Citrix NetScaler
SecTrail CM enables automatic deployment and renewal of SSL certificates by establishing agentless connections to Citrix NetScaler Application Delivery Controller (ADC) devices.
Connection Requirementsβ
| Requirement | Detail | Description |
|---|---|---|
| Protocol | NITRO REST API (HTTPS) | NetScaler's native REST API is used |
| Port | 443 | Standard HTTPS port or custom management port |
| Authentication | Basic Authentication | Authentication via Username and Password |
| User Permission | nsroot or superuser role | Certificate upload and configuration permission |
Automated Operationsβ
SecTrail CM automatically performs the following operations on Citrix NetScaler:
- Certificate and Key Upload: Secure transfer of SSL certificate and private key
- CertKey Creation: Creating and managing certificate-key pairs
- Virtual Server Binding: Binding certificates to SSL Virtual Servers
- Configuration Save: Making configuration persistent
Configuration Stepsβ
1. Creating NetScaler Userβ
Navigate to Automation > Device Users and create a user for F5.
2. Adding NetScaler Device to SecTrail CMβ
Click Automation > Devices > Add New Device button and enter the following information:
- Name: Provide a descriptive name for the device
- Device Users: Select the user created in Step 1
- IP: Enter the NSIP address of the NetScaler device
- Device Type: Select
Citrix NetScalerfrom the dropdown menu - Cert Upload Only: Should only certificate be uploaded? (Disabled/Enabled)
After the NetScaler device is added to SecTrail CM, the IP addresses and ports of all Virtual Servers defined on the device are automatically included in the discovery period and scanned regularly.
3. Viewing Device Informationβ
After the device is added, it will be displayed in the Automation > Devices list. Click on the row to view device details:
- Virtual Server: Virtual Server names defined on the NetScaler device
- Address: IP address and port of the Virtual Server
- CertKey Name: Current certificate-key pair names
- SerialNumber: Certificate serial number
- Type: Shows the address type
- Deploy: For certificate deployment
Certificate Deploymentβ
Step 1: Virtual Server and Certificate Selectionβ
- Select your NetScaler device from Automation > Devices
- In the device details, find the Virtual Server where you want to deploy the certificate
- Click the Deploy button on the relevant row
- In the Deploy Certificate window that opens:
- Virtual Servers: Target Virtual Server information is displayed (IP, port, CertKey name)
- Certificate: Select the certificate you want to deploy from the dropdown menu
Step 2: Starting the Deployment Processβ
Click the Deploy button to start the certificate deployment process.
Step 3: Process Trackingβ
The deployment process can be tracked from Automation > Processes:
Operation Detailsβ
The following steps are performed during deployment:
| Step | Operation Description |
|---|---|
| 1 | Certificate and key file are uploaded to the system |
| 2 | Certificate-key pair is created |
| 3 | Existing certificate binding is removed |
| 4 | New certificate is bound to virtual server |
SecTrail CM automatically cleans up unused old certificate and key files after deployment.
Rollback Operationβ
The Manual Rollback feature can be used in case of issues after certificate deployment.
If an error occurs at any step during the deployment process, the system automatically performs a rollback and all changes are reverted.
Rollback Stepsβ
- Navigate to Automation > Processes
- Find the operation you want to rollback
- Use the Manual-Rollback option in the Status column
- Confirm
Operations During Rollbackβ
| Step | Operation |
|---|---|
| 1 | Old certificate-key pair is preserved |
| 2 | Virtual Server's previous binding settings are restored |
| 3 | Newly uploaded certificate and key files are deleted |
| 4 | Certkey created during deployment is removed |