Certificate (object)

PKI certificate with optional private-key and/or chain, optional OCSP stapler

Properties (* = required):

name type(s) default allowed values description
certificate       X.509 public-key certificate,String value optionally in base64 or from URL or AS3 pointer
chainCA object, string     Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)
class* string   “Certificate”  
issuerCertificate object     Specfies the name of the issuer certficate for this certificate,Reference to a SSL certificate
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
passphrase object     If supplied, used to decrypt privateKey at runtime (optional),A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL
pkcs12       The pkcs12 value which may be a url to fetch the binary file from or base64 encoded string,String value optionally in base64 or from URL or AS3 pointer
pkcs12Options object     Options for importing PKCS12 file
privateKey       Private key matching certificate’s public key (optional),String value optionally in base64 or from URL or AS3 pointer
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
staplerOCSP object     AS3 pointer to OCSP Stapler declaration (optional),Reference to a OCSP Cert Validator

Certificate.chainCA (object, string)

Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)

Certificate.issuerCertificate (object)

Specfies the name of the issuer certficate for this certificate Reference to a SSL certificate

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP SSL certificate
use string     AS3 pointer to SSL certificate declaration

Certificate.passphrase (object)

If supplied, used to decrypt privateKey at runtime (optional) A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Properties (* = required):

name type(s) default allowed values description
/*/        
allowReuse boolean   true, false If true, other declaration objects may reuse this value
reuseFrom string     AS3 pointer to another JWE cryptogram in this declaration to copy
url       URL from which secret should be fetched,Describes the URL to remote resource and optional parameters

Certificate.pkcs12Options (object)

Options for importing PKCS12 file

Properties (* = required):

name type(s) default allowed values description
/*/        
ignoreChanges boolean false true, false Key has to be decrypted and re-encrypted as part of extraction, resulting in a diff. Set to true to exclude the pkcs12 object for subsequent deployments.
internalOnly array     AS3 uses this property internally. Any values supplied here will be ignored
keyImportFormat string “pkcs8” “pkcs8”, “openssl-legacy” Determines the format in which the private key is saved. Default is PKCS#8.

Certificate.staplerOCSP (object)

AS3 pointer to OCSP Stapler declaration (optional) Reference to a OCSP Cert Validator

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP OCSP Cert Validator
use string     AS3 pointer to OCSP Cert Validator declaration