API User Bootstrap
New-NSACMECertificateUser creates or updates command policies and an optional API user for certificate automation.
flowchart LR
A[Admin credential] --> B[New-NSACMECertificateUser]
B --> C[Command policy]
B --> D[Restricted API user]
C --> E[Allowed NITRO operations]
D --> F[Certificate automation]
E --> F
F --> G[Request, deploy, renew, and cleanup certificates]Example
$adminCredential = [pscredential]::new(
'nsroot',
(ConvertTo-SecureString 'Sup3rS3cretP@ssw0rd' -AsPlainText -Force)
)
$apiPassword = ConvertTo-SecureString 'L34s3r!' -AsPlainText -Force
$userParams = @{
ManagementURL = 'https://ns-01.domain.local'
Credential = $adminCredential
SkipCertificateCheck = $true
CreateUserPermissions = $true
CreateApiUser = $true
ApiUsername = 'leuser'
ApiPassword = $apiPassword
UseNetScalerDNS = $true
UpdateGlobalVPNCertBinding = $true
SaveADCConfig = $true
PassThru = $true
}
New-NSACMECertificateUser @userParams
Usage Pattern
- Bootstrap permissions with an administrative account.
- Store the restricted API user credential in your automation secret store.
- Run regular certificate automation as the restricted user.
- Review generated policies when adding new certificate scenarios.
WhatIf
Use -WhatIf before applying changes: