CRLDP Server

Overview

This document describes the API to configure AAA CRLDP servers and their properties in BIG-IQ.

REST Endpoint: /cm/access/working-config/apm/aaa/crldp

Requests

GET /cm/access/working-config/apm/aaa/crldp/<id>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
address string Specify IP addresses of the CRLDP servers to which APM can connect for AAA services.
usePool string Specify CRLDP servers for APM to use to authenticate users. Use Pool to create a high availability configuration. Use Direct to specify one CRLDP server for APM to authenticate users.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the CRLDP server ip’s as its pool members. Then, associate in this property.
allowNullcrl string If enabled, a null CRL from the CRLDP server is considered a successful authentication.
baseDn string Specifies a CRLDP base distinguished name for certificates that specify the CRL distribution point in directory name (dirName) format. This is used when the value of the X509v3 attribute crlDistributionPoints is of type dirName. In this case, Access Policy Manager attempts to match the value of the crlDistributionPoints attribute to the Base DN value. Note: If the client certificate includes the distribution point extension in LDAP URI format, the IP address, Base DN, and Reverse DN settings configured on the agent are ignored; they are specific to directory-based CRLDP. All other settings are applicable to both LDAP URI and directory-based CRL DPs.
cacheExpire number Specifies the number of seconds a CRL is cached. The default is 86400 seconds and, when it is used, the entry is deleted from the CRL cache after 24 hours.
connectionTimeout number Specifies the number of seconds of inactivity the system allows before the connection times out. The default is 15 seconds.
port number Specifies a CRLDP service port. The default is 389.
reverseDn string Specifies in which order the system should attempt to match the Base DN value to the value of the X509v3 attribute crlDistributionPoints. Possible values are Enabled and Disabled. When set to Enabled, the system matches the base DN from left to right, or from the beginning of the DN string, to accommodate dirName strings in certificates such as c=us,st=wa,l=sea,ou=f5,cn=xxx.
updateInterval number Specifies the validity (in seconds) of the CRL file. To force the retrieval of a CRL file before the current CRL becomes obsolete, set this value to less than the CRL expiration time. If the value is zero (default), the CRLDP action uses the expiration time specified by the CA’s CRL publishing parameters (the Next update parameter).
useIssuer string If enabled, the system extracts the CRL distribution point from the certificate of the client certificate issuer.
verifySig string Specifies, when checked (enabled), that the signature on the received CRL is verified. By default, the check box is enabled.
name string The name of the object
partition string The BIG-IP partition where the object should be placed
subPath string The BIG-IP folder where the object should be placed
lsoDeviceReference reference Reference to the device
     id string Id of the device.
     name string Device name. Typically it is device’s hostname.
     kind string Kind of the device.
     machineId string Machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the resource
     kind string The kind of the resource.
     link string URI link of the reference.
id string An ID of an application
lastUpdateMicros number The last updated time in microseconds.
kind string The kind of an application.
selfLink string The selfLink of an application.—+

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions

Role Allow
Application_Editor Yes
Service_Catalog_Viewer Yes
Service_Catalog_Editor Yes
Trust_Discovery_Import Yes
Access_View Yes
Access_Edit Yes
Access_Manager Yes
Application_Manager Yes
Application_Viewer Yes
Trust_Discovery_Import Yes
Access_Deploy Yes
Access_Policy_Editor Yes

