LocalLB::ProfileServerSSL¶
Introduced : BIG-IP_v9.0
The ProfileServerSSL interface enables you to manipulate a local load
balancer&aposs server SSL profile.
Methods¶
| Method | Description | Introduced |
| create | Creates the specified server SSL profiles. | BIG-IP_v9.0 |
| delete_all_profiles | Deletes all server SSL profiles. | BIG-IP_v9.0 |
| delete_profile | Deletes the specified server SSL profiles. | BIG-IP_v9.0 |
| get_alert_timeout | Gets the connection timeouts (in seconds) after sending an alert for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_all_statistics | Gets the statistics for all the server SSL profiles. | BIG-IP_v9.0 |
| get_allow_expired_crl_state | Gets the states to allow using an expired CRL file. | BIG-IP_v12.0.0 |
| get_authenticate_depth | Gets the client certificate chain maximum traversal depth for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_authenticate_name | Gets the expected server certificate distinguished name (DN) for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_authenticate_once_state | Gets the states to request the client certificate once for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_bypass_on_failed_client_certificate_state | Gets the bypass_on_failed_client_certificate state for the specified server SSL profiles. | BIG-IP_v13.0.0 |
| get_bypass_on_handshake_alert_state | Gets the bypass_on_handshake_alert states for the specified server SSL profiles. | BIG-IP_v13.0.0 |
| get_ca_file | Certificate files are officially managed as certificate file objects via the get_ca_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Gets the CA filenames for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_ca_file_v2 | Gets the names of the certificate file objects used as certificate authority files for a set of server SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| get_cache_size | Gets the SSL session cache sizes for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_cache_timeout | Gets the SSL session cache timeouts for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_certificate_file | Certificate files are officially managed as certificate file objects via the get_certificate_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Gets the certificate filenames used by the specified server SSL profiles. | BIG-IP_v9.0 |
| get_certificate_file_v2 | Gets the name of the certificate file objects used by a set of server SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| get_chain_file | Certificate files are officially managed as certificate file objects via the get_chain_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Gets the certificate chain filenames for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_chain_file_v2 | Gets the names of the certificate file objects used as the certificate chain files for a set of server SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| get_cipher_list | Gets the cipher lists for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_crl_file | Certificate revocation list files are officially managed as certificate revocation list file objects via the get_crl_file_v2 method and System::CertificateRevocationListFile interface. Thus this method has been deprecated. Gets the CRL filenames for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_crl_file_v2 | Gets the names of the certificate revocation list file objects for a set of server SSL profiles. Certificate revocation list file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| get_default_profile | Gets the names of the default profiles from which the specified profiles will derive default values for its attributes. | BIG-IP_v9.0 |
| get_description | Gets the descriptions for a set of server SSL profiles. | BIG-IP_v11.0.0 |
| get_expired_certificate_response_control_mode | Gets the response control modes when the server certificates have expired. | BIG-IP_v11.3.0 |
| get_forward_proxy_bypass_state | Gets the SSL forward proxy bypass enabled states for the specified server SSL profiles. | BIG-IP_v11.5.0 |
| get_forward_proxy_enabled_state | Gets the SSL forward proxy enabled states for the specified server SSL profiles. | BIG-IP_v11.3.0 |
| get_generic_alert_state | Gets the states to enforce to use generic alert number in Alert message when sending Alert message. | BIG-IP_v11.5.0 |
| get_handshake_timeout | Gets the connection timeouts (in seconds) during handshake phase for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_key_file | Certificate key files are officially managed as certificate key file objects via the get_key_file_v2 method and Management::CertificateKey interface. Thus this method has been deprecated. Gets the key filenames used by the specified server SSL profiles. | BIG-IP_v9.0 |
| get_key_file_v2 | Gets the names of the certificate key file objects used by a set of server SSL profiles. Certificate key file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| get_list | Gets a list of all server SSL profiles. | BIG-IP_v9.0 |
