1. Packages
  2. Bigip Provider
  3. API Docs
  4. ltm
  5. ProfileClientSsl
f5 BIG-IP v3.17.6 published on Monday, Oct 28, 2024 by Pulumi

f5bigip.ltm.ProfileClientSsl

Explore with Pulumi AI

f5bigip logo
f5 BIG-IP v3.17.6 published on Monday, Oct 28, 2024 by Pulumi

    f5bigip.ltm.ProfileClientSsl Manages client SSL profiles on a BIG-IP

    Resources should be named with their “full path”. The full path is the combination of the partition + name (example: /Common/my-pool ) or partition + directory + name of the resource (example: /Common/test/my-pool )

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as f5bigip from "@pulumi/f5bigip";
    
    const test_ClientSsl = new f5bigip.ltm.ProfileClientSsl("test-ClientSsl", {
        name: "/Common/test-ClientSsl",
        defaultsFrom: "/Common/clientssl",
        authenticate: "always",
        ciphers: "DEFAULT",
    });
    
    import pulumi
    import pulumi_f5bigip as f5bigip
    
    test__client_ssl = f5bigip.ltm.ProfileClientSsl("test-ClientSsl",
        name="/Common/test-ClientSsl",
        defaults_from="/Common/clientssl",
        authenticate="always",
        ciphers="DEFAULT")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip/ltm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ltm.NewProfileClientSsl(ctx, "test-ClientSsl", &ltm.ProfileClientSslArgs{
    			Name:         pulumi.String("/Common/test-ClientSsl"),
    			DefaultsFrom: pulumi.String("/Common/clientssl"),
    			Authenticate: pulumi.String("always"),
    			Ciphers:      pulumi.String("DEFAULT"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using F5BigIP = Pulumi.F5BigIP;
    
    return await Deployment.RunAsync(() => 
    {
        var test_ClientSsl = new F5BigIP.Ltm.ProfileClientSsl("test-ClientSsl", new()
        {
            Name = "/Common/test-ClientSsl",
            DefaultsFrom = "/Common/clientssl",
            Authenticate = "always",
            Ciphers = "DEFAULT",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.f5bigip.ltm.ProfileClientSsl;
    import com.pulumi.f5bigip.ltm.ProfileClientSslArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test_ClientSsl = new ProfileClientSsl("test-ClientSsl", ProfileClientSslArgs.builder()
                .name("/Common/test-ClientSsl")
                .defaultsFrom("/Common/clientssl")
                .authenticate("always")
                .ciphers("DEFAULT")
                .build());
    
        }
    }
    
    resources:
      test-ClientSsl:
        type: f5bigip:ltm:ProfileClientSsl
        properties:
          name: /Common/test-ClientSsl
          defaultsFrom: /Common/clientssl
          authenticate: always
          ciphers: DEFAULT
    

    Create ProfileClientSsl Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ProfileClientSsl(name: string, args: ProfileClientSslArgs, opts?: CustomResourceOptions);
    @overload
    def ProfileClientSsl(resource_name: str,
                         args: ProfileClientSslArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def ProfileClientSsl(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         name: Optional[str] = None,
                         alert_timeout: Optional[str] = None,
                         allow_expired_crl: Optional[str] = None,
                         allow_non_ssl: Optional[str] = None,
                         authenticate: Optional[str] = None,
                         authenticate_depth: Optional[int] = None,
                         c3d_client_fallback_cert: Optional[str] = None,
                         c3d_drop_unknown_ocsp_status: Optional[str] = None,
                         c3d_ocsp: Optional[str] = None,
                         ca_file: Optional[str] = None,
                         cache_size: Optional[int] = None,
                         cache_timeout: Optional[int] = None,
                         cert: Optional[str] = None,
                         cert_extension_includes: Optional[Sequence[str]] = None,
                         cert_key_chain: Optional[ProfileClientSslCertKeyChainArgs] = None,
                         cert_life_span: Optional[int] = None,
                         cert_lookup_by_ipaddr_port: Optional[str] = None,
                         chain: Optional[str] = None,
                         cipher_group: Optional[str] = None,
                         ciphers: Optional[str] = None,
                         client_cert_ca: Optional[str] = None,
                         crl_file: Optional[str] = None,
                         defaults_from: Optional[str] = None,
                         forward_proxy_bypass_default_action: Optional[str] = None,
                         full_path: Optional[str] = None,
                         generation: Optional[int] = None,
                         generic_alert: Optional[str] = None,
                         handshake_timeout: Optional[str] = None,
                         inherit_cert_keychain: Optional[str] = None,
                         key: Optional[str] = None,
                         mod_ssl_methods: Optional[str] = None,
                         mode: Optional[str] = None,
                         ocsp_stapling: Optional[str] = None,
                         partition: Optional[str] = None,
                         passphrase: Optional[str] = None,
                         peer_cert_mode: Optional[str] = None,
                         proxy_ca_cert: Optional[str] = None,
                         proxy_ca_key: Optional[str] = None,
                         proxy_ca_passphrase: Optional[str] = None,
                         proxy_ssl: Optional[str] = None,
                         proxy_ssl_passthrough: Optional[str] = None,
                         renegotiate_period: Optional[str] = None,
                         renegotiate_size: Optional[str] = None,
                         renegotiation: Optional[str] = None,
                         retain_certificate: Optional[str] = None,
                         secure_renegotiation: Optional[str] = None,
                         server_name: Optional[str] = None,
                         session_mirroring: Optional[str] = None,
                         session_ticket: Optional[str] = None,
                         sni_default: Optional[str] = None,
                         sni_require: Optional[str] = None,
                         ssl_c3d: Optional[str] = None,
                         ssl_forward_proxy: Optional[str] = None,
                         ssl_forward_proxy_bypass: Optional[str] = None,
                         ssl_sign_hash: Optional[str] = None,
                         strict_resume: Optional[str] = None,
                         tm_options: Optional[Sequence[str]] = None,
                         unclean_shutdown: Optional[str] = None)
    func NewProfileClientSsl(ctx *Context, name string, args ProfileClientSslArgs, opts ...ResourceOption) (*ProfileClientSsl, error)
    public ProfileClientSsl(string name, ProfileClientSslArgs args, CustomResourceOptions? opts = null)
    public ProfileClientSsl(String name, ProfileClientSslArgs args)
    public ProfileClientSsl(String name, ProfileClientSslArgs args, CustomResourceOptions options)
    
