Skip to content

Create a new Citrix ADC machine

Creating a new machine is the initial step in enabling TLS Protect Cloud to connect directly to application keystores for certificate management. Once you have created machines, you can move on to provisioning certificates to those machines.

Before you begin

  • IP address or hostname of the Citrix ADC
  • Port number (conditional): required if you're using a port different from 443.
  • Supported Citrix ADC: 11.1, 12.1 and 13.0
  • Minimum required credentials on Citrix: Choose between user credentials or shared credentials.
    • User credentials: The username and password you enter.
    • Shared credentials: Optionally, you can use shared credentials from your credential provider (CyberArk is the only credential provider currently supported by TLS Protect Cloud). To use this option, first set up the connection to CyberArk.

You must have Netscaler least privilege on the Citrix for either account. Least privilege is achieved by creating a regular user on NetScaler and assigning to them a Command Policy with the following Command Spec:

 (^stat\s+(cr|cs|lb|system|vpn|authentication))|(^(add|rm|show)\s+system\s+file\s+.*)|(^\S+\s+ssl\s+.*)|(^(show|stat|sync)\s+HA\s+.*)|(^save\s+ns\s+config)|(^(switch|show)\s+ns\s+partition.*)

When provisioning to a partitioned NetScaler device make sure that the account used by TLS Protect Cloud to interact with NetScaler has permissions (for example, NetScaler SuperUser permission) to switch to the desired partition.

When provisioning to a partitioned NetScaler device with high availability (HA) configurations make sure that the account used by TLS Protect Cloud to interact with NetScaler has permissions to switch to the default partition.

  1. In the Citrix Address/Hostname field, enter the hostname or IP address of your Citrix ADC.

  2. If your Citrix ADC uses a port other than 443, enter the port number in the Port field.

  3. (Optional) From the Credential Type drop-down, select either Enter Credentials or Select Credentials. Only users with the enabled "CyberArk shared credential" capability will see this option.

    Important

    Your view of credentials may be limited due to your role. System Administrators and PKI Administrators should be able to select any credential, but users with the Resource Owner role are limited to only using the credentials associated with their teams.

    Note

    • Enter Credentials - Is used to enter your admin credentials manually.
    • Select Credentials - Is used to select your shared credentials from CyberArk.
    • If you choose Enter Credentials, enter your Citrix ADC admin credentials in the Username and Password fields.
    • If choose Select Credentials. From the Credential drop-down, select your shared credentials.

  4. Enter your Citrix ADC admin credentials in the Username and Password fields.

    Warning

    Remember to store your username and password securely when creating a new machine. For security reasons, you will not be able to modify the fields under the "Access" tab without these credentials. This ensures that only authorized individuals can modify these fields.

  5. Click Test Access, then click Create. Note that Create is only enabled if the Test Access is successful.

What's next?