Before we dive into SSL profiles, let\u2019s have a quick overview on the cryptographic protocols. Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between a web server (think NetScaler) and a browser (think client device).<\/p>\n
An SSL Profile is a great manageability enhancement and simplifies configuration and control of multiple NetScaler services such as virtual servers, services, service groups, monitors and internet services, from a single configuration item.<\/p>\n
The image below describes the services on a NetScaler with different components.<\/p>\n
These are:<\/p>\n
- \n
- Ciphers<\/li>\n
- Cipher groups<\/li>\n
- SSL Parameters<\/li>\n
- ECC Curves<\/li>\n
- SSL Certificates<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/18\/2021\/02\/sslprofile_blog_img_1.jpg\")
<\/p>\nIt takes a lot of time to apply all of these parameters to all your virtual servers, services, service groups etc\u2026 as they need to be manually and individually changed which can also introduce human error. This is where a SSL Profile shines as you can configure once and apply many times!<\/p>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/18\/2021\/02\/sslprofile_blog_img_2.jpg\")
<\/p>\nWhen SSL profiles are used, management is only performed on one entity and then applied as a configuration item to the services. Let\u2019s say you need to update the\u00a0<\/span>Frontend<\/strong>\u00a0<\/span>Profile<\/strong>\u00a0<\/span>to remove\u00a0<\/span>TLS 1.1<\/strong>, rather than open every configuration and adjust the security settings, you can update the profile and any changes that you make will be updated to all virtual servers that this profile is bound to. That\u2019s it! This will save you time but most importantly, minimises any errors and keeps consistency across services.<\/p>\n
Enabling SSL Profiles<\/span><\/h3>\n
If you\u2019re not using SSL Profiles in your NetScaler, here\u2019s how to enable it:<\/p>\n
Logon to your NetScaler and go to\u00a0<\/span>System<\/strong>\u00a0<\/span>\u2013\u00a0<\/span>Profiles<\/strong>\u00a0<\/span>\u2013\u00a0<\/span>SSL<\/strong>\u00a0<\/span>Profile<\/strong><\/p>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/18\/2021\/02\/sslprofile_blog_img_3.jpg\")
<\/strong><\/p>\nYou can edit the existing profiles or create custom profiles based on the requirements of the services they will protect.<\/p>\n
Further, one great configuration option that is included with NetScaler 12.1 or above is the ability to use\u00a0<\/span>Secure<\/strong>\u00a0<\/span>SSL<\/strong>. This is an inbuilt SSL Profile that will give you an A+ score once bound to you virtual servers.<\/p>\n
To enable this, ensure the below profile is used.<\/p>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/18\/2021\/02\/sslprofile_blog_img_4.jpg\")
<\/p>\nSo, if you are looking to update the security on your NetScaler devices or to address security concerns on sites presented to the external world you should be looking to take advantage of using SSL profiles, which at a minimum will provide you with:<\/p>\n
- \n
- Simplified and improved management of your environment<\/li>\n
- Ability to make a large number of changes to SSL endpoints from a single location<\/li>\n
- Ability create custom SSL Profiles to suit your needs<\/li>\n
- New entities can automatically get the settings from the custom or default assigned SSL Profile, ensuring consistency and security<\/li>\n<\/ul>\n
Thanks for reading<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
One Click-Tick to SSL Profiles It\u2019s estimated more that 70% of today\u2019s internet traffic uses Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), to secure communications. With the new data breach laws having come in to effect ensuring that connections to your environment are fully secured is, now more than ever,… Continue reading SSL Profiles<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1543,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[20],"tags":[],"class_list":["post-1542","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/posts\/1542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/comments?post=1542"}],"version-history":[{"count":0,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/posts\/1542\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/media\/1543"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/media?parent=1542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/categories?post=1542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/tags?post=1542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}