StyleBook configuration

Manage SSL certificates from the certificate store using StyleBooks

NetScaler Console certificate store helps you to store and manage your SSL certificates in one location. So, you can store SSL certificates in NetScaler Console and reuse them during NetScaler configuration.

This article describes how to create a StyleBook definition that allows you to upload and reuse SSL certificates from the NetScaler Console certificate store.

Parameters

The StyleBook definition supports certkey as a new built-in parameter type. Use this parameter type to reuse SSL certificates from the NetScaler Console certificate store.

parameters:
-
    name: certificate
    label: Certificate
    description: "Certificate to be bound to this virtual load balanced application"
    type: certkey
    required: true
<!--NeedCopy-->

In this example, the certificate parameter refers to an SSL certificate or certificate chain from the NetScaler Console certificate store.

In the StyleBook definition, you can refer to the following properties for a certkey parameter:

  • certkeyname – A name of SSL certificate key that you want to configure on an instance.
  • cert_filename – The file name of an SSL certificate.
  • password – The password required to access an SSL certificate if necessary.
  • key_filename – The file name of an SSL certificate key.
  • keyfile_contents – The file contents of an SSL certificate.
  • subject – Subject mentioned in an SSL certificate.
  • issuer – It refers to an authority who issued the SSL certificate.
  • certchain_certkeyname – Sometimes, server certificates are signed by multiple hierarchical Certificate Authorities (CA), which means that the certificates form a chain.

    Use this property when the certificate store has a certificate chain. It helps you refer and bind the certificates together. While you create a configuration pack, the certificate chain appears as list.

These properties help you create the required components in the StyleBook definition.

Components

When a StyleBook has a type: certkey parameter, the StyleBook user can provide a certificate for this parameter from the NetScaler Console certificate store. In this workflow, along with viewing and selecting certificates from NetScaler Console certificate store, users can also do the following:

  • Upload new certificates.
  • Update existing certificates. For example, expired certificates.
  • Remove certificates.

Notes

  • You can also manage certificates in NetScaler Console certificate store using NetScaler Console SSL Dashboard.

  • When an SSL certificate is updated in the NetScaler Console certificate store, the config packs associated with the SSL certificate are automatically updated.

Build your StyleBook

The following is an example StyleBook definition. It is a complete definition that uses SSL certificates from the NetScaler Console certificate store. This StyleBook includes components that upload the main certificate and key files to the NetScaler instance. If these files are already present on the NetScaler instance, NetScaler Console skips the uploading steps, and these components have no effect.

name: lb-with-cert-from-certstore
namespace: com.example.stylebooks
version: "1.0"
display-name: Application using a CertStore certificate
description: This StyleBook defines a simple SSL Vserver.
schema-version: "1.0"

import-stylebooks:
 -
    namespace: netscaler.nitro.config
    version: "13.0"
    prefix: ns

parameters:
 -
  name: name
  type: string
  label: Application Name
  description: Give a name to the application configuration.
  required: true
 -
  name: ip
  type: ipaddress
  label: Application Virtual IP (VIP)
  description: The Application VIP that clients access
  required: true
 -
  name: certificate
  label: Application Certificate
  description: Certificate chain and key to be bound to this application
  type: certkey
  required: true


components:
 -
    name: pem-cert-files-comp
    type: ns::systemfile
    description: This component uploads the PEM certificate file onto the NetScaler
    condition: $parameters.certificate
    properties:
      filename: $parameters.certificate.cert_filename
      filelocation: /nsconfig/ssl
      filecontent: base64($parameters.certificate.certfile_contents)
      fileencoding: BASE64
 -
    name: pem-KEY-files-comp
    type: ns::systemfile
    description: This component uploads the PEM key file onto the NetScaler.
    condition: $parameters.certificate
    properties:
      filename: $parameters.certificate.key_filename
      filelocation: /nsconfig/ssl
      filecontent: base64($parameters.certificate.keyfile_contents)
      fileencoding: BASE64
 -
    name: cert-files-comp
    type: ns::sslcertkey
    description: This component creates the certkey on the NetScaler using the uploaded files.
    condition: $parameters.certificate
    properties:
      certkey:  $parameters.certificate.certkeyname
      cert: $parameters.certificate.cert_filename
      key: $parameters.certificate.key_filename
 -
  name: lbvserver-comp
  type: ns::lbvserver
  description: This component creates the lbvserver of the application.
  properties:
   name: $parameters.name + "-lbvserver"
   servicetype: SSL
   ipv46: $parameters.ip
   port: 443
   lbmethod: ROUNDROBIN
  components:
      -
        name: sslvserver-comp
        type: ns::sslvserver
        description: This component configures SSL settings on the vserver
        properties:
          vservername: $parent.properties.name
          ssl3?: ENABLED
          tls1?: ENABLED
          tls11?: ENABLED
      -
       name: cert-bindings-adv-comp
       type: ns::sslvserver_sslcertkey_binding
       description: This component binds the certkey to the vserver
       condition: $parameters.certificate
       properties:
         vservername: $parent.properties.name
         certkeyname: $parameters.certificate.certkeyname
<!--NeedCopy-->
Manage SSL certificates from the certificate store using StyleBooks