APIRef_tm_sys_crypto_cert-validator_ocsp¶
mgmt/tm/sys/crypto/cert-validator/ocsp
OCSP cert-validator for ssl certificates. This object should be associated with a certificate file object.
REST Endpoints
- Collection URI
/mgmt/tm/sys/crypto/cert-validator/ocsp- Collection Methods
OPTIONS, GET- Resource URI
/mgmt/tm/sys/crypto/cert-validator/ocsp/~resource id- Resource Methods
OPTIONS, GET, PUT, PATCH, DELETE, POST- Resource Natural Key
name, partition, subPath
Properties
| Name | Type | Default Value | Required | Access | Description |
|---|---|---|---|---|---|
appService |
string | optional | read/write | The application service that the object belongs to. | |
cacheErrorTimeout |
integer | 3600 | optional | read/write | Specifies the lifetime of an error response in the cache, in seconds. The default value is 3600 or one hour. |
cacheTimeout |
string | -1 | optional | read/write | Specifies the lifetime of the OCSP response in the cache, in seconds. The actual time period for which the response is cached is the minimum of the response validity period and the cache-timeout. The default value is indefinite, indicating that the response validity period takes precedence. |
clockSkew |
integer | 300 | optional | read/write | Specifies the tolerable maximum absolute difference in the clocks of the responder and the BIG-IP, in seconds. The default value is 300. |
concurrentConnectionsLimit |
integer | 50 | optional | read/write | The number of concurrent connections for a given OCSP responder. |
description |
string | optional | read/write | User defined description. | |
dnsResolver |
string | optional | read/write | Specifies the DNS resolver object used for fetching the OCSP response. | |
tmPartition |
string | Common | optional | read/write | Displays the administrative partition within which this validator resides. |
proxyServerPool |
string | optional | read/write | Specifies the proxy server pool used for fetching the OCSP response. | |
responderUrl |
string | optional | read/write | Specifies the absolute URL that overrides the OCSP responder URL obtained from the certificate’s AIA extension(s). This should be a HTTP based URL. | |
routeDomain |
string | optional | read/write | Route domain for fetching OCSP response using HTTP forward proxy. | |
signHash |
string | sha256 | optional | read/write | Specifies the hash algorithm used for signing the OCSP request. The default value is sha256. |
signerCert |
string | optional | read/write | Specifies the certificate corresponding to the key used for signing the OCSP request. | |
signerKey |
string | optional | read/write | Specifies the key used for signing the OCSP request. | |
signerKeyPassphrase |
string | optional | read/write | Specifies the passphrase of the key used for signing the OCSP request. | |
statusAge |
integer | 0 | optional | read/write | Specifies the allowed age of the OCSP response when nextUpdate time is omitted from the response. The default value is 0. |
strictRespCertCheck |
string | disabled | optional | read/write | If enabled, the responder’s certificate is checked for OCSP signing extension. By default, it is disabled. |
timeout |
integer | 8 | optional | read/write | Specifies the time interval (in seconds) that the BIG-IP waits for before ending the connection to the OCSP responder. The default value is 8. |
trustedResponders |
string | optional | read/write | Specifies the certificates used for validating the OCSP response when the responder’s certificate has been omitted from the response. |
Copyright (c) 2016, F5 Networks Inc. All Rights Reserved.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.