POST /cm/access/working-config/apm/aaa/crldp

Request Parameters

Name Type Required Description
address string False Specify IP addresses of the CRLDP servers to which APM can connect for AAA services.
usePool string True Specify CRLDP servers for APM to use to authenticate users. Use Pool to create a high availability configuration. Use Direct to specify one CRLDP server for APM to authenticate users.
pool string False For the pool name, first create the pool and pool members. The LTM pool must be configured with the CRLDP server ip’s as its pool members. Then, associate in this property.
allowNullcrl string False If enabled, a null CRL from the CRLDP server is considered a successful authentication.
baseDn string True Specifies a CRLDP base distinguished name for certificates that specify the CRL distribution point in directory name (dirName) format. This is used when the value of the X509v3 attribute crlDistributionPoints is of type dirName. In this case, Access Policy Manager attempts to match the value of the crlDistributionPoints attribute to the Base DN value. Note: If the client certificate includes the distribution point extension in LDAP URI format, the IP address, Base DN, and Reverse DN settings configured on the agent are ignored; they are specific to directory-based CRLDP. All other settings are applicable to both LDAP URI and directory-based CRL DPs.
cacheExpire number True Specifies the number of seconds a CRL is cached. The default is 86400 seconds and, when it is used, the entry is deleted from the CRL cache after 24 hours.
connectionTimeout number True Specifies the number of seconds of inactivity the system allows before the connection times out. The default is 15 seconds.
port number False Specifies a CRLDP service port. The default is 389.
reverseDn string False Specifies in which order the system should attempt to match the Base DN value to the value of the X509v3 attribute crlDistributionPoints. Possible values are Enabled and Disabled. When set to Enabled, the system matches the base DN from left to right, or from the beginning of the DN string, to accommodate dirName strings in certificates such as c=us,st=wa,l=sea,ou=f5,cn=xxx.
updateInterval number True Specifies the validity (in seconds) of the CRL file. To force the retrieval of a CRL file before the current CRL becomes obsolete, set this value to less than the CRL expiration time. If the value is zero (default), the CRLDP action uses the expiration time specified by the CA’s CRL publishing parameters (the Next update parameter).
useIssuer string False If enabled, the system extracts the CRL distribution point from the certificate of the client certificate issuer.
verifySig string False Specifies, when checked (enabled), that the signature on the received CRL is verified. By default, the check box is enabled.
name string True The name of the object
partition string True The BIG-IP partition where the object should be placed
subPath string False The BIG-IP folder where the object should be placed
lsoDeviceReference reference False Reference to the device
     id string False Id of the device.
     link string False URI link of the reference.
isLsoShared boolean True Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference False Reference to the device group.
     link string False URI link of the reference.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
address string Specify IP addresses of the CRLDP servers to which APM can connect for AAA services.
usePool string Specify CRLDP servers for APM to use to authenticate users. Use Pool to create a high availability configuration. Use Direct to specify one CRLDP server for APM to authenticate users.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the CRLDP server ip’s as its pool members. Then, associate in this property.
allowNullcrl string If enabled, a null CRL from the CRLDP server is considered a successful authentication.
baseDn string Specifies a CRLDP base distinguished name for certificates that specify the CRL distribution point in directory name (dirName) format. This is used when the value of the X509v3 attribute crlDistributionPoints is of type dirName. In this case, Access Policy Manager attempts to match the value of the crlDistributionPoints attribute to the Base DN value. Note: If the client certificate includes the distribution point extension in LDAP URI format, the IP address, Base DN, and Reverse DN settings configured on the agent are ignored; they are specific to directory-based CRLDP. All other settings are applicable to both LDAP URI and directory-based CRL DPs.
cacheExpire number Specifies the number of seconds a CRL is cached. The default is 86400 seconds and, when it is used, the entry is deleted from the CRL cache after 24 hours.
connectionTimeout number Specifies the number of seconds of inactivity the system allows before the connection times out. The default is 15 seconds.
port number Specifies a CRLDP service port. The default is 389.
reverseDn string Specifies in which order the system should attempt to match the Base DN value to the value of the X509v3 attribute crlDistributionPoints. Possible values are Enabled and Disabled. When set to Enabled, the system matches the base DN from left to right, or from the beginning of the DN string, to accommodate dirName strings in certificates such as c=us,st=wa,l=sea,ou=f5,cn=xxx.
updateInterval number Specifies the validity (in seconds) of the CRL file. To force the retrieval of a CRL file before the current CRL becomes obsolete, set this value to less than the CRL expiration time. If the value is zero (default), the CRLDP action uses the expiration time specified by the CA’s CRL publishing parameters (the Next update parameter).
useIssuer string If enabled, the system extracts the CRL distribution point from the certificate of the client certificate issuer.
verifySig string Specifies, when checked (enabled), that the signature on the received CRL is verified. By default, the check box is enabled.
name string The name of the object
partition string The BIG-IP partition where the object should be placed
subPath string The BIG-IP folder where the object should be placed
lsoDeviceReference reference Reference to the device
     id string Id of the device.
     name string Device name. Typically it is device’s hostname.
     kind string Kind of the device.
     machineId string Machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the resource
     kind string The kind of the resource.
     link string URI link of the reference.
id string An ID of an application
lastUpdateMicros number The last updated time in microseconds.
kind string The kind of an application.
selfLink string The selfLink of an application.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions

Role Allow
Application_Editor No
Service_Catalog_Viewer No
Service_Catalog_Editor No
Trust_Discovery_Import Yes
Access_View No
Access_Edit Yes
Access_Manager Yes
Application_Manager No
Application_Viewer No
Trust_Discovery_Import No
Access_Deploy No
Access_Policy_Editor No

PUT /cm/access/working-config/apm/aaa/crldp/<id>

Request Parameters

Name Type Required Description
address string False Specify IP addresses of the CRLDP servers to which APM can connect for AAA services.
usePool string True Specify CRLDP servers for APM to use to authenticate users. Use Pool to create a high availability configuration. Use Direct to specify one CRLDP server for APM to authenticate users.
pool string False For the pool name, first create the pool and pool members. The LTM pool must be configured with the CRLDP server ip’s as its pool members. Then, associate in this property.
allowNullcrl string False If enabled, a null CRL from the CRLDP server is considered a successful authentication.
baseDn string False Specifies a CRLDP base distinguished name for certificates that specify the CRL distribution point in directory name (dirName) format. This is used when the value of the X509v3 attribute crlDistributionPoints is of type dirName. In this case, Access Policy Manager attempts to match the value of the crlDistributionPoints attribute to the Base DN value. Note: If the client certificate includes the distribution point extension in LDAP URI format, the IP address, Base DN, and Reverse DN settings configured on the agent are ignored; they are specific to directory-based CRLDP. All other settings are applicable to both LDAP URI and directory-based CRL DPs.
cacheExpire number False Specifies the number of seconds a CRL is cached. The default is 86400 seconds and, when it is used, the entry is deleted from the CRL cache after 24 hours.
connectionTimeout number False Specifies the number of seconds of inactivity the system allows before the connection times out. The default is 15 seconds.
port number False Specifies a CRLDP service port. The default is 389.
reverseDn string False Specifies in which order the system should attempt to match the Base DN value to the value of the X509v3 attribute crlDistributionPoints. Possible values are Enabled and Disabled. When set to Enabled, the system matches the base DN from left to right, or from the beginning of the DN string, to accommodate dirName strings in certificates such as c=us,st=wa,l=sea,ou=f5,cn=xxx.
updateInterval number False Specifies the validity (in seconds) of the CRL file. To force the retrieval of a CRL file before the current CRL becomes obsolete, set this value to less than the CRL expiration time. If the value is zero (default), the CRLDP action uses the expiration time specified by the CA’s CRL publishing parameters (the Next update parameter).
useIssuer string False If enabled, the system extracts the CRL distribution point from the certificate of the client certificate issuer.
verifySig string False Specifies, when checked (enabled), that the signature on the received CRL is verified. By default, the check box is enabled.
name string False The name of the object
partition string False The BIG-IP partition where the object should be placed
subPath string False The BIG-IP folder where the object should be placed
lsoDeviceReference reference False Reference to the device
     id string False Id of the device.
     name string False Device name. Typically it is device’s hostname.
     kind string False Kind of the device.
     machineId string False Machine ID of the device.
     link string False URI link of the reference.
isLsoShared boolean False Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference False Reference to the device group.
     name string False Name of the resource
     kind string False The kind of the resource.
     link string False URI link of the reference.
id string False An ID of an application
lastUpdateMicros number False The last updated time in microseconds.
kind string False The kind of an application.
selfLink string False The selfLink of an application.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
address string Specify IP addresses of the CRLDP servers to which APM can connect for AAA services.
usePool string Specify CRLDP servers for APM to use to authenticate users. Use Pool to create a high availability configuration. Use Direct to specify one CRLDP server for APM to authenticate users.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the CRLDP server ip’s as its pool members. Then, associate in this property.
allowNullcrl string If enabled, a null CRL from the CRLDP server is considered a successful authentication.
baseDn string Specifies a CRLDP base distinguished name for certificates that specify the CRL distribution point in directory name (dirName) format. This is used when the value of the X509v3 attribute crlDistributionPoints is of type dirName. In this case, Access Policy Manager attempts to match the value of the crlDistributionPoints attribute to the Base DN value. Note: If the client certificate includes the distribution point extension in LDAP URI format, the IP address, Base DN, and Reverse DN settings configured on the agent are ignored; they are specific to directory-based CRLDP. All other settings are applicable to both LDAP URI and directory-based CRL DPs.
cacheExpire number Specifies the number of seconds a CRL is cached. The default is 86400 seconds and, when it is used, the entry is deleted from the CRL cache after 24 hours.
connectionTimeout number Specifies the number of seconds of inactivity the system allows before the connection times out. The default is 15 seconds.
port number Specifies a CRLDP service port. The default is 389.
reverseDn string Specifies in which order the system should attempt to match the Base DN value to the value of the X509v3 attribute crlDistributionPoints. Possible values are Enabled and Disabled. When set to Enabled, the system matches the base DN from left to right, or from the beginning of the DN string, to accommodate dirName strings in certificates such as c=us,st=wa,l=sea,ou=f5,cn=xxx.
updateInterval number Specifies the validity (in seconds) of the CRL file. To force the retrieval of a CRL file before the current CRL becomes obsolete, set this value to less than the CRL expiration time. If the value is zero (default), the CRLDP action uses the expiration time specified by the CA’s CRL publishing parameters (the Next update parameter).
useIssuer string If enabled, the system extracts the CRL distribution point from the certificate of the client certificate issuer.
verifySig string Specifies, when checked (enabled), that the signature on the received CRL is verified. By default, the check box is enabled.
name string The name of the object
partition string The BIG-IP partition where the object should be placed
subPath string The BIG-IP folder where the object should be placed
lsoDeviceReference reference Reference to the device
     id string Id of the device.
     name string Device name. Typically it is device’s hostname.
     kind string Kind of the device.
     machineId string Machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the resource
     kind string The kind of the resource.
     link string URI link of the reference.
id string An ID of an application
lastUpdateMicros number The last updated time in microseconds.
kind string The kind of an application.
selfLink string The selfLink of an application.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions

