Scoring an A+ for Netscaler from SSLLABS with Powershell

less than 1 minute read

Updates

  • 6-13-16: Updated Script to reflect Citrix blog with updated ciphers
  • 2-21-16: Script now creates STS policy and enables Forward Secrecy resulting in A+ for all SSL VIPS!
  • 4-4-23: Updates by Marco Hofmann

Citrix released a blog early summer of 2015 outlining steps to take to harden SSL virtual servers to receive an “A+” from SSLLABS.  While the steps are easy to follow and doesn’t take a lot of time for one Netscaler instance it can be time consuming for multiple instances. I created the following script to automate the process for all Load Balanced Servers (SSL), Netscaler Gateways and Content Switches (SSL) found on a Netscaler.  If need be you can even harden the management ports.  Simply edit the switches to reflect your environment and run. The script doesn’t require any snapins but does require PowerShell 3.0 or greater for REST. Please feel free to leave any feedback on github or the comments below.

SSLAPlus

Download

SCRIPT FOUND HERE

Thanks to Carl Stalhood for a great starting point on the Netscaler API portion!

Leave a comment

You may also enjoy

Invoking vSAN Re-layout with PowerCLI

less than 1 minute read

Skyline Health was reporting “vSAN object format health” alerts after upgrading a bunch of clusters to 7.x. Each cluster requires a “re-layout” to clear the ...

Citrix Converge 2020

1 minute read

Use an Azure DevOps pipeline to deploy a Windows VDA using HashiCorp Packer. This produces a gold image ready for Citrix Virtual Apps and Desktops.