LocalLB::OCSPStaplingParameters

Introduced : BIG-IP_v11.6.0
The OCSPStaplingParameters interface enables you to manipulate the Online Certificate Status Protocol stapling parameters. OCSP stapling parameters specify the options needed for the TLS extension of certificate status request. This set of parameters is associated with a certificate-key-chain object in a clientSSL profile.

Methods

Method Description Introduced
create Creates the specified OCSP stapling parameters, using proxy addresses pool or DNS resolver. If &aposuse_proxy_server_states&apos is enabled, the OCSP requests will be sent to a proxy server that in turn sends the requests to the OCSP responder. Otherwise, DNS resolver must be specified for the system to make external http requests. BIG-IP_v11.6.0
delete_all_ocsp_stapling_parameters Deletes all OCSP stapling parameters. BIG-IP_v11.6.0
delete_ocsp_stapling_parameters Deletes a set of OCSP stapling parameters. BIG-IP_v11.6.0
get_cache_error_timeout Gets the cache error timeouts for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_cache_timeout Gets the cache timeouts for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_clock_skew Gets the maximum time skew between the OCSP responder and clients&apos clocks for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_description Gets the descriptions for a set of OCSP stapling parameters. BIG-IP_v12.0.0
get_dns_resolver Gets the DNS resolver for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_list Gets a list of OCSP stapling parameters. BIG-IP_v11.6.0
get_proxy_server_pool Gets the proxy server pools that the OCSP request will be forwarded to for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_responder_url Gets the responder URL for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_sign_hash Gets the hash algorithm used to sign the OCSP request for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_signer_certificate Gets the signer certificates that are used to sign the OCSP request for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_signer_key Gets the signer private keys that are used to sign the OCSP request for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_status_age Gets the status age for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_strict_responder_certificate_checking_state Gets the strict responder certificate checking states for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_timeout Gets the timeout for fetching OCSP response for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_trusted_certificate_authority Gets the trusted certificate authorities file object names for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_trusted_responder Gets the file object names of the trusted responder certificates for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_use_proxy_server_state Gets the states controlling whether the OCSP request has to be forwarded to a proxy server for the specified OCSP stapling parameters. BIG-IP_v11.6.0
get_version Gets the version information for this interface. BIG-IP_v11.6.0
set_cache_error_timeout Sets the cache error timeouts for the specified OCSP stapling parameters. If the OCSP response indicates an error, the response will be cached for the duration specified in cache error timeout. BIG-IP_v11.6.0
set_cache_timeout Sets the cache timeouts, in seconds, for the specified OCSP stapling parameters. The lifetime of OCSP response cache is set to the lower value of the validity of the response and the configured cache timeout. BIG-IP_v11.6.0
set_clock_skew Sets the maximum time skew between the OCSP responder and the system&aposs clocks for the specified OCSP stapling parameters. Clock skew is the tolerable absolute difference in the clocks between the responder and the system. BIG-IP_v11.6.0
set_description Sets the description for a set of OCSP stapling parameters. This is an arbitrary field which can be used for any purpose. BIG-IP_v12.0.0
set_dns_resolver Sets the DNS resolver for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_proxy_server_pool Sets the proxy server pool that the OCSP request will be forwarded to for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_responder_url Sets the responder URL for the specified OCSP stapling parameters. If a URL for the certificate&aposs OCSP server is not present in Authority Information Access (AIA) extension, the responser URL will be used to send the status request. BIG-IP_v11.6.0
set_sign_hash Sets the hash algorithm used to sign the OCSP request for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_signer_certificate Sets the signer certificates that are used to sign the OCSP request for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_signer_key Sets the signer private keys that are used to sign the OCSP request for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_signer_key_passphrase Sets the passphrase of the signer keys for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_status_age Sets the status age, in seconds, for the specified OCSP stapling parameters. This specifies the maximum allowed lag time for the &aposthisUpdate&apos time in the OCSP response that the BIG-IP accepts. If this maximum is exceeded, the response is dropped. If this value is set to &apos0&apos, this validation is skipped. The default value is 86400 seconds. BIG-IP_v11.6.0
set_strict_responder_certificate_checking_state Sets the strict responder certificate checking states for the specified OCSP stapling parameters. If enabled, the system explicitly checks that the response signer&aposs certificate is authorized for OCSP response signing, by checking for OCSP signing extension in the signer&aposs certificate. BIG-IP_v11.6.0
set_timeout Sets the timeout for fetching OCSP response for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_trusted_certificate_authority Sets the trusted certificate authorities file object names for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_trusted_responder Sets the file object names of the trusted responder certificates for the specified OCSP stapling parameters. BIG-IP_v11.6.0
set_use_proxy_server_state Sets the states controlling whether the OCSP request has to be forwarded to a proxy server or to a DNS resolver for the specified OCSP stapling parameters. If enabled, the request will be forwarded to the proxy server; Otherwise, to the DNS resolver. BIG-IP_v11.6.0

Structures

Structure Description

Enumerations

Enumeration Description
OCSPStaplingSignHash Specifies the hash algorithm used for signing the OCSP request.

Exceptions

Exception Description

Constants

Constant Type Value Description

Aliases

Alias Type Description
OCSPStaplingSignHashSequence OCSPStaplingSignHash [] A sequence of OCSP Stapling sign hash specifications.

See Also

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code


The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.