciphers": <string_value>,
"name": <string_value>,
"serversiderenegotiation": <string_value>,
"certchainstorename": <string_value>,
"certverifycommonnames": <string_value>,
"transparentkeyname": <string_value>,
"serversideauthkeycertname": <string_value>,
"buildcertchain": <boolean_value>,
"serversideauthbuildcertchain": <boolean_value>,
"profileenabled": <boolean_value>,
"caverifystorename": <string_value>,
"serversideprotoversion": <string_value>,
"certverifyaction": <string_value>,
"parsesubjectalternativenames": <boolean_value>
}}

Response Headers:

Content-Type: application/vnd.com.citrix.cloudbridge.ssl_profile+json

Response Payload: JSON

{"ssl_profile":{
"clientsideprotoversion": <string_value>,
"profileinuse": <boolean_value>,
"serversideauthrequired": <boolean_value>,
"clientsiderenegotiation": <string_value>,
"availablecipherlist": <string_value>,
"virtualhostname": <string_value>,
"keycertname": <string_value>,
"clientsideciphers": <string_value>,
"disablesessionreuse": <boolean_value>,
"proxytype": <string_value>,
"serviceclasses": <string_value>,
"serversideciphers": <string_value>,
"name": <string_value>,
"clientsidecipherlist": <string_value>,
"serversiderenegotiation": <string_value>,
"certchainstorename": <string_value>,
"certverifycommonnames": <string_value>,
"transparentkeyname": <string_value>,
"serversideauthkeycertname": <string_value>,
"buildcertchain": <boolean_value>,
"serversideauthbuildcertchain": <boolean_value>,
"serversidecipherlist": <string_value>,
"profileenabled": <boolean_value>,
"caverifystorename": <string_value>,
"serversideprotoversion": <string_value>,
"certverifyaction": <string_value>,
"parsesubjectalternativenames": <boolean_value>
}}

DELETE

Use this operation to remove a SSL profile

HTTP Method: DELETE

URL: https://<cb_ip_address>/cb/nitro/v1/config/ssl_profile/<name>

Request Headers:

Authorization: Basic <base64 encoded(username:password)>

Response Payload: EMPTY

GET (ALL)

Use this operation to get SSL profile configuration details

HTTP Method: GET

URL: https://<cb_ip_address>/cb/nitro/v1/config/ssl_profile

Request Headers:

Authorization: Basic <base64 encoded(username:password)>
Accept: application/vnd.com.citrix.cloudbridge.ssl_profile_list+json

Response Headers:

Content-Type: application/vnd.com.citrix.cloudbridge.ssl_profile_list+json

Response Payload: JSON

{"ssl_profile": [{
"clientsideprotoversion": <string_value>,
"profileinuse": <boolean_value>,
"serversideauthrequired": <boolean_value>,
"clientsiderenegotiation": <string_value>,
"availablecipherlist": <string_value>,
"virtualhostname": <string_value>,
"keycertname": <string_value>,
"clientsideciphers": <string_value>,
"disablesessionreuse": <boolean_value>,
"proxytype": <string_value>,
"serviceclasses": <string_value>,
"serversideciphers": <string_value>,
"name": <string_value>,
"clientsidecipherlist": <string_value>,
"serversiderenegotiation": <string_value>,
"certchainstorename": <string_value>,
"certverifycommonnames": <string_value>,
"transparentkeyname": <string_value>,
"serversideauthkeycertname": <string_value>,
"buildcertchain": <boolean_value>,
"serversideauthbuildcertchain": <boolean_value>,
"serversidecipherlist": <string_value>,
"profileenabled": <boolean_value>,
"caverifystorename": <string_value>,
"serversideprotoversion": <string_value>,
"certverifyaction": <string_value>,
"parsesubjectalternativenames": <boolean_value>
}, ...]}

GET

Use this operation to get SSL profile configuration details

HTTP Method: GET

URL: https://<cb_ip_address>/cb/nitro/v1/config/ssl_profile/<name>

Request Headers:

