Management::Trust¶
Introduced : BIG-IP_v11.0.0
The Trust interface contains the methods for creating and manipulating
device trust domains.
Methods¶
| Method | Description | Introduced |
| add_authority_device | Add an authoritative device to the trust domain. You must specify a new device object name for the device to be added. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. | BIG-IP_v11.0.0 |
| add_authority_device_v2 | Add an authoritative device to the trust domain. You must specify a new device object name for the device to be added. You must specify the port if the remote device httpd ssl-port is not the default 443. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. | BIG-IP_v13.0.0 |
| add_non_authority_device | Add a non-authoritative device to the trust domain. You must specify a new device object name for the device to be added. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. | BIG-IP_v11.0.0 |
| add_non_authority_device_v2 | Add a non-authoritative device to the trust domain. You must specify a new device object name for the device to be added. You must specify the port if the remote device httpd ssl-port is not the default 443. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. | BIG-IP_v13.0.0 |
| generate_csr | Generates a certificate signing request for a device identity certificate Note: This method is mostly for internal F5 use. | BIG-IP_v11.0.0 |
| get_authority_device | Get authority devices for the trust group. | BIG-IP_v13.0.0 |
| get_browser_certificate | Get information about the browser certificate for the device at the given address. This information will be used later in the get_device_name, add_non_authority_device, and add_authority_device calls. | BIG-IP_v11.0.0 |
| get_ca_certificate | Get the PEM encoded CA certificate for this device. | BIG-IP_v11.2.0 |
| get_device_in_use | Used to check to see if a device is &aposin use&apos by the current trust domain. A device is considered to be in use if the device trust/logical devices are configured in such a way that the device may be actively passing traffic for the current trust domain Note: This method is mostly for internal F5 use. | BIG-IP_v11.0.0 |
| get_device_object_name | Get the device object name for the device at the given address. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. | BIG-IP_v11.0.0 |
| get_device_object_name_v2 | Get the device object name for the device at the given address/port You must specify the port if the remote device httpd ssl-port is not the default 443. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. | BIG-IP_v13.0.0 |
| get_guid | Get the GUID attribute for the specified trust domains. Used to determine when devices are in the same trust domain. | BIG-IP_v11.4.0,EM_v3.1.0 |
| get_list | Get the list of trust domains. BIG-IP 11.0.0 through 11.3.0 support only the root trust domain but the system supports multiple trust domains for future functionality. | BIG-IP_v11.4.0,EM_v3.1.0 |
| get_non_authority_device | Get non-authority devices for the trust group. | BIG-IP_v13.0.0 |
| get_version | Gets the interface version | BIG-IP_v11.0.0 |
| install_authority_trust | Install certificates and add the device as a peer authority to a trust domain. Note: This method is mostly for internal F5 use. | BIG-IP_v11.0.0 |
| install_device_trust | Install certificates and add the device as a non-authority to a trust domain. Note: This method is mostly for internal F5 use. | BIG-IP_v11.0.0 |
| remove_device | Remove the specified devices from the trust domain. | BIG-IP_v11.0.0 |
| reset_all | Reset the trust domain on the local device. This call causes the trust domain on the local device to be cleared. You may choose to keep the current device object name and authority cert/key pair. Alternately, you may specify a new device object name and may have the authority cert/key pair regenerated or set to the values specified in the authority_cert and authority_key parameters. Note: all known devices (accept for self) will be removed from the trust domain. | BIG-IP_v11.0.0 |
Structures¶
Structure
Description
A struct that contains the browser certificate information for a device.
See Also¶
iControl ::
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.