- 6-13-16: Updated Script to reflect Citrix blog with updated ciphers
- 2-21-16: Script now creates STS policy and enables Forward Secrecy resulting in A+ for all SSL VIPS!
Citrix released a blog early summer of 2015 outlining steps to take to harden SSL virtual servers to receive an “A+” from SSLLABS. While the steps are easy to follow and doesn’t take a lot of time for one Netscaler instance it can be time consuming for multiple instances. I created the following script to automate the process for all Load Balanced Servers (SSL), Netscaler Gateways and Content Switches (SSL) found on a Netscaler. If need be you can even harden the management ports. Simply edit the switches to reflect your environment and run. The script doesn’t require any snapins but does require PowerShell 3.0 or greater for REST. Please feel free to leave any feedback on github or the comments below.
Thanks to Carl Stalhood for a great starting point on the Netscaler API portion!