Certificate (object)

Configures a Certificate

Properties (* = required):

name type(s) default allowed values description
certificate       X.509 public-key certificate,System reference pointers (all valid for the runtime) or F5 string
chainCA object, string     Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)
class* string   “Certificate”  
issuerCertificate object     Specifies the name of the issuer certificate for this certificate,Reference to a SSL certificate
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
passphrase object     If supplied, used to decrypt privateKey at runtime (optional),A passphrase (passphrase property),A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL
pkcs12       The pkcs12 value which may be a url to fetch the binary file from or base64 encoded string,Reference for a property or BIG-IP object
pkcs12Options object     Options for importing PKCS12 file
privateKey       Private key matching certificate’s public key (optional),System reference pointers (all valid for the runtime) or F5 string
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
staplerOCSP object     BIG-IP AS3 pointer to OCSP Stapler declaration (optional),Reference to a OCSP Cert Validator

Certificate.chainCA (object, string)

Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)

Certificate.issuerCertificate (object)

Specifies the name of the issuer certificate for this certificate Reference to a SSL certificate

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP SSL certificate
use string     BIG-IP AS3 pointer to SSL certificate declaration

Certificate.passphrase (object)

If supplied, used to decrypt privateKey at runtime (optional) A passphrase (passphrase property) A value: (a) in a cryptogram in this object; (b) in a cryptogram elsewhere in this declaration; or (c) available from a URL

Properties (* = required):

name type(s) default allowed values description
/*/        
allowReuse boolean false true, false If true, other declaration objects may reuse this value

Certificate.pkcs12Options (object)

Options for importing PKCS12 file

Properties (* = required):

name type(s) default allowed values description
/*/        
ignoreChanges boolean false true, false Key has to be decrypted and re-encrypted as part of extraction, resulting in a diff. Set to true to exclude the pkcs12 object for subsequent deployments.
internalOnly array     BIG-IP AS3 uses this property internally. Any values supplied here will be ignored
keyImportFormat string “pkcs8” “pkcs8”, “openssl-legacy” Determines the format in which the private key is saved. Default is PKCS#8.

Certificate.staplerOCSP (object)

BIG-IP AS3 pointer to OCSP Stapler declaration (optional) Reference to a OCSP Cert Validator

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP OCSP Cert Validator
use string     BIG-IP AS3 pointer to OCSP Cert Validator declaration