Role Allow
Application_Editor No
Service_Catalog_Viewer No
Service_Catalog_Editor No
Trust_Discovery_Import Yes
Access_View No
Access_Edit Yes
Access_Manager Yes
Application_Manager No
Application_Viewer No
Trust_Discovery_Import No
Access_Deploy No
Access_Policy_Editor No

PATCH /cm/access/working-config/apm/aaa/crldp/<id>

Request Parameters

Name Type Required Description
address string False Specify IP addresses of the CRLDP servers to which APM can connect for AAA services.
usePool string True For the pool name, first create the pool and pool members. The LTM pool must be configured with the CRLDP server ip’s as its pool members. Then, associate in this property.
allowNullcrl string False If enabled, a null CRL from the CRLDP server is considered a successful authentication.
baseDn string False Specifies a CRLDP base distinguished name for certificates that specify the CRL distribution point in directory name (dirName) format. This is used when the value of the X509v3 attribute crlDistributionPoints is of type dirName. In this case, Access Policy Manager attempts to match the value of the crlDistributionPoints attribute to the Base DN value. Note: If the client certificate includes the distribution point extension in LDAP URI format, the IP address, Base DN, and Reverse DN settings configured on the agent are ignored; they are specific to directory-based CRLDP. All other settings are applicable to both LDAP URI and directory-based CRL DPs.
cacheExpire number False Specifies the number of seconds a CRL is cached. The default is 86400 seconds and, when it is used, the entry is deleted from the CRL cache after 24 hours.
connectionTimeout number False Specifies the number of seconds of inactivity the system allows before the connection times out. The default is 15 seconds.
port number False Specifies a CRLDP service port. The default is 389.
reverseDn string False Specifies in which order the system should attempt to match the Base DN value to the value of the X509v3 attribute crlDistributionPoints. Possible values are Enabled and Disabled. When set to Enabled, the system matches the base DN from left to right, or from the beginning of the DN string, to accommodate dirName strings in certificates such as c=us,st=wa,l=sea,ou=f5,cn=xxx.
updateInterval number False Specifies the validity (in seconds) of the CRL file. To force the retrieval of a CRL file before the current CRL becomes obsolete, set this value to less than the CRL expiration time. If the value is zero (default), the CRLDP action uses the expiration time specified by the CA’s CRL publishing parameters (the Next update parameter).
useIssuer string False If enabled, the system extracts the CRL distribution point from the certificate of the client certificate issuer.
verifySig string False Specifies, when checked (enabled), that the signature on the received CRL is verified. By default, the check box is enabled.
isLsoShared boolean False Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
address string Specify IP addresses of the CRLDP servers to which APM can connect for AAA services.
usePool string Specify CRLDP servers for APM to use to authenticate users. Use Pool to create a high availability configuration. Use Direct to specify one CRLDP server for APM to authenticate users.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the CRLDP server ip’s as its pool members. Then, associate in this property.
allowNullcrl string If enabled, a null CRL from the CRLDP server is considered a successful authentication.
baseDn string Specifies a CRLDP base distinguished name for certificates that specify the CRL distribution point in directory name (dirName) format. This is used when the value of the X509v3 attribute crlDistributionPoints is of type dirName. In this case, Access Policy Manager attempts to match the value of the crlDistributionPoints attribute to the Base DN value. Note: If the client certificate includes the distribution point extension in LDAP URI format, the IP address, Base DN, and Reverse DN settings configured on the agent are ignored; they are specific to directory-based CRLDP. All other settings are applicable to both LDAP URI and directory-based CRL DPs.
cacheExpire number Specifies the number of seconds a CRL is cached. The default is 86400 seconds and, when it is used, the entry is deleted from the CRL cache after 24 hours.
connectionTimeout number Specifies the number of seconds of inactivity the system allows before the connection times out. The default is 15 seconds.
port number Specifies a CRLDP service port. The default is 389.
reverseDn string Specifies in which order the system should attempt to match the Base DN value to the value of the X509v3 attribute crlDistributionPoints. Possible values are Enabled and Disabled. When set to Enabled, the system matches the base DN from left to right, or from the beginning of the DN string, to accommodate dirName strings in certificates such as c=us,st=wa,l=sea,ou=f5,cn=xxx.
updateInterval number Specifies the validity (in seconds) of the CRL file. To force the retrieval of a CRL file before the current CRL becomes obsolete, set this value to less than the CRL expiration time. If the value is zero (default), the CRLDP action uses the expiration time specified by the CA’s CRL publishing parameters (the Next update parameter).
useIssuer string If enabled, the system extracts the CRL distribution point from the certificate of the client certificate issuer.
verifySig string Specifies, when checked (enabled), that the signature on the received CRL is verified. By default, the check box is enabled.
name string The name of the object
partition string The BIG-IP partition where the object should be placed
subPath string The BIG-IP folder where the object should be placed
lsoDeviceReference reference Reference to the device
     id string Id of the device.
     name string Device name. Typically it is device’s hostname.
     kind string Kind of the device.
     machineId string Machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the resource
     kind string The kind of the resource.
     link string URI link of the reference.
id string An ID of an application
lastUpdateMicros number The last updated time in microseconds.
kind string The kind of an application.
selfLink string The selfLink of an application.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions

Role Allow
Application_Editor No
Service_Catalog_Viewer No
Service_Catalog_Editor No
Trust_Discovery_Import Yes
Access_View No
Access_Edit Yes
Access_Manager Yes
Application_Manager No
Application_Viewer No
Trust_Discovery_Import No
Access_Deploy No
Access_Policy_Editor No