| get_maximum_active_handshakes | Gets the per-profile maximum number of outstanding SSL handshakes for the specified server SSL profiles. | BIG-IP_v12.1.0 |
| get_modssl_emulation_state | Gets the states to emulate modSSL for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_passphrase | Gets the key passphrases (if any) for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_peer_certification_mode | Gets the peer certification modes for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_profile_mode | Gets the modes for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_proxy_ssl_passthrough_state | Gets the proxy SSL passthrough states for the specified server SSL profiles. | BIG-IP_v11.6.0 |
| get_proxy_ssl_state | Gets the proxy SSL states for the specified server SSL profiles. | BIG-IP_v11.6.0 |
| get_renegotiation_period | Gets the SSL renegotiation periods for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_renegotiation_state | Gets the states controlling whether mid-stream renegotiation is allowed for the specified server SSL profiles. | BIG-IP_v10.1.0 |
| get_renegotiation_throughput | Gets the SSL renegotiation throughputs for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_retain_certificate_state | Gets the certificate retention state for the specified server SSL profiles. | BIG-IP_v11.4.0 |
| get_secure_renegotiation_mode | Gets the secure renegotiation mode for the specified server SSL profiles. See SecureRenegotiationMode for more details. | BIG-IP_v10.2.3 |
| get_server_name | Gets the SNI server names (if any) for the specified server SSL profiles. | BIG-IP_v11.1.0 |
| get_session_mirroring_state | Gets the states to enable using session mirroring for the specified server SSL profiles. | BIG-IP_v11.6.0 |
| get_session_ticket_state | Gets the states to enforce to use session ticket per RFC 5077 for the specified server SSL profiles. | BIG-IP_v11.3.0 |
| get_sni_default_state | Gets the SNI default states for the specified server SSL profiles. | BIG-IP_v11.1.0 |
| get_sni_require_state | Gets the SNI require states for the specified server SSL profiles. | BIG-IP_v11.1.0 |
| get_ssl_option | Gets the SSL options for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_ssl_sign_hash | Gets the SSL sign hash algorithm to sign and verify SSL Server Key Exchange and Certificate Verify messages with for the specified SSL profiles. | BIG-IP_v9.0 |
| get_statistics | Gets the statistics for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_statistics_by_virtual | Gets the statistics for the specified profiles, by virtual server. | BIG-IP_v11.0.0 |
| get_strict_resume_state | Gets the states to enforce strict SSL session resumption per RFC2246 for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_unclean_shutdown_state | Gets the states to do an unclean shutdown for the specified server SSL profiles. | BIG-IP_v9.0 |
| get_untrusted_certificate_response_control_mode | Gets the response control modes when the server certificates have untrusted CA. | BIG-IP_v11.3.0 |
| get_version | Gets the version information for this interface. | BIG-IP_v9.0 |
| is_base_profile | Determines whether the specified server SSL profiles are base profiles. A base profile sits at the base of the profile&aposs inheritance tree, supplying the defaults for every profile derived from it. (See also is_system_profile). | BIG-IP_v9.0 |
| is_system_profile | Determines whether the specified server SSL profiles are system profiles. A system profile is a profile pre-configured on the system, ready for use. Non-system profiles are profiles created or modified by a user. Note that if a system profile is modified, it is no longer considered a system profile. (See also is_base_profile). | BIG-IP_v11.0.0 |
| reset_statistics | Resets the statistics for the specified server SSL profiles. | BIG-IP_v9.0 |
| reset_statistics_by_virtual | Resets the statistics for the specified profiles, for specified virtual servers. | BIG-IP_v11.0.0 |
| set_alert_timeout | Sets the connection timeouts (in seconds) after sending an alert for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_allow_expired_crl_state | Sets the states to allow using an expired CRL file. If the state is enabled, use the CRL file even if it has expired. | BIG-IP_v12.0.0 |
| set_authenticate_depth | Sets the client certificate chain maximum traversal depth for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_authenticate_name | Sets the expected server certificate distinguished name (DN) for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_authenticate_once_state | Sets the states to request the client certificate once for the specified server SSL profiles. If the state is false/disabled, client certificate is requested for each SSL session renegotiation. | BIG-IP_v9.0 |
