Application Delivery Management

Use the SSL Dashboard

You can use the SSL certificate dashboard in Citrix Application Delivery Management (ADM) to view graphs that help you keep track of certificate issuers, key strengths, and signature algorithms. The SSL certificate dashboard also displays graphs that indicate the following:

  • Number of days after which certificates expire

  • Number of used and unused certificates

  • Number of self-signed and CA-signed certificates

  • Number of issuers

  • Signature algorithms

  • SSL protocols

  • Top 10 instances by number of certificates in use

To monitor SSL certificates

You may use the SSL dashboard on Citrix ADM to monitor your certificates if your company has SSL Policy where you have defined certain SSL certificate requirements such as all certificates must have minimum key strengths of 2048 bits and a trusted CA authority must authorize it.

In another example, you may have uploaded a new certificate but forgotten to bind it to a virtual server. The SSL dashboard highlights the SSL certificates being used or not used. In the Usage section, you can see the number of certificates that have been installed, and the number of certificates being used. You can further click on the graph, to see the certificates name, the instance on which it’s being used, its validity, its signature algorithm, and so on.

To monitor SSL certificates in Citrix ADM, navigate to Networks > SSL Dashboard.

localized image

Citrix ADM allows you to poll SSL Certificates and add all the SSL certificates of the instances immediately to Citrix ADM. To do so, navigate to Networks > SSL Dashboard and click Poll Now. The Poll Now page pops up, presenting the option to poll all Citrix Application Delivery Controller (ADC) instances in the network or poll selected instances.

You can use the Citrix ADM SSL dashboard to view or monitor the details of Citrix ADC SSL certificates, SSL Virtual Servers, and SSL protocols. “Total” numbers are hyperlinks, which you can click to display details related to SSL certificates, SSL Virtual Servers, or SSL protocols.

For example, when a user clicks the number 52 under “Self signed vs. CA signed” in the above figure, a new window appears, showing details of the 52 SSL certificates on the Citrix ADC instances.

localized image

The Citrix ADM SSL Dashboard also shows the distribution of SSL protocols that are running on your virtual servers. As an administrator, you can specify the protocols that you want to monitor through the SSL policy. The protocols supported are SSLv2, SSLv3, TLS1.0, TLS1.1, and TLS1.2. The SSL protocols used on virtual servers appear in a bar chart format. Clicking on a specific protocol displays a list of virtual servers using that protocol.

A donut chart appears after Diffie-Hellman (DH) or Ephermeral RSA keys are enabled or disabled on the SSL dashboard. These keys enable secure communication with export clients even if the server certificate does not support export clients, as in the case of a 1024-bit certificate. Clicking on the appropriate chart displays a list of the virtual servers on which DH or Ephemeral RSA keys are enabled.

To view audit trails for SSL certificates

You can now view log details of SSL certificates on Citrix ADM. The log details display operations performed using SSL certificates on Citrix ADM such as: installing SSL certificates, linking and unlinking SSL certificates, updating SSL certificates, and deleting SSL certificates. Audit trail information is useful while monitoring SSL certificate changes done on an application with multiple owners.

To view an audit log for a particular operation performed on Citrix ADM using SSL certificates, navigate to Networks > SSL Dashboard > SSL Audit Trails.

localized image

For a particular operation performed using SSL certificate you can view its status, start time, and end time. Furthermore, you can view the instance on which the operation was performed and the commands executed on that instance.

localized image

To exclude default Citrix ADC certificates on the SSL Dashboard

Citrix ADM allows you to show or hide default Citrix ADC certificates showing up on the SSL Dashboard charts based on your preferences. By default, all certificates are displayed on the SSL dashboard including default certificates.

To show or hide default certificates on the SSL dashboard:

  1. Navigate to Networks > SSL Dashboard in the Citrix ADM GUI.

  2. On SSL Dashboard page, click Settings.

  3. On the Settings page, select General.

  4. Type the number of days when the certificate expires to receive notification about certificate expiry.

  5. Select the method of notification and create the respective profiles.

  6. In the Certificate Filter section, clear the Show Default Certificates check box and click Save and Exit.

    localized image

Use the SSL Dashboard