Manage SSL certificates from the certificate store using StyleBooks
NetScaler Console certificate store helps you to store and manage your SSL certificates in one location. So, you can store SSL certificates in NetScaler Console and reuse them during NetScaler configuration.
This article describes how to create a StyleBook definition that allows you to upload and reuse SSL certificates from the NetScaler Console certificate store.
Parameters
The StyleBook definition supports certkey
as a new built-in parameter type. Use this parameter type to reuse SSL certificates from the NetScaler Console certificate store.
parameters:
-
name: certificate
label: Certificate
description: "Certificate to be bound to this virtual load balanced application"
type: certkey
required: true
<!--NeedCopy-->
In this example, the certificate parameter refers to an SSL certificate or certificate chain from the NetScaler Console certificate store.
In the StyleBook definition, you can refer to the following properties for a certkey
parameter:
-
certkeyname
– A name of SSL certificate key that you want to configure on an instance. -
cert_filename
– The file name of an SSL certificate. -
password
– The password required to access an SSL certificate if necessary. -
key_filename
– The file name of an SSL certificate key. -
keyfile_contents
– The file contents of an SSL certificate. -
subject
– Subject mentioned in an SSL certificate. -
issuer
– It refers to an authority who issued the SSL certificate. -
certchain_certkeyname
– Sometimes, server certificates are signed by multiple hierarchical Certificate Authorities (CA), which means that the certificates form a chain.Use this property when the certificate store has a certificate chain. It helps you refer and bind the certificates together. While you create a configuration pack, the certificate chain appears as list.
These properties help you create the required components in the StyleBook definition.
Components
When a StyleBook has a type: certkey
parameter, the StyleBook user can provide a certificate for this parameter from the NetScaler Console certificate store. In this workflow, along with viewing and selecting certificates from NetScaler Console certificate store, users can also do the following:
- Upload new certificates.
- Update existing certificates. For example, expired certificates.
- Remove certificates.
Notes
You can also manage certificates in NetScaler Console certificate store using NetScaler Console SSL Dashboard.
When an SSL certificate is updated in the NetScaler Console certificate store, the config packs associated with the SSL certificate are automatically updated.
Build your StyleBook
The following is an example StyleBook definition. It is a complete definition that uses SSL certificates from the NetScaler Console certificate store. This StyleBook includes components that upload the main certificate and key files to the NetScaler instance. If these files are already present on the NetScaler instance, NetScaler Console skips the uploading steps, and these components have no effect.
name: lb-with-cert-from-certstore
namespace: com.example.stylebooks
version: "1.0"
display-name: Application using a CertStore certificate
description: This StyleBook defines a simple SSL Vserver.
schema-version: "1.0"
import-stylebooks:
-
namespace: netscaler.nitro.config
version: "13.0"
prefix: ns
parameters:
-
name: name
type: string
label: Application Name
description: Give a name to the application configuration.
required: true
-
name: ip
type: ipaddress
label: Application Virtual IP (VIP)
description: The Application VIP that clients access
required: true
-
name: certificate
label: Application Certificate
description: Certificate chain and key to be bound to this application
type: certkey
required: true
components:
-
name: pem-cert-files-comp
type: ns::systemfile
description: This component uploads the PEM certificate file onto the NetScaler
condition: $parameters.certificate
properties:
filename: $parameters.certificate.cert_filename
filelocation: /nsconfig/ssl
filecontent: base64($parameters.certificate.certfile_contents)
fileencoding: BASE64
-
name: pem-KEY-files-comp
type: ns::systemfile
description: This component uploads the PEM key file onto the NetScaler.
condition: $parameters.certificate
properties:
filename: $parameters.certificate.key_filename
filelocation: /nsconfig/ssl
filecontent: base64($parameters.certificate.keyfile_contents)
fileencoding: BASE64
-
name: cert-files-comp
type: ns::sslcertkey
description: This component creates the certkey on the NetScaler using the uploaded files.
condition: $parameters.certificate
properties:
certkey: $parameters.certificate.certkeyname
cert: $parameters.certificate.cert_filename
key: $parameters.certificate.key_filename
-
name: lbvserver-comp
type: ns::lbvserver
description: This component creates the lbvserver of the application.
properties:
name: $parameters.name + "-lbvserver"
servicetype: SSL
ipv46: $parameters.ip
port: 443
lbmethod: ROUNDROBIN
components:
-
name: sslvserver-comp
type: ns::sslvserver
description: This component configures SSL settings on the vserver
properties:
vservername: $parent.properties.name
ssl3?: ENABLED
tls1?: ENABLED
tls11?: ENABLED
-
name: cert-bindings-adv-comp
type: ns::sslvserver_sslcertkey_binding
description: This component binds the certkey to the vserver
condition: $parameters.certificate
properties:
vservername: $parent.properties.name
certkeyname: $parameters.certificate.certkeyname
<!--NeedCopy-->