-
-
-
Deploy NetScaler ingress controller with OpenShift router sharding support
-
Deploy NetScaler CPX as an Ingress in Azure Kubernetes Engine
-
Deploy NetScaler ingress controller in an Azure Kubernetes Service cluster with NetScaler VPX
-
Deploy NetScaler ingress controller for NetScaler with admin partitions
-
Multi-cloud and GSLB solution with Amazon EKS and Microsoft AKS clusters
-
-
SSL certificate for services of type LoadBalancer through the Kubernetes secret resource
-
BGP advertisement for type LoadBalancer services and Ingresses using NetScaler CPX
-
NetScaler CPX integration with MetalLB in layer 2 mode for on-premises Kubernetes clusters
-
Advanced content routing for Kubernetes Ingress using the HTTPRoute CRD
-
IP address management using the NetScaler IPAM controller for Ingress resources
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
TLS server authentication support in NetScaler using the NetScaler Ingress Controller
Server authentication allows a client to verify the authenticity of the web server that it is accessing. Usually, the NetScaler device performs SSL offload and acceleration on behalf of a web server and does not authenticate the certificate of the Web server. However, you can authenticate the server in deployments that require end-to-end SSL encryption.
In such a situation, the NetScaler device becomes the SSL client and performs the following:
- carries out a secure transaction with the SSL server
- verifies that a CA whose certificate is bound to the SSL service has signed the server certificate
- checks the validity of the server certificate.
To authenticate the server, you must first enable server authentication and then bind the certificate of the CA that signed the certificate of the server to the SSL service on the NetScaler appliance. When you bind the certificate, you must specify the bind as a CA option.
Configuring TLS server authentication
Perform the following steps to configure TLS server authentication.
-
Enable the TLS support in NetScaler.
The NetScaler Ingress Controller uses the TLS section in the Ingress definition as an enabler for TLS support with NetScaler. The following is a sample snippet of the Ingress definition:
spec: tls: - secretName:
-
To generate a Kubernetes secret for an existing certificate, perform the following.
-
Generate a client certificate to be used with the service.
kubectl create secret tls tea-beverage --cert=path/to/tls.cert --key=path/to/tls.key --namespace=default
-
Generate a secret for an existing CA certificate. This certificate is required to sign the back end server certificate.
kubectl create secret generic tea-ca --from-file=tls.crt=cacerts.pem
Note:
You must specify
tls.crt=
while creating a secret. This file is used by the NetScaler Ingress Controller while parsing a CA secret. -
-
Enable secure back end communication to the service using the following annotation in the Ingress configuration.
ingress.citrix.com/secure-backend: "True"
-
Use the following annotation to bind the certificate to SSL service. This certificate is used when the NetScaler acts as a client to send the request to the back end server.
ingress.citrix.com/backend-secret: '{"tea-beverage": "tea-beverage", "coffee-beverage": "coffee-beverage"}'
-
To enable server authentication which authenticates the back end server certificate, you can use the following annotation. This configuration binds the CA certificate of the server to the SSL service on the NetScaler.
ingress.citrix.com/backend-ca-secret: '{"coffee-beverage":"coffee-ca", "tea-beverage":"tea-ca"}
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.