Citrix Application Delivery Management service

Assess application SSL rating

An application must use secure ciphers and protocols for SSL transactions. Otherwise, it can impact the privacy, data integrity, and security of the users accessing the application. Qualys SSL Labs rates the applications based on ciphers, protocols, and other SSL settings. For more information, see SSL Server Test.

As an application owner, you can assess whether your application has A+ rating by Qualys SSL Labs. Citrix ADM reviews the application’s virtual server SSL settings with ADC secure front-end profile. The settings required for an A+ rating are preloaded into the secure front-end profile.

If your application has Not A+ rating, you can upgrade to A+ rating.

To view the application’s SSL rating, do the following:

  1. Go to Applications > Dashboard.

  2. Filter applications based on their SSL ratings. You can filter them by A+, Not A+, and NA (Not Applicable).

    Filter applications by SSL ratings

    If an application has no rating, it is categorized under NA.

  3. Select the required application grid from the GUI.

  4. Select the SSL tab. This tab displays the SSL rating of the application.

    SSL rating

The SSL tab provides one of the following options to change or upgrade your application’s rating:

Upgrade to A+ SSL rating

When you upgrade an application to A+ SSL rating, ADM deploys the secure front-end profile on the application.

The application with Not A+ rating displays the details affected virtual servers in the SSL tab.

Not A plus

In App Details, you can review the virtual server details whose configuration is not compliant with the secure front-end profile. Also, it displays the remediation measures in the Recommendation column. These measures are given to make your application compliant with the secure front-end profile.

In this example, the Intenet_Banking virtual server has a few security issues. Protocol TLSv1.0 enabled is one of such issues. The App Details section recommends an appropriate action to solve this issue. To solve all such issues with the respective recommendations, do the following:

  1. Click Upgrade to A+ rating.

    Confirm A+ upgrade

    The confirmation message displays the commands that run on a virtual server. These commands might affect your application traffic.

  2. Review the commands and click Confirm.

Roll back SSL rating

After you upgrade the application to A+ rating, you can analyze the incoming traffic in SSL insight. This page displays the ciphers and protocols on which SSL transactions are negotiated.

However, if you observe some legitimate traffic are dropped, you can roll back the secure front-end profile configured on your application. This action changes the SSL rating to the earlier rating.

Rollback SSL rating

To roll back an SSL rating, do the following:

  1. Click Rollback.

    Confirm rollback

    The confirmation message displays the commands that run on a virtual server.

  2. Review the commands and click Confirm.

Assess application SSL rating