AppC Certificates Test

In App Controller, certificates are used to create secure connections and authenticate users.

To establish a secure connection, a server certificate is required at one end of the connection. A root certificate of the Certificate Authority (CA) that issued the server certificate is required at the other end.

  • Server certificate. A server certificate certifies the identity of a server. App Controller requires this type of digital certificate.
  • Root certificate. A root certificate identifies the CA that signed the server certificate. The root certificate belongs to the CA. The user device requires this type of digital certificate to verify the server certificate.

You can configure certificate chains, which contain intermediate certificates, between the server certificate and the root certificate. Both root certificates and intermediate certificates are referred to as trusted certificates.

App Controller requires root and server certificates to communicate in the following ways:

  • Between App Controller and the App Controller management console
  • Between applications and App Controller
  • Between App Controller and StoreFront

If an active certificate ( be it a server, root, or an intermediate certificate) suddenly expires, applications will no longer be able to communicate with App Controller and vice-versa. To avoid this, administrators should proactively identify certificates nearing expiry and renew the certificates. This is where the AppC Certificates test helps. This test captures the expiry date of all active certificates, computes how long each active certificate will remain valid, and proactively alerts administrators if any certificate is nearing expiry.

Target of the test : Citrix App Controller

Agent deploying the test : A remote agent

Outputs of the test : One set of results for every active SSL certificate installed on the App Controller.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which the test is being configured.

Port

The port at which the host listens. By default, this is NULL.

Report Only Active Certificates

By default, this flag is set to Yes, indicating that this test reports the validity of active certificates only. To ensure that the test reports the validity of all certificates, set this flag to No.

Username and Password

To pull out metrics, this test needs to login to the AppController’s management console as a user with Administrator rights to AppController. For this purpose, you need to configure this test with the Username and Password of a user with Administrator rights to the AppController.

Confirm Password

Confirm the Password by retyping it here.

SSL

Indicate whether/not AppController is SSL-enabled. By default, this flag is set to Yes.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Status

Indicates the current status of this SSL certificate.

 

The values that this measure reports and their corresponding numeric values are listed in the table below:

Measure Value Numeric Value
Active 1
Expired 0

Note:

By default, this measure reports the Measure Values discussed in the table above. However, in the graph of this measure, the status of the certificate is indicated using the numeric equivalents only.

Valid upto

Indicates how long this certificate will remain valid.

Days

A high value is desired for this measure. A very low value indicates that the certificate is about to expire very soon. You may want to consider renewing the certificate before this eventuality strikes.

Use the detailed diagnosis of this measure to know the exact date on which the certificate will expire.