DELETE /cm/access/working-config/apm/aaa/crldp/<id>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
address string Specify IP addresses of the CRLDP servers to which APM can connect for AAA services.
usePool string Specify CRLDP servers for APM to use to authenticate users. Use Pool to create a high availability configuration. Use Direct to specify one CRLDP server for APM to authenticate users.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the CRLDP server ip’s as its pool members. Then, associate in this property.
allowNullcrl string If enabled, a null CRL from the CRLDP server is considered a successful authentication.
baseDn string Specifies a CRLDP base distinguished name for certificates that specify the CRL distribution point in directory name (dirName) format. This is used when the value of the X509v3 attribute crlDistributionPoints is of type dirName. In this case, Access Policy Manager attempts to match the value of the crlDistributionPoints attribute to the Base DN value. Note: If the client certificate includes the distribution point extension in LDAP URI format, the IP address, Base DN, and Reverse DN settings configured on the agent are ignored; they are specific to directory-based CRLDP. All other settings are applicable to both LDAP URI and directory-based CRL DPs.
cacheExpire number Specifies the number of seconds a CRL is cached. The default is 86400 seconds and, when it is used, the entry is deleted from the CRL cache after 24 hours.
connectionTimeout number Specifies the number of seconds of inactivity the system allows before the connection times out. The default is 15 seconds.
port number Specifies a CRLDP service port. The default is 389.
reverseDn string Specifies in which order the system should attempt to match the Base DN value to the value of the X509v3 attribute crlDistributionPoints. Possible values are Enabled and Disabled. When set to Enabled, the system matches the base DN from left to right, or from the beginning of the DN string, to accommodate dirName strings in certificates such as c=us,st=wa,l=sea,ou=f5,cn=xxx.
updateInterval number Specifies the validity (in seconds) of the CRL file. To force the retrieval of a CRL file before the current CRL becomes obsolete, set this value to less than the CRL expiration time. If the value is zero (default), the CRLDP action uses the expiration time specified by the CA’s CRL publishing parameters (the Next update parameter).
useIssuer string If enabled, the system extracts the CRL distribution point from the certificate of the client certificate issuer.
verifySig string Specifies, when checked (enabled), that the signature on the received CRL is verified. By default, the check box is enabled.
name string The name of the object
partition string The BIG-IP partition where the object should be placed
subPath string The BIG-IP folder where the object should be placed
lsoDeviceReference reference Reference to the device
     id string Id of the device.
     name string Device name. Typically it is device’s hostname.
     kind string Kind of the device.
     machineId string Machine ID of the device.
     link string URI link of the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the resource
     kind string The kind of the resource.
     link string URI link of the reference.
id string An ID of an application
lastUpdateMicros number The last updated time in microseconds.
kind string The kind of an application.
selfLink string The selfLink of an application.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions

Role Allow
Application_Editor No
Service_Catalog_Viewer No
Service_Catalog_Editor No
Trust_Discovery_Import Yes
Access_View No
Access_Edit Yes
Access_Manager Yes
Application_Manager No
Application_Viewer No
Trust_Discovery_Import No
Access_Deploy No
Access_Policy_Editor No

Examples

Get AAA CRLDP Server

GET /cm/access/working-config/apm/aaa/crldp/<id>

Response

HTTP/1.1 200 OK
{
    "address": "1.1.1.18",
    "usePool": "enabled",
    "pool": "true",
    "allowNullcrl": "false",
    "baseDn": "CN=lxxx,DC=f5,DC=com",
    "cacheExpire": 86400,
    "connectionTimeout": 15,
    "port": 389,
    "reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
    "updateInterval": 0,
    "useIssuer": "false",
    "verifySig": "true",
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "name": "bigip.foo.com",
        "kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
        "machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "resourceName",
        "kind": "shared:resolver:device-groups:devicegroupstate",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
    "generation": 1,
    "lastUpdateMicros": 1518743088884807,
    "kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
    "selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}

Create New AAA CRLDP Server

POST /cm/access/working-config/apm/aaa/crldp
{
    "address": "1.1.1.18",
    "usePool": "enabled",
    "pool": "true",
    "allowNullcrl": "false",
    "baseDn": "CN=lxxx,DC=f5,DC=com",
    "cacheExpire": 86400,
    "connectionTimeout": 15,
    "port": 389,
    "reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
    "updateInterval": 0,
    "useIssuer": "false",
    "verifySig": "true",
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
}

