Certificate (object)¶
Configures a Certificate
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| certificate | X.509 public-key certificate,Reference for a property or BIG-IP object | |||
| chainCA | object, string | Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional) | ||
| class* | string | “Certificate” | ||
| issuerCertificate | object | Specifies the name of the issuer certificate for this certificate,Reference to a SSL certificate | ||
| label | string | “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” | Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML | |
| passphrase | object | If supplied, used to decrypt privateKey at runtime (optional),A passphrase (passphrase property),A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL | ||
| pkcs12 | The pkcs12 value which may be a url to fetch the binary file from or base64 encoded string,Reference for a property or BIG-IP object | |||
| pkcs12Options | object | Options for importing PKCS12 file | ||
| privateKey | Private key matching certificate’s public key (optional),Reference for a property or BIG-IP object | |||
| remark | string | “^[^x00-x1fx22x5cx7f]*$” | Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks | |
| staplerOCSP | object | BIG-IP AS3 pointer to OCSP Stapler declaration (optional),Reference to a OCSP Cert Validator |
Certificate.chainCA (object, string)¶
Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)
Certificate.issuerCertificate (object)¶
Specifies the name of the issuer certificate for this certificate Reference to a SSL certificate
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP SSL certificate | |
| use | string | BIG-IP AS3 pointer to SSL certificate declaration |
Certificate.passphrase (object)¶
If supplied, used to decrypt privateKey at runtime (optional) A passphrase (passphrase property) A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| /*/ | ||||
| allowReuse | boolean | false | true, false | If true, other declaration objects may reuse this value |
Certificate.pkcs12Options (object)¶
Options for importing PKCS12 file
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| /*/ | ||||
| ignoreChanges | boolean | false | true, false | Key has to be decrypted and re-encrypted as part of extraction, resulting in a diff. Set to true to exclude the pkcs12 object for subsequent deployments. |
| internalOnly | array | BIG-IP AS3 uses this property internally. Any values supplied here will be ignored | ||
| keyImportFormat | string | “pkcs8” | “pkcs8”, “openssl-legacy” | Determines the format in which the private key is saved. Default is PKCS#8. |
Certificate.staplerOCSP (object)¶
BIG-IP AS3 pointer to OCSP Stapler declaration (optional) Reference to a OCSP Cert Validator
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP OCSP Cert Validator | |
| use | string | BIG-IP AS3 pointer to OCSP Cert Validator declaration |