AppC Certificates Test
In App Controller, certificates are used to create secure connections and authenticate users.
To establish a secure connection, a server certificate is required at one end of the connection. A root certificate of the Certificate Authority (CA) that issued the server certificate is required at the other end.
- Server certificate. A server certificate certifies the identity of a server. App Controller requires this type of digital certificate.
- Root certificate. A root certificate identifies the CA that signed the server certificate. The root certificate belongs to the CA. The user device requires this type of digital certificate to verify the server certificate.
You can configure certificate chains, which contain intermediate certificates, between the server certificate and the root certificate. Both root certificates and intermediate certificates are referred to as trusted certificates.
App Controller requires root and server certificates to communicate in the following ways:
- Between App Controller and the App Controller management console
- Between applications and App Controller
- Between App Controller and StoreFront
If an active certificate ( be it a server, root, or an intermediate certificate) suddenly expires, applications will no longer be able to communicate with App Controller and vice-versa. To avoid this, administrators should proactively identify certificates nearing expiry and renew the certificates. This is where the AppC Certificates test helps. This test captures the expiry date of all active certificates, computes how long each active certificate will remain valid, and proactively alerts administrators if any certificate is nearing expiry.
Target of the test : Citrix App Controller
Agent deploying the test : A remote agent
Outputs of the test : One set of results for every active SSL certificate installed on the App Controller.
Parameter | Description |
---|---|
Test Period |
How often should the test be executed. |
Host |
The IP address of the host for which the test is being configured. |
Port |
The port at which the host listens. By default, this is NULL. |
Report Only Active Certificates |
By default, this flag is set to Yes, indicating that this test reports the validity of active certificates only. To ensure that the test reports the validity of all certificates, set this flag to No. |
Username and Password |
To pull out metrics, this test needs to login to the AppController’s management console as a user with Administrator rights to AppController. For this purpose, you need to configure this test with the Username and Password of a user with Administrator rights to the AppController. |
Confirm Password |
Confirm the Password by retyping it here. |
SSL |
Indicate whether/not AppController is SSL-enabled. By default, this flag is set to Yes. |
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measurement | Description | Measurement Unit | Interpretation | ||||||
---|---|---|---|---|---|---|---|---|---|
Status |
Indicates the current status of this SSL certificate. |
|
The values that this measure reports and their corresponding numeric values are listed in the table below:
Note: By default, this measure reports the Measure Values discussed in the table above. However, in the graph of this measure, the status of the certificate is indicated using the numeric equivalents only. |
||||||
Valid up to |
Indicates how long this certificate will remain valid. |
Days |
A high value is desired for this measure. A very low value indicates that the certificate is about to expire very soon. You may want to consider renewing the certificate before this eventuality strikes. Use the detailed diagnosis of this measure to know the exact date on which the certificate will expire. |