LocalLB::OCSPStaplingParameters¶
Introduced : BIG-IP_v11.6.0
The OCSPStaplingParameters interface enables you to manipulate the
Online Certificate Status Protocol stapling parameters. OCSP stapling
parameters specify the options needed for the TLS extension of
certificate status request. This set of parameters is associated with
a certificate-key-chain object in a clientSSL profile.
Methods¶
| Method | Description | Introduced |
| create | Creates the specified OCSP stapling parameters, using proxy addresses pool or DNS resolver. If &aposuse_proxy_server_states&apos is enabled, the OCSP requests will be sent to a proxy server that in turn sends the requests to the OCSP responder. Otherwise, DNS resolver must be specified for the system to make external http requests. | BIG-IP_v11.6.0 |
| delete_all_ocsp_stapling_parameters | Deletes all OCSP stapling parameters. | BIG-IP_v11.6.0 |
| delete_ocsp_stapling_parameters | Deletes a set of OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_cache_error_timeout | Gets the cache error timeouts for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_cache_timeout | Gets the cache timeouts for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_clock_skew | Gets the maximum time skew between the OCSP responder and clients&apos clocks for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_description | Gets the descriptions for a set of OCSP stapling parameters. | BIG-IP_v12.0.0 |
| get_dns_resolver | Gets the DNS resolver for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_list | Gets a list of OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_proxy_server_pool | Gets the proxy server pools that the OCSP request will be forwarded to for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_responder_url | Gets the responder URL for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_sign_hash | Gets the hash algorithm used to sign the OCSP request for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_signer_certificate | Gets the signer certificates that are used to sign the OCSP request for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_signer_key | Gets the signer private keys that are used to sign the OCSP request for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_status_age | Gets the status age for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_strict_responder_certificate_checking_state | Gets the strict responder certificate checking states for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_timeout | Gets the timeout for fetching OCSP response for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_trusted_certificate_authority | Gets the trusted certificate authorities file object names for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_trusted_responder | Gets the file object names of the trusted responder certificates for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_use_proxy_server_state | Gets the states controlling whether the OCSP request has to be forwarded to a proxy server for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| get_version | Gets the version information for this interface. | BIG-IP_v11.6.0 |
| set_cache_error_timeout | Sets the cache error timeouts for the specified OCSP stapling parameters. If the OCSP response indicates an error, the response will be cached for the duration specified in cache error timeout. | BIG-IP_v11.6.0 |
| set_cache_timeout | Sets the cache timeouts, in seconds, for the specified OCSP stapling parameters. The lifetime of OCSP response cache is set to the lower value of the validity of the response and the configured cache timeout. | BIG-IP_v11.6.0 |
| set_clock_skew | Sets the maximum time skew between the OCSP responder and the system&aposs clocks for the specified OCSP stapling parameters. Clock skew is the tolerable absolute difference in the clocks between the responder and the system. | BIG-IP_v11.6.0 |
| set_description | Sets the description for a set of OCSP stapling parameters. This is an arbitrary field which can be used for any purpose. | BIG-IP_v12.0.0 |
| set_dns_resolver | Sets the DNS resolver for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_proxy_server_pool | Sets the proxy server pool that the OCSP request will be forwarded to for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_responder_url | Sets the responder URL for the specified OCSP stapling parameters. If a URL for the certificate&aposs OCSP server is not present in Authority Information Access (AIA) extension, the responser URL will be used to send the status request. | BIG-IP_v11.6.0 |
| set_sign_hash | Sets the hash algorithm used to sign the OCSP request for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_signer_certificate | Sets the signer certificates that are used to sign the OCSP request for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_signer_key | Sets the signer private keys that are used to sign the OCSP request for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_signer_key_passphrase | Sets the passphrase of the signer keys for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_status_age | Sets the status age, in seconds, for the specified OCSP stapling parameters. This specifies the maximum allowed lag time for the &aposthisUpdate&apos time in the OCSP response that the BIG-IP accepts. If this maximum is exceeded, the response is dropped. If this value is set to &apos0&apos, this validation is skipped. The default value is 86400 seconds. | BIG-IP_v11.6.0 |
| set_strict_responder_certificate_checking_state | Sets the strict responder certificate checking states for the specified OCSP stapling parameters. If enabled, the system explicitly checks that the response signer&aposs certificate is authorized for OCSP response signing, by checking for OCSP signing extension in the signer&aposs certificate. | BIG-IP_v11.6.0 |
| set_timeout | Sets the timeout for fetching OCSP response for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_trusted_certificate_authority | Sets the trusted certificate authorities file object names for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_trusted_responder | Sets the file object names of the trusted responder certificates for the specified OCSP stapling parameters. | BIG-IP_v11.6.0 |
| set_use_proxy_server_state | Sets the states controlling whether the OCSP request has to be forwarded to a proxy server or to a DNS resolver for the specified OCSP stapling parameters. If enabled, the request will be forwarded to the proxy server; Otherwise, to the DNS resolver. | BIG-IP_v11.6.0 |
Enumerations¶
| Enumeration | Description |
| OCSPStaplingSignHash | Specifies the hash algorithm used for signing the OCSP request. |
Aliases¶
| Alias | Type | Description |
| OCSPStaplingSignHashSequence | OCSPStaplingSignHash [] | A sequence of OCSP Stapling sign hash specifications. |
See Also¶
iControl ::
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.