Get an A+ security rating for your application in the Qualys SSL lab test
Using insecure ciphers and protocols for transactions can impact the privacy, data integrity, and security of the users accessing your applications. Your application might be compromised if the correct settings are not in place.
How does the Citrix App Delivery and Security service help in getting an A+ security rating by Qualys SSL Labs?
SSL keeps your connection secure and prevents anyone from reading or modifying information while it is transferred between the two systems. Qualys SSL Labs rates the applications based on the ciphers, protocols, and other SSL settings. If your application servers meet the required settings, they are given an A+ rating. For more information, see SSL Server Test.
As an application owner, you can choose to secure your application by selecting A+ Security. When you select this option, the service selects the required ciphers, certificates, key exchange algorithms, and protocols required to get an A+ rating on your back-end application servers. The service adds this setting using SSL policies.
Create an SSL policy with A+ security intent using the GUI
Start the Create Application workflow. After specifying the application details and creating services, add endpoints.
For more information about specifying application details, see Create an application. For more information about creating services, see Create services.
For more information about creating an endpoint, see Add endpoint.
- Navigate to Endpoints.
- Click Add Endpoint.
- Modify an existing endpoint or click Create Endpoint.
-
Click Add SSL Policy.
-
Type a name for the policy and select A+ Security.
-
Click Create.
An SSL policy is added with the A+ security intent to secure your application.
Create an SSL policy with A+ security intent using the API
Send the API to the following endpoint.
| Method | URL |
|---|---|
| POST | /adcaas/nitro/v1/config/network_functions |
| Header | Value |
|---|---|
| Content-Type | application/json |
| Cookie | SESSID= |
| ADS_SERVICE_TYPE | INTENT |
The following snippet is an example of the API payload.
{
"network_functions": [
{
"name": "DemoSSLPolicy",
"type": "ssl_frontend",
"ssl_frontend_params": {
"aplussecurity": true,
"ciphers": [],
"tls1": false,
"tls11": false,
"tls12": false,
"tls13": false
}
}
]
}
<!--NeedCopy-->
Example response
{
"network_functions": [
{
"created_at": "2021-12-10T10:35:50Z",
"id": "680aaf2b8537abbc9b2ac0f11aa98382",
"name": "DemoSSLPolicy",
"ssl_frontend_params": {
"aplussecurity": true,
"ciphers": [],
"tls1": false,
"tls11": false,
"tls12": false,
"tls13": false
},
"type": "ssl_frontend",
"updated_at": "2021-12-10T10:35:50Z"
}
]
}
<!--NeedCopy-->
Use this policy while creating an application as required.
Create an application with SSL policy for A+ security intent using the API
The following API creates an application with the specified:
- Environment
- Services
- Endpoints including a valid certificate
- Load balancing configuration
Send the API to the following endpoint.
| Method | URL |
|---|---|
| POST | /adcaas/nitro/v1/config/applications |
| Header | Value |
|---|---|
| Content-Type | application/json |
| Cookie | SESSID= |
| ADS_SERVICE_TYPE | INTENT |
The following snippet is an example of the API payload.
{
"applications":
{
"edition": "premium",
"name": "DemoAppHTTPS",
"type": "aws",
"environment": {
"id": "3b6ed423c509404915c57a06ee675e6b"
},
"endpoints": [
{
"name": "DemoHTTPSEndpoint",
"endpoint_type": "External",
"fqdns": [],
"fqdn_auto_allocated": true,
"listeners": [
{
"port": 443,
"protocol": "HTTPS",
"certificates": [
"3bf39d58-7fcc-49b8-b050-a230681c97ac"
],
"ssl_network_function": {
"name": "DemoSSLPolicy"
},
"is_https_redirect": true,
"redirect_port": 80
}
]
}
],
"network_functions": [
{
"name": "DemoLB",
"type": "lb",
"lb_params": {
"algorithm": "ROUND_ROBIN",
"stickinessType": "SOURCE_IP"
}
},
{
"name": "DemoSSLPolicy",
"type": "ssl_frontend",
"ssl_frontend_params": {
"aplussecurity": true,
"ciphers": [],
"tls1": false,
"tls11": false,
"tls12": false,
"tls13": false
}
}
],
"application_services": [
{
"name": "DemoAppSvc",
"protocol": "HTTPS",
"port": 443,
"app_server_type": "servers",
"aws_autoscalegroup": "",
"aws_instances": [],
"servers": [
{
"type": "IPAddress",
"value": "2.2.2.2"
}
],
"network_functions": [
{
"name": "DemoLB",
"type": "lb"
}
]
}
],
"application_endpoints": [
{
"endpoint_name": "DemoHTTPSEndpoint",
"default_route": "DemoAppSvc",
"routes": []
}
]
}
]
}
<!--NeedCopy-->
Example response
{
"applications": [
{
"application_endpoints": [
{
"default_route": "DemoAppSvc",
"endpoint_id": "fac30d4b980deccb291f97cdfd7d63f2",
"endpoint_name": "DemoHTTPSEndpoint",
"id": "968d6af0fc0d50a5b30cf99fe19ddf20",
"routes": []
}
],
"application_services": [
{
"app_server_type": "servers",
"id": "0ad8677bf3dffe9bce95b20bd48818ed",
"name": "DemoAppSvc",
"network_functions": [
{
"name": "DemoLB",
"type": "lb"
}
],
"port": 443,
"protocol": "HTTPS",
"servers": [
{
"type": "IPAddress",
"value": "192.0.2.2"
}
],
"slow_server_settings": {
"action": "detect"
}
}
],
"created_at": "2021-12-10T11:09:42Z",
"deployed_at": null,
"edition": "premium",
"environment": {
"cloud": "aws",
"id": "3b6ed423c509404915c57a06ee675e6b",
"name": "DemoEnv"
},
"id": "501d0fa420bbcd6d079cbbda7faf6e12",
"job_id": null,
"name": "DemoAppHTTPS",
"status": "INDRAFT",
"type": "aws",
"updated_at": "2021-12-10T11:09:42Z"
}
]
}
<!--NeedCopy-->
In this article
- How does the Citrix App Delivery and Security service help in getting an A+ security rating by Qualys SSL Labs?
- Create an SSL policy with A+ security intent using the GUI
- Create an SSL policy with A+ security intent using the API
- Create an application with SSL policy for A+ security intent using the API