NetScaler Console service

Use the SSL dashboard

You can use the SSL certificate dashboard in NetScaler Console to view graphs that help you keep track of certificate issuers, key strengths, and signature algorithms. The SSL certificate dashboard also displays graphs that indicate the following:

  • Number of days after which certificates expire
  • Number of used and unused certificates
  • Number of self-signed and CA-signed certificates
  • Number of issuers
  • Signature algorithms
  • SSL protocols
  • Top 10 instances by number of certificates in use

Monitor SSL certificates

Use the SSL dashboard on NetScaler Console to monitor your certificates if your company has an SSL Policy where you have defined certain SSL certificate requirements such as all certificates must have minimum key strengths of 2048 bits and a trusted CA authority must authorize it.

In another example, you may have uploaded a new certificate but forgotten to bind it to a virtual server. The SSL dashboard highlights the SSL certificates being used or not used. In the Usage section, you can see the number of certificates that have been installed, and the number of certificates being used. You can further click the graph, to see the certificates name, the instance on which it’s being used, its validity, its signature algorithm, and so on.

To monitor SSL certificates in NetScaler Console, navigate to Infrastructure > SSL Dashboard.

SSL dashboard

NetScaler Console allows you to poll SSL Certificates and add all the SSL certificates of the instances immediately to NetScaler Console. To do so, navigate to Infrastructure > SSL Dashboard and click Poll Now. The Poll Now page pops up, presenting the option to poll all NetScaler instances in the network or poll selected instances.

Poll now

You can use the NetScaler Console SSL dashboard to view or monitor the details of SSL certificates, SSL Virtual Servers, and SSL protocols. The numbers are hyperlinks, which you can click to display details related to SSL certificates, SSL Virtual Servers, or SSL protocols.

Total numbers

For example, when a user clicks the number 30 under Self-signed vs. CA signed in the above figure, a new window appears, showing details of the 30 SSL certificates on the NetScaler instances.

Certificate details

The NetScaler Console SSL Dashboard also shows the distribution of SSL protocols that are running on your virtual servers. As an administrator, you can specify the protocols that you want to monitor through the SSL policy, for more information, see Configuring SSL Policies. The protocols supported are SSLv2, SSLv3, TLS1.0, TLS1.1, and TLS1.2. The SSL protocols used on virtual servers appear in a bar chart format. Clicking a specific protocol displays a list of virtual servers using that protocol.

A donut chart appears after Diffie-Hellman (DH) or Ephemeral RSA keys are enabled or disabled on the SSL dashboard. These keys enable secure communication with export clients even if the server certificate does not support export clients, as in the case of a 1024-bit certificate. Clicking the appropriate chart displays a list of the virtual servers on which DH or Ephemeral RSA keys are enabled.

Diffie-Hellman (DH) or Ephemeral

View audit logs for SSL certificates

You can now view log details of SSL certificates on NetScaler Console. The log details display operations performed using SSL certificates on NetScaler Console such as: installing SSL certificates, linking and unlinking SSL certificates, updating SSL certificates, and deleting SSL certificates. Audit log information is useful while monitoring SSL certificate changes done on an application with multiple owners.

To view an audit log for a particular operation performed on NetScaler Console using SSL certificates, navigate to Infrastructure > SSL Dashboard and select Audit Logs.

For a particular operation performed using the SSL certificate you can view its status, start time, and end time. Furthermore, you can view the instance on which the operation was performed and the commands run on that instance.

Exclude default NetScaler certificates on the SSL Dashboard

NetScaler Console allows you to show or hide default certificates showing up on the SSL Dashboard charts based on your preferences. By default, all certificates are displayed on the SSL dashboard including default certificates.

To show or hide default certificates on the SSL dashboard:

  1. Navigate to Infrastructure > SSL Dashboard in the NetScaler Console GUI.

  2. On SSL Dashboard page, click Settings.

  3. On the Settings page, select General.

  4. In Certificate Filter section, disable the Show Default Certificates and select Save and Exit.

    Show default certificates

Download SSL certificates

SSL certificates have to be individually managed per instance. NetScaler Console provides visibility into all certificates deployed across multiple instances.

  • You can select which certificates are expiring and automate certificate renewals.
  • Policies can be set and enforced around the types of certificates and signing authorities that are permitted.
  • You can also download the SSL certificates for renewal and upload them later.

To download SSL certificates:

  1. Navigate to Infrastructure > SSL Dashboard in the NetScaler Console GUI.

  2. On SSL Dashboard page, click the total number of SSL certificates in any of the graphs.

Select certificates

  1. On the SSL Certificates page, click the certificate that you want to download. For example, you want to download the one that is expiring in the next one week.

  2. From the Select Action list box, select Download. The certificate downloads to your system.

To export the report of this dashboard:

To export the report of this page, click the Export icon on the top right side of this page. On the Export page, you can do one of the following:

  1. Select Export Now tab. To view and save the report in PDF, JPEG, PNG, or CSV format.

  2. Select Schedule Export tab. To schedule the report daily, weekly, or monthly and send the report over an email or a slack message.

Note

  • If you select Weekly recurrence, ensure that you select the weekdays on which you want the report to be scheduled.
  • If you select Monthly recurrence, ensure that you enter all the days that you want the report to be scheduled separated by commas.

To delete the SSL certificate on the SSL dashboard

NetScaler 14.1-38.x and later provides an option to delete the associated SSL certificate files from NetScaler while deleting the selected SSL certificate. To delete an SSL certificate:

  1. Navigate to Infrastructure > SSL Dashboard.

  2. In the SSL Certificates section where the details of SSL certificates are displayed, click the link on the label Unused. A page with a list of unused certificates is displayed.

  3. Choose one or more unused certificates to delete.

    SSL audit trails

  4. Click Delete.

  5. A Confirm dialogue box appears, providing the following options to delete the certificate files from NetScaler as well:

    • Do Not Delete: Skips the deletion of certificate files from NetScaler.
    • Delete: Deletes the certificate files from NetScaler for both expired and unexpired certificates.
    • Delete if Expired: Deletes the certificate files from NetScaler for expired certificates only.

    NOTE:

    For NetScaler versions earlier than 14.1-38.x, deletion of the certificate file(s) is skipped for all three options. Option to delete the certificate file along with configuration is applicable only for NetScaler 14.1-38.x and later.

  6. Select the appropriate option based on your needs.

  7. Click Yes to delete the certificate or click No to exit the workflow without making any changes.

SSL audit trails

View SSL certificate chain

You can view the complete chain of links for a certificate including the intermediate certificates up to the root CA certificate.

To view a certificate chain:

  1. Navigate to Infrastructure > SSL Dashboard and click the SSL certificates in any tile.

  2. In the SSL Certificates page, select a certificate and click Details. The certificate chain is displayed under Links.

    Select certificates

Use the SSL dashboard