| set_bypass_on_failed_client_certificate_state | Sets the SSL forward proxy bypass_on_failed_client_certificate state for the specified server SSL profiles. When this is enabled, the SSL forward proxy traffic will bypass the system if ServerSSL receives the Certificate Request message in the virtual servers that use this profile, but system is not configured to have the corresponding Client Certificate. The default value is disabled. | BIG-IP_v13.0.0 |
| set_bypass_on_handshake_alert_state | Sets the SSL forward proxy bypass_on_handshake_alert_state for the specified server SSL profiles. When this is enabled, the SSL forward proxy traffic will bypass the system if ServerSSL receives the handshake failure(40)/protocol version(70)/unsupported extension(110) alert message in the virtual servers that use this profile. The default value is disabled. | BIG-IP_v13.0.0 |
| set_ca_file | Certificate files are officially managed as certificate file objects via the set_ca_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Sets the CA filenames for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_ca_file_v2 | Sets the names of the certificate file objects used as certificate authority files for a set of server SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| set_cache_size | Sets the SSL session cache sizes for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_cache_timeout | Sets the SSL session cache timeouts for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_certificate_file | This method has been deprecated, due to switching to file objects as the parameters and due to the fact that calling this method usually results in an error thanks to a mismatched key and certificate. Please use set_key_certificate_file in its stead. Sets the certificate filenames used by the specified server SSL profiles. | BIG-IP_v9.0 |
| set_chain_file | Certificate files are officially managed as certificate file objects via the set_chain_file_v2 method and Management::KeyCertificate interface. Thus this method has been deprecated. Sets the certificate chain filenames for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_chain_file_v2 | Sets the names of the certificate file objects used as the certificate chain files for a set of server SSL profiles. Certificate file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| set_cipher_list | Sets the cipher lists for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_crl_file | Certificate revocation list files are officially managed as certificate revocation list file objects via the set_crl_file_v2 method and System::CertificateRevocationListFile interface. Thus this method has been deprecated. Sets the CRL filenames for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_crl_file_v2 | Sets the names of the certificate revocation list file objects for a set of server SSL profiles. Certificate revocation list file objects are managed by the Management::KeyCertificate interface. | BIG-IP_v11.0.0 |
| set_default_profile | Sets the names of the default profiles from which the specified profiles will derive default values for its attributes. | BIG-IP_v9.0 |
| set_description | Sets the description for a set of server SSL profiles. This is an arbitrary field which can be used for any purpose. | BIG-IP_v11.0.0 |
| set_expired_certificate_response_control_mode | Sets the response control modes when the server certificates have expired. See ResponseControlMode for more details. | BIG-IP_v11.3.0 |
| set_forward_proxy_bypass_state | Sets the SSL forward proxy bypass enabled states for the specified server SSL profiles. When this is enabled, SSL forward proxy feature is enabled for the virtual server that uses this profile. The default value is disabled. | BIG-IP_v11.5.0 |
| set_forward_proxy_enabled_state | Sets the SSL forward proxy enabled states for the specified server SSL profiles. When this is enabled, SSL forward proxy feature is enabled for the virtual server that uses this profile. The default value is disabled. | BIG-IP_v11.3.0 |
| set_generic_alert_state | Sets the states to enforce to use generic alert number in Alert message when sending Alert message. If the state is enabled, use generic alert number in Alert message when sending Alert message. Otherwise, use alert number defined in RFC5246/RFC6066 strictly in Alert message when sending Alert message. The default value is enabled. | BIG-IP_v11.5.0 |
| set_handshake_timeout | Sets the connection timeouts (in seconds) during handshake phase for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_key_certificate_file | Sets the key and certificate file object names to be used by BIG-IP acting as an SSL server for a set of server SSL profiles. Key and certificate file objects are managed by the Management::KeyCertificate interface. These values can be retrieved via the get_key_file_v2 and get_certificate_file_v2 methods. | BIG-IP_v11.0.0 |
| set_key_file | This method has been deprecated, due to switching to file objects as the parameters and due to the fact that calling this method usually results in an error thanks to a mismatched key and certificate. Please use set_key_certificate_file in its stead. Sets the key filenames used by the specified server SSL profiles. | BIG-IP_v9.0 |
