Jump to content
Welcome to our new Citrix community!

question regards certificate replacement

julie xu

Recommended Posts



Does ADC (version 12.1) can run a script to replace certificates and delete older certificates files on cli level




Since the shell is BSD, a unix-like system, can I run sh script to replace the older certificate files? if it is ok to do so, do I have to configure to bind the certificate on cli level?


Any comments will be appreciated


Thanks in advance







Link to comment
Share on other sites

Hi, Manoj


Yes, thanks for the advise.


Can I run the update commands as a script? Not one by one cli command line?  I guess I can run script on shell level, but, if possible on cli level?


Please advise


Many thanks




Link to comment
Share on other sites

Shell will allow you to replace files; but if you need new bind commands (cli) commands a shell script alone won't help you.

But you can use the 'batch -filename </path/<file>' cli command to invoke a script from a path on /var to execute scripted cli commands. You can run inline shell commands using the cli 'shell "<command>"' syntax that execute from the CLI context without exiting to shell, but these can be tricky to do correctly.


If you really want to script cert management, deploy Citrix ADM and use the tasks option there either to use a built in task for cert management or a scripted task that you define. Within it you can move between shell context and cli context in one script, allowing you to scp certs to the system, replace files or use cli commands to change bindings from old files to new files.


IF the built in cert management dashboard doesn't make that easy enough without scripting.


If you can clarify whether you are creating new cert bindings with new files or replacing existing bindings by changing what they point to (old files to new ones), then it might be easier to make specific recommendations for how to script this task.


Link to comment
Share on other sites

Hi, Rhonda


I can use same certificate file name/key file name and just scp them to the /flash/nsconfig/ssl directory to replace current files, then I do not need to run cli command anymore, correct?


Please confirm


Thousands thanks




Link to comment
Share on other sites

Sure. You can and it will overwrite the existing files; the existing certkey will still point to these files by name but if any parameter like the key type or passwords have changed you may have to redo the certkey creation too.  Manual SCP will allow up to do this.  You can do the same thing via the GUI via the "update certificate" comand and upload the local files to overwrite the ones on the directory.


ADM will require you to use different file names in its cert dashboard as it won't override the desetination.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...