Manage SSL certificates from the certificate store using StyleBooks
The NetScaler Console certificate store helps you to store and manage your SSL certificates in one location. So, you can store SSL certificates in NetScaler Console and reuse them during NetScaler configuration.
This article describes how to create a StyleBook definition that allows you to upload and reuse SSL certificates from the NetScaler Console certificate store.
Parameters
The StyleBook definition supports certkey as a new built-in parameter type. Use this parameter type to reuse SSL certificates from the NetScaler Console certificate store.
parameters:
-
name: certificate
label: Certificate
description: "Certificate to be bound to this virtual load balanced application"
type: certkey
required: true
<!--NeedCopy-->
In this example, the certificate parameter refers to an SSL certificate or a certificate chain from the NetScaler Console certificate store.
In the StyleBook definition, you can refer to the following properties for a certkey parameter:
-
certkeyname– Name of SSL certificate key that you want to configure on an instance. -
cert_filename– File name of an SSL certificate. -
password– Password required to access an SSL certificate if necessary. -
key_filename– File name of an SSL certificate key. -
keyfile_contents– Contents of an SSL certificate. -
subject– Subject mentioned in an SSL certificate. -
issuer– Authority who issued the SSL certificate. -
certchain_certkeyname– Name of the certificate chain.Note:
Sometimes, many hierarchical Certificate Authorities (CA) sign the server certificates, which means that the certificates form a chain. Use this property when the certificate store has a certificate chain. It helps you refer and bind the certificates together. While you create a config pack, the certificate chain appears as a list.
These properties help you create the required components in the StyleBook definition.
Components
When a StyleBook has a type: certkey parameter, you can provide a certificate for this parameter from the NetScaler Console certificate store. In this workflow, along with viewing and selecting certificates from the NetScaler Console certificate store, you can also do the following:
- Upload new certificates.
- Update existing certificates. For example, expired certificates.
- Remove certificates.
Note:
- You can also manage certificates in the NetScaler Console certificate store using the NetScaler Console SSL Dashboard.
- After you update an SSL certificate in the NetScaler Console certificate store, you must update the config packs associated with the SSL certificate. To know more about updating config packs, see Use APIs to update an existing config pack or Create and edit a config pack.
Build your StyleBook
The following StyleBook definition uses SSL certificates from the NetScaler Console certificate store. This StyleBook includes components that upload the main certificate and key files to the NetScaler instance. If these files are already present on the NetScaler instance, NetScaler Console skips the uploading steps, and these components have no effect.
name: lb-with-cert-from-certstore
namespace: com.example.stylebooks
version: "1.0"
display-name: Application using a CertStore certificate
description: This StyleBook defines a simple SSL Vserver.
schema-version: "1.0"
import-stylebooks:
-
namespace: netscaler.nitro.config
version: "13.0"
prefix: ns
parameters:
-
name: name
type: string
label: Application Name
description: Give a name to the application configuration.
required: true
-
name: ip
type: ipaddress
label: Application Virtual IP (VIP)
description: The Application VIP that clients access
required: true
-
name: certificate
label: Application Certificate
description: Certificate chain and key to be bound to this application
type: certkey
required: true
components:
-
name: pem-cert-files-comp
type: ns::systemfile
description: This component uploads the PEM certificate file onto the NetScaler
condition: $parameters.certificate
properties:
filename: $parameters.certificate.cert_filename
filelocation: /nsconfig/ssl
filecontent: base64($parameters.certificate.certfile_contents)
fileencoding: BASE64
-
name: pem-KEY-files-comp
type: ns::systemfile
description: This component uploads the PEM key file onto the NetScaler.
condition: $parameters.certificate
properties:
filename: $parameters.certificate.key_filename
filelocation: /nsconfig/ssl
filecontent: base64($parameters.certificate.keyfile_contents)
fileencoding: BASE64
-
name: cert-files-comp
type: ns::sslcertkey
description: This component creates the certkey on the NetScaler using the uploaded files.
condition: $parameters.certificate
properties:
certkey: $parameters.certificate.certkeyname
cert: $parameters.certificate.cert_filename
key: $parameters.certificate.key_filename
-
name: lbvserver-comp
type: ns::lbvserver
description: This component creates the lbvserver of the application.
properties:
name: $parameters.name + "-lbvserver"
servicetype: SSL
ipv46: $parameters.ip
port: 443
lbmethod: ROUNDROBIN
components:
-
name: sslvserver-comp
type: ns::sslvserver
description: This component configures SSL settings on the vserver
properties:
vservername: $parent.properties.name
ssl3?: ENABLED
tls1?: ENABLED
tls11?: ENABLED
-
name: cert-bindings-adv-comp
type: ns::sslvserver_sslcertkey_binding
description: This component binds the certkey to the vserver
condition: $parameters.certificate
properties:
vservername: $parent.properties.name
certkeyname: $parameters.certificate.certkeyname
<!--NeedCopy-->