Certificate_Validator_OCSP (object)

OCSP validator for certificates

Properties (* = required):

name type(s) default allowed values description
class* string   “Certificate_Validator_OCSP”  
dnsResolver object     BIG-IP AS3 pointer to DNS resolver used to resolve hostnames in client requests,Reference to a DNS resolver
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
responderUrl string     Specifies the absolute URL that overrides the OCSP responder URL obtained from the certificate’s AIA extension(s). This should be a HTTP based URL.
signingCertificate object     Specifies the certificate object to use for OCSP responders that require the request to be signed,Reference to a SSL certificate
signingHashAlgorithm string “sha256” “sha1”, “sha256” Specifies a hash algorithm used to sign an OCSP request
timeout integer 8 1 - 300 Specifies the time interval (in seconds) that the BIG-IP waits for before ending the connection to the OCSP responder. The default value is 8

Certificate_Validator_OCSP.dnsResolver (object)

BIG-IP AS3 pointer to DNS resolver used to resolve hostnames in client requests Reference to a DNS resolver

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS resolver

Certificate_Validator_OCSP.signingCertificate (object)

Specifies the certificate object to use for OCSP responders that require the request to be signed Reference to a SSL certificate

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP SSL certificate
use string     AS3 pointer to SSL certificate declaration