| set_maximum_active_handshakes | Sets the per-profile maximum number of outstanding SSL handshakes for the specified server SSL profiles. The default is 0 which means the maximum number is infinity. | BIG-IP_v12.1.0 |
| set_modssl_emulation_state | Sets the states to emulate modSSL for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_passphrase | Sets the key passphrases (if any) for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_peer_certificate_mode | Sets the peer certification modes for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_profile_mode | Sets the modes for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_proxy_ssl_passthrough_state | When SSL client and server negotiate a cipher suite which is not supported by the proxy SSL, setting the passthrough mode enables the SSL traffic to passthrough proxy SSL. The default value is disabled. | BIG-IP_v11.6.0 |
| set_proxy_ssl_state | Proxy SSL enables SSL client and server to authenticate each other directly. When this is enabled, proxy SSL feature is enabled for the virtual server that uses this profile. The default value is disabled. | BIG-IP_v11.6.0 |
| set_renegotiation_period | Sets the SSL renegotiation periods for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_renegotiation_state | Sets the states controlling whether mid-stream renegotiation is allowed for the specified server SSL profiles. If renegotiations are enabled, the behavior is unchanged from previous releases, and mid-stream SSL renegotiations are allowed. If renegotiations are disabled, and we are acting as an SSL client, we ignore the server&aposs HelloRequest messages. For ServerSSL, renegotiations are enabled by default. | BIG-IP_v10.1.0 |
| set_renegotiation_throughput | Sets the SSL renegotiation throughputs for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_retain_certificate_state | Sets the certificate retention state for the specified server SSL profiles. When set to false, certificate received in SSL handshake will not be stored in SSL session thus saving the memory required for processing. This setting should be set to true when using the APM module. The default value is true. | BIG-IP_v11.4.0 |
| set_secure_renegotiation_mode | Sets the secure renegotiation mode for the specified server SSL profiles. See SecureRenegotiationMode for more details. | BIG-IP_v10.2.3 |
| set_server_name | Sets the SNI server name (if any) for the specified server SSL profiles. | BIG-IP_v11.1.0 |
| set_session_mirroring_state | Sets the states to enable using session mirroring for the specified client SSL profiles. If the state is enabled, sessions will be mirrored to high availability peer. | BIG-IP_v11.6.0 |
| set_session_ticket_state | Sets the states to enforce to use session ticket per RFC 5077 for the specified server SSL profiles. If the state is enabled, use session ticket in session connection. | BIG-IP_v11.3.0 |
| set_sni_default_state | Sets the SNI default states for the specified server SSL profiles. When this is set to true, this profile is the default SSL profile when a client connection does not specify a known server name, or does not specify any server name at all. The default value is false. | BIG-IP_v11.1.0 |
| set_sni_require_state | Sets the SNI require states for the specified server SSL profiles. When this is set to true, SNI support is required for the peer and if a client connection does not specify a known server name, or does not specify any server name at all, the handshake will fail. The default value is false. | BIG-IP_v11.1.0 |
| set_ssl_option | Sets the SSL options for the specified server SSL profiles. | BIG-IP_v9.0 |
| set_ssl_sign_hash | Sets the SSL sign hash algorithm to sign and verify SSL Server Key Exchange and Certificate Verify messages with for the specified SSL profiles. | BIG-IP_v9.0 |
| set_strict_resume_state | Sets the states to enforce strict SSL session resumption per RFC2246 for the specified server SSL profiles. If the state is true/enabled, don&apost send a close notify alert when closing connection. | BIG-IP_v9.0 |
| set_unclean_shutdown_state | Sets the states to do an unclean shutdown for the specified server SSL profiles. If the state is true/enabled, don&apost send a close notify alert when closing connection. | BIG-IP_v9.0 |
| set_untrusted_certificate_response_control_mode | Sets the response control modes when the server certificates have untrusted CA. | BIG-IP_v11.3.0 |
Structures¶
Structure
Description
ProfileServerSSLStatisticEntry
A struct that describes statistics for a particular server SSL profile.
A struct that describes profile statistics and timestamp.
Aliases¶
| Alias | Type | Description |
| ProfileServerSSLStatisticEntrySequence | ProfileServerSSLStatisticEntry [] | A sequence of ProfileServerSSL statistics. |
See Also¶
iControl ::
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.