This article describes how to configure an SSLVPN virtual server of type HTTP instead of SSL on NetScaler.

Background

To troubleshoot issues related to authentication and authorization on SSLVPN virtual server, it is often easy to configure a NetScaler with HTTP VPN virtual server rather than decrypting traces using private key of the certificate on virtual server of type SSL.

Instructions

When configuring an SSLVPN virtual server of type HTTP, NetScaler returns "Operation not permitted" message, by default.

Example:

ns > add vpn vserver vs1 http 1.2.3.4 80

ERROR: Operation not permitted

You could configure NetScaler so that it accepts the preceding command using an nsapimgr switch add_http_vpn_vserver.

Example:

From the shell prompt:
root@ns# nsapimgr -ys add_http_vpn_vserver=1

Changing add_http_vpn_vserver from 0 to 1 ... Done.

After setting the preceding switch, go back to the CLI and add the HTTP VPN virtual server again.

Example:

ns> add vpn vserver vs1 http 1.2.3.4 80

Done

The nsapimgr command by default does not survive a reboot. For it to be persistent across reboots, configure the same command in the file rc.netscaler under /nsconfig. If rc.netscaler does not exist, then create one and add nsapimgr -ys add_http_vpn_vserver=1 to it.