f5devcentral / vscode-f5-flipper

Exploring Citrix/NetScaler configs
Apache License 2.0
9 stars 4 forks source link

[BUG] Flipper does not add bind ssl certkey items to the virtual server application. #16

Closed npmaslow closed 1 year ago

npmaslow commented 1 year ago

Describe the bug If a virtual server has an SSL profile or certkey appended to it, it does not show up as part of the grouped application with the virtual server.

To Reproduce Steps to reproduce the behavior: Bind an ssl certkey to a virtual server in Netscaler, run the tool on the ns.conf, check the app definition and compare it to the ns definition.

Expected behavior A bind ssl certkey or ssl profile will result in a ssl certificate class or tls_server class respectively as part of the application definition.

Desktop (please complete the following information): Flipper 1.0

Additional Context Citrix Netscaler has two modes of SSL termination - binding SSL certificates and keys directly to the virtual server (older typically legacy configurations) and the more typical SSL profile grouping of certkey and TLS settings bound to the virtual server as a single profile object.

DumpySquare commented 1 year ago

Can you please provide examples of these different types of ssl associations?

DumpySquare commented 1 year ago

is this what you are looking for? image

npmaslow commented 1 year ago

Yes - the ssl vserver concept is more directly related to a non-addressable target of a content switch action. Showing the 'add ssl certkey ... ...' and 'bind ssl certkey ... ...' or any existing 'add ssl profile ... ...' and 'bind ssl profile ... ...' is sufficient - all of the ciphers will be replaced by the F5 profile settings, so it's mainly just showing the certkey name bound to any vserver type (lb, cs, vpn, ssl)

DumpySquare commented 1 year ago

the -certKeyName can be referenced at both CS and LB vserver

DumpySquare commented 1 year ago

create the certKey add ssl certKey -cert -key

https://docs.netscaler.com/en-us/citrix-adc/13/ssl/ssl-certificates/bind-cert-virtual-server.html (either cs or lb) bind ssl vs -certkeyName

examples: bind ssl certkey cacert -ocspResponder ocsp_ca -priority 1 bind ssl profile ssl_prof -ssliCACertkey ca_certkey

https://developer-docs.citrix.com/projects/netscaler-command-reference/en/12.0/ssl/ssl-profile/ssl-profile/

DumpySquare commented 1 year ago

two example apps in this project cs -> bind ssl vserver groot-cs-vsvr -certkeyName star.groot.cer lb -> bind ssl vserver starlord_offload_lb_vs -certkeyName starlord.galaxy.io_cert

DumpySquare commented 1 year ago

complete with tests (tests/031_sslCerts.unit.tests.ts) for pending v1.1 release