APIRef_tm_ltm_profile_ocsp-stapling-params

mgmt/tm/ltm/profile/ocsp-stapling-params

/tm/ltm/profile

Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. OCSP Stapling Parameters for clientssl profiles. This object should be associated with a certKeyChain object in a clientssl profile.

REST Endpoints

Collection URI
/mgmt/tm/ltm/profile/ocsp-stapling-params
Collection Methods
OPTIONS, GET
Resource URI
/mgmt/tm/ltm/profile/ocsp-stapling-params/~resource id
Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
Resource Natural Key
name, partition, subPath

Properties

Name Type Default Value Required Access Description
appService string   optional read/write  
cacheErrorTimeout integer 3600 optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the lifetime of an error response in the cache, in seconds. The default value is 3600 or one hour.
cacheTimeout string -1 optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the lifetime of the OCSP response in the cache, in seconds. The actual time period for which the response is cached is the minimum of the response validity period and the cache-timeout. The default value is indefinite, indicating that the response validity period takes precedence.
clockSkew integer 300 optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the tolerable maximum absolute difference in the clocks of the responder and the BIG-IP, in seconds. The default value is 300.
description string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. User defined description.
dnsResolver string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the DNS resolver object used for fetching the OCSP response.
tmPartition string Common optional read/write  
proxyServerPool string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the proxy server pool used for fetching the OCSP response.
responderUrl string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the absolute URL that overrides the OCSP responder URL obtained from the certificate’s AIA extension(s). This should be a HTTP or HTTPS based URL.
signHash string sha256 optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the hash algorithm used for signing the OCSP request.The default value is SHA256.
signerCert string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the certificate corresponding to the key used for signing the OCSP request.
signerKey string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the key used for signing the OCSP request.
signerKeyPassphrase string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the passphrase of the key used for signing the OCSP request.
statusAge integer 0 optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the maximum allowed lag time for the ‘thisUpdate’ time in the OCSP response that the BIG-IP accepts. If this maximum is exceeded, the response is dropped. If this value is set to ‘0’, this validation is skipped. The default value is 86400 seconds.
strictRespCertCheck string disabled optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. If enabled, the responder’s certificate is checked for OCSP signingextension. By default, it is disabled.
timeout integer 8 optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the time interval (in seconds) that the BIG-IP waits for before aborting the connection to the OCSP responder. The default value is 8. The timeout should be less than the handshake timeout of the clientssl profile that the OCSP Stapling Parameters object is associated with.
trustedCa string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the certificate-authority that signs the responder’s certificate.
trustedResponders string   optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the certificate(s) used for validating the OCSP response when the responder’s certificate has been omitted from the response.
useProxyServer string disabled optional read/write Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies whether the proxy server pool or the DNS resolver should be used for making the connection to the OCSP responder.
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.