APIRef_tm_ltm_profile_ocsp-stapling-params¶
mgmt/tm/ltm/profile/ocsp-stapling-params
Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. OCSP Stapling Parameters for clientssl profiles. This object should be associated with a certKeyChain object in a clientssl profile.
REST Endpoints
- Collection URI
/mgmt/tm/ltm/profile/ocsp-stapling-params
- Collection Methods
OPTIONS, GET
- Resource URI
/mgmt/tm/ltm/profile/ocsp-stapling-params/~resource id
- Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST
- Resource Natural Key
name, partition, subPath
Properties
Name | Type | Default Value | Required | Access | Description |
---|---|---|---|---|---|
appService |
string | optional | read/write | ||
cacheErrorTimeout |
integer | 3600 | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the lifetime of an error response in the cache, in seconds. The default value is 3600 or one hour. |
cacheTimeout |
string | -1 | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the lifetime of the OCSP response in the cache, in seconds. The actual time period for which the response is cached is the minimum of the response validity period and the cache-timeout. The default value is indefinite, indicating that the response validity period takes precedence. |
clockSkew |
integer | 300 | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the tolerable maximum absolute difference in the clocks of the responder and the BIG-IP, in seconds. The default value is 300. |
description |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. User defined description. | |
dnsResolver |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the DNS resolver object used for fetching the OCSP response. | |
tmPartition |
string | Common | optional | read/write | |
proxyServerPool |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the proxy server pool used for fetching the OCSP response. | |
responderUrl |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the absolute URL that overrides the OCSP responder URL obtained from the certificate’s AIA extension(s). This should be a HTTP or HTTPS based URL. | |
signHash |
string | sha256 | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the hash algorithm used for signing the OCSP request.The default value is SHA256. |
signerCert |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the certificate corresponding to the key used for signing the OCSP request. | |
signerKey |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the key used for signing the OCSP request. | |
signerKeyPassphrase |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the passphrase of the key used for signing the OCSP request. | |
statusAge |
integer | 0 | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the maximum allowed lag time for the ‘thisUpdate’ time in the OCSP response that the BIG-IP accepts. If this maximum is exceeded, the response is dropped. If this value is set to ‘0’, this validation is skipped. The default value is 86400 seconds. |
strictRespCertCheck |
string | disabled | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. If enabled, the responder’s certificate is checked for OCSP signingextension. By default, it is disabled. |
timeout |
integer | 8 | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the time interval (in seconds) that the BIG-IP waits for before aborting the connection to the OCSP responder. The default value is 8. The timeout should be less than the handshake timeout of the clientssl profile that the OCSP Stapling Parameters object is associated with. |
trustedCa |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the certificate-authority that signs the responder’s certificate. | |
trustedResponders |
string | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies the certificate(s) used for validating the OCSP response when the responder’s certificate has been omitted from the response. | |
useProxyServer |
string | disabled | optional | read/write | Deprecated since v13.0.0. Use sys crypto cert-validator ocsp instead. Specifies whether the proxy server pool or the DNS resolver should be used for making the connection to the OCSP responder. |
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.