Response

HTTP/1.1 200 OK
{
    "address": "1.1.1.18",
    "usePool": "enabled",
    "pool": "true",
    "allowNullcrl": "false",
    "baseDn": "CN=lxxx,DC=f5,DC=com",
    "cacheExpire": 86400,
    "connectionTimeout": 15,
    "port": 389,
    "reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
    "updateInterval": 0,
    "useIssuer": "false",
    "verifySig": "true",
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "name": "bigip.foo.com",
        "kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
        "machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "resourceName",
        "kind": "shared:resolver:device-groups:devicegroupstate",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
    "generation": 1,
    "lastUpdateMicros": 1518743088884807,
    "kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
    "selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}

Edit AAA CRLDP Server

PUT /cm/access/working-config/apm/aaa/crldp/<id>
{
    "address": "1.1.1.18",
    "usePool": "enabled",
    "pool": "true",
    "allowNullcrl": "false",
    "baseDn": "CN=lxxx,DC=f5,DC=com",
    "cacheExpire": 86400,
    "connectionTimeout": 15,
    "port": 389,
    "reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
    "updateInterval": 0,
    "useIssuer": "false",
    "verifySig": "true",
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "name": "bigip.foo.com",
        "kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
        "machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "resourceName",
        "kind": "shared:resolver:device-groups:devicegroupstate",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
    "generation": 1,
    "lastUpdateMicros": 1518743088884807,
    "kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
    "selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}

Response

HTTP/1.1 200 OK
{
    "address": "1.1.1.18",
    "usePool": "enabled",
    "pool": "true",
    "allowNullcrl": "false",
    "baseDn": "CN=lxxx,DC=f5,DC=com",
    "cacheExpire": 86400,
    "connectionTimeout": 15,
    "port": 389,
    "reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
    "updateInterval": 0,
    "useIssuer": "false",
    "verifySig": "true",
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "name": "bigip.foo.com",
        "kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
        "machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "resourceName",
        "kind": "shared:resolver:device-groups:devicegroupstate",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
    "generation": 1,
    "lastUpdateMicros": 1518743088884807,
    "kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
    "selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}

Edit AAA CRLDP Server

PATCH /cm/access/working-config/apm/aaa/crldp/<id>
{
    "address": "1.1.1.18",
    "usePool": "enabled",
    "pool": "true",
    "allowNullcrl": "false",
    "baseDn": "CN=lxxx,DC=f5,DC=com",
    "cacheExpire": 86400,
    "connectionTimeout": 15,
    "port": 389,
    "reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
    "updateInterval": 0,
    "useIssuer": "false",
    "verifySig": "true",
    "isLsoShared": false,
}

Response

HTTP/1.1 200 OK
{
    "address": "1.1.1.18",
    "usePool": "enabled",
    "pool": "true",
    "allowNullcrl": "false",
    "baseDn": "CN=lxxx,DC=f5,DC=com",
    "cacheExpire": 86400,
    "connectionTimeout": 15,
    "port": 389,
    "reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
    "updateInterval": 0,
    "useIssuer": "false",
    "verifySig": "true",
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "name": "bigip.foo.com",
        "kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
        "machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "resourceName",
        "kind": "shared:resolver:device-groups:devicegroupstate",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
    "generation": 1,
    "lastUpdateMicros": 1518743088884807,
    "kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
    "selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}

Delete AAA CRLDP Server

DELETE /cm/access/working-config/apm/aaa/crldp/<id>

Response

HTTP/1.1 200 OK
{
    "address": "1.1.1.18",
    "usePool": "enabled",
    "pool": "true",
    "allowNullcrl": "false",
    "baseDn": "CN=lxxx,DC=f5,DC=com",
    "cacheExpire": 86400,
    "connectionTimeout": 15,
    "port": 389,
    "reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
    "updateInterval": 0,
    "useIssuer": "false",
    "verifySig": "true",
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "name": "bigip.foo.com",
        "kind": "shared:resolver:device-groups:restdeviceresolverdevicestate",
        "machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "resourceName",
        "kind": "shared:resolver:device-groups:devicegroupstate",
        "link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb21a4bc2346"
    },
    "id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
    "generation": 1,
    "lastUpdateMicros": 1518743088884807,
    "kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
    "selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectorystate",
}