Management::Trust

Introduced : BIG-IP_v11.0.0
The Trust interface contains the methods for creating and manipulating device trust domains.

Methods

Method Description Introduced
add_authority_device Add an authoritative device to the trust domain. You must specify a new device object name for the device to be added. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. BIG-IP_v11.0.0
add_authority_device_v2 Add an authoritative device to the trust domain. You must specify a new device object name for the device to be added. You must specify the port if the remote device httpd ssl-port is not the default 443. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. BIG-IP_v13.0.0
add_non_authority_device Add a non-authoritative device to the trust domain. You must specify a new device object name for the device to be added. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. BIG-IP_v11.0.0
add_non_authority_device_v2 Add a non-authoritative device to the trust domain. You must specify a new device object name for the device to be added. You must specify the port if the remote device httpd ssl-port is not the default 443. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. BIG-IP_v13.0.0
generate_csr Generates a certificate signing request for a device identity certificate Note: This method is mostly for internal F5 use. BIG-IP_v11.0.0
get_authority_device Get authority devices for the trust group. BIG-IP_v13.0.0
get_browser_certificate Get information about the browser certificate for the device at the given address. This information will be used later in the get_device_name, add_non_authority_device, and add_authority_device calls. BIG-IP_v11.0.0
get_ca_certificate Get the PEM encoded CA certificate for this device. BIG-IP_v11.2.0
get_device_in_use Used to check to see if a device is &aposin use&apos by the current trust domain. A device is considered to be in use if the device trust/logical devices are configured in such a way that the device may be actively passing traffic for the current trust domain Note: This method is mostly for internal F5 use. BIG-IP_v11.0.0
get_device_object_name Get the device object name for the device at the given address. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. BIG-IP_v11.0.0
get_device_object_name_v2 Get the device object name for the device at the given address/port You must specify the port if the remote device httpd ssl-port is not the default 443. You may specify various arguments to authenticate the browser certificate of the device being added. Any or all of these values may be omitted. Note: Currently, the backend requires hexadecimal values to be in lower case and not include the &apos:&apos character. BIG-IP_v13.0.0
get_guid Get the GUID attribute for the specified trust domains. Used to determine when devices are in the same trust domain. BIG-IP_v11.4.0,EM_v3.1.0
get_list Get the list of trust domains. BIG-IP 11.0.0 through 11.3.0 support only the root trust domain but the system supports multiple trust domains for future functionality. BIG-IP_v11.4.0,EM_v3.1.0
get_non_authority_device Get non-authority devices for the trust group. BIG-IP_v13.0.0
get_version Gets the interface version BIG-IP_v11.0.0
install_authority_trust Install certificates and add the device as a peer authority to a trust domain. Note: This method is mostly for internal F5 use. BIG-IP_v11.0.0
install_device_trust Install certificates and add the device as a non-authority to a trust domain. Note: This method is mostly for internal F5 use. BIG-IP_v11.0.0
remove_device Remove the specified devices from the trust domain. BIG-IP_v11.0.0
reset_all Reset the trust domain on the local device. This call causes the trust domain on the local device to be cleared. You may choose to keep the current device object name and authority cert/key pair. Alternately, you may specify a new device object name and may have the authority cert/key pair regenerated or set to the values specified in the authority_cert and authority_key parameters. Note: all known devices (accept for self) will be removed from the trust domain. BIG-IP_v11.0.0

Structures

Structure

Description

BrowserCertificateInfo

A struct that contains the browser certificate information for a device.


Enumerations

Enumeration Description

Exceptions

Exception Description

Constants

Constant Type Value Description

Aliases

Alias Type Description

See Also

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code


The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.