Authorization: Basic <base64 encoded(username:password)>
Accept: application/vnd.com.citrix.cloudbridge.ssl_profile+json

Response Headers:

Content-Type: application/vnd.com.citrix.cloudbridge.ssl_profile+json

Response Payload: JSON

{"ssl_profile":{
"clientsideprotoversion": <string_value>,
"profileinuse": <boolean_value>,
"serversideauthrequired": <boolean_value>,
"clientsiderenegotiation": <string_value>,
"availablecipherlist": <string_value>,
"virtualhostname": <string_value>,
"keycertname": <string_value>,
"clientsideciphers": <string_value>,
"disablesessionreuse": <boolean_value>,
"proxytype": <string_value>,
"serviceclasses": <string_value>,
"serversideciphers": <string_value>,
"name": <string_value>,
"clientsidecipherlist": <string_value>,
"serversiderenegotiation": <string_value>,
"certchainstorename": <string_value>,
"certverifycommonnames": <string_value>,
"transparentkeyname": <string_value>,
"serversideauthkeycertname": <string_value>,
"buildcertchain": <boolean_value>,
"serversideauthbuildcertchain": <boolean_value>,
"serversidecipherlist": <string_value>,
"profileenabled": <boolean_value>,
"caverifystorename": <string_value>,
"serversideprotoversion": <string_value>,
"certverifyaction": <string_value>,
"parsesubjectalternativenames": <boolean_value>
}}

MODIFY

Use this operation to modify a SSL profile

HTTP Method: PUT

URL: https://<cb_ip_address>/cb/nitro/v1/config/ssl_profile/<name>

Request Headers:

Authorization: Basic <base64 encoded(username:password)>
Content-Type: application/vnd.com.citrix.cloudbridge.ssl_profile+json

Request Payload: JSON

{"ssl_profile":{
"clientsideprotoversion": <string_value>,
"serversideauthrequired": <boolean_value>,
"clientsiderenegotiation": <string_value>,
"virtualhostname": <string_value>,
"keycertname": <string_value>,
"clientsideciphers": <string_value>,
"disablesessionreuse": <boolean_value>,
"proxytype": <string_value>,
"serversideciphers": <string_value>,
"name": <string_value>,
"serversiderenegotiation": <string_value>,
"certchainstorename": <string_value>,
"certverifycommonnames": <string_value>,
"transparentkeyname": <string_value>,
"serversideauthkeycertname": <string_value>,
"buildcertchain": <boolean_value>,
"serversideauthbuildcertchain": <boolean_value>,
"profileenabled": <boolean_value>,
"caverifystorename": <string_value>,
"serversideprotoversion": <string_value>,
"certverifyaction": <string_value>,
"parsesubjectalternativenames": <boolean_value>
}}

Response Headers:

Content-Type: application/vnd.com.citrix.cloudbridge.ssl_profile+json

Response Payload: JSON

{"ssl_profile":{
"clientsideprotoversion": <string_value>,
"profileinuse": <boolean_value>,
"serversideauthrequired": <boolean_value>,
"clientsiderenegotiation": <string_value>,
"availablecipherlist": <string_value>,
"virtualhostname": <string_value>,
"keycertname": <string_value>,
"clientsideciphers": <string_value>,
"disablesessionreuse": <boolean_value>,
"proxytype": <string_value>,
"serviceclasses": <string_value>,
"serversideciphers": <string_value>,
"name": <string_value>,
"clientsidecipherlist": <string_value>,
"serversiderenegotiation": <string_value>,
"certchainstorename": <string_value>,
"certverifycommonnames": <string_value>,
"transparentkeyname": <string_value>,
"serversideauthkeycertname": <string_value>,
"buildcertchain": <boolean_value>,
"serversideauthbuildcertchain": <boolean_value>,
"serversidecipherlist": <string_value>,
"profileenabled": <boolean_value>,
"caverifystorename": <string_value>,
"serversideprotoversion": <string_value>,
"certverifyaction": <string_value>,
"parsesubjectalternativenames": <boolean_value>
}}