Error: "Invalid argument [strictsigdigestcheck]" When Creating New SSL Profile from NetScaler GUI

Error: "Invalid argument [strictsigdigestcheck]" When Creating New SSL Profile from NetScaler GUI

book

Article ID: CTX227448

calendar_today

Updated On:

Description

On NetScaler 11.1 Build 54.14 (and Build 54.16), when trying to create new SSL profile (regardless of FrontEnd or BackEnd type) from within GUI, it may fail with the following error message:  "Invalid argument [strictsigdigestcheck]"

User-added image

Resolution

This known issue has been fixed in the later NetScaler Release 11.1 Build 55.10

As a workaround, create new SSL profile using NetSaler CLI and then continue SSL profile configuration from within GUI. 
> add ssl profile mySSLprofileBackEnd  -ssl3 disabled -sessReuse ENABLED -sessTimeout 120 -sslProfileType
        BackEnd
        FrontEnd
> add ssl profile mySSLprofileBackEnd  -ssl3 disabled -sessReuse ENABLED -sessTimeout 120 -sslProfileType BackEnd
 Done
>


 

Problem Cause

The SSL profile creation using GUI in version NetScaler 11.1 build 54.14 (and Build 54.16) contains the option "Strict Signature Digest Check" which cannot be configured at the time of creating a profile.

This option is not available in the configuration of any other build of NetScaler. When creating the profile using CLI, this option is not used and hence the error is not seen - https://docs.citrix.com/en-us/netscaler/11-1/ssl/ssl-profiles1.html

Issue/Introduction

On NetScaler 11.1 Build 54.14 (and Build 54.16), when trying to create new SSL profile (regardless of FrontEnd or BackEnd type) from within GUI, it may fail with the following error message: "Invalid argument [strictsigdigestcheck]"

Additional Information

CTX205291 - What is SSL Profile on NetScaler?
Citrix Documentation: Enhanced SSL Profiles Infrastructure Overview

Powered by Wolken Software