    type: f5bigip:ltm:ProfileClientSsl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ProfileClientSslArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ProfileClientSslArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ProfileClientSslArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ProfileClientSslArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ProfileClientSslArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var profileClientSslResource = new F5BigIP.Ltm.ProfileClientSsl("profileClientSslResource", new()
    {
        Name = "string",
        AlertTimeout = "string",
        AllowExpiredCrl = "string",
        AllowNonSsl = "string",
        Authenticate = "string",
        AuthenticateDepth = 0,
        C3dClientFallbackCert = "string",
        C3dDropUnknownOcspStatus = "string",
        C3dOcsp = "string",
        CaFile = "string",
        CacheSize = 0,
        CacheTimeout = 0,
        Cert = "string",
        CertExtensionIncludes = new[]
        {
            "string",
        },
        CertLifeSpan = 0,
        CertLookupByIpaddrPort = "string",
        Chain = "string",
        CipherGroup = "string",
        Ciphers = "string",
        ClientCertCa = "string",
        CrlFile = "string",
        DefaultsFrom = "string",
        ForwardProxyBypassDefaultAction = "string",
        FullPath = "string",
        Generation = 0,
        GenericAlert = "string",
        HandshakeTimeout = "string",
        InheritCertKeychain = "string",
        Key = "string",
        ModSslMethods = "string",
        Mode = "string",
        OcspStapling = "string",
        Partition = "string",
        Passphrase = "string",
        PeerCertMode = "string",
        ProxyCaCert = "string",
        ProxyCaKey = "string",
        ProxyCaPassphrase = "string",
        ProxySsl = "string",
        ProxySslPassthrough = "string",
        RenegotiatePeriod = "string",
        RenegotiateSize = "string",
        Renegotiation = "string",
        RetainCertificate = "string",
        SecureRenegotiation = "string",
        ServerName = "string",
        SessionMirroring = "string",
        SessionTicket = "string",
        SniDefault = "string",
        SniRequire = "string",
        SslC3d = "string",
        SslForwardProxy = "string",
        SslForwardProxyBypass = "string",
        SslSignHash = "string",
        StrictResume = "string",
        TmOptions = new[]
        {
            "string",
        },
        UncleanShutdown = "string",
    });
    
    example, err := ltm.NewProfileClientSsl(ctx, "profileClientSslResource", &ltm.ProfileClientSslArgs{
    	Name:                     pulumi.String("string"),
    	AlertTimeout:             pulumi.String("string"),
    	AllowExpiredCrl:          pulumi.String("string"),
    	AllowNonSsl:              pulumi.String("string"),
    	Authenticate:             pulumi.String("string"),
    	AuthenticateDepth:        pulumi.Int(0),
    	C3dClientFallbackCert:    pulumi.String("string"),
    	C3dDropUnknownOcspStatus: pulumi.String("string"),
    	C3dOcsp:                  pulumi.String("string"),
    	CaFile:                   pulumi.String("string"),
    	CacheSize:                pulumi.Int(0),
    	CacheTimeout:             pulumi.Int(0),
    	Cert:                     pulumi.String("string"),
    	CertExtensionIncludes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	CertLifeSpan:                    pulumi.Int(0),
    	CertLookupByIpaddrPort:          pulumi.String("string"),
    	Chain:                           pulumi.String("string"),
    	CipherGroup:                     pulumi.String("string"),
    	Ciphers:                         pulumi.String("string"),
    	ClientCertCa:                    pulumi.String("string"),
    	CrlFile:                         pulumi.String("string"),
    	DefaultsFrom:                    pulumi.String("string"),
    	ForwardProxyBypassDefaultAction: pulumi.String("string"),
    	FullPath:                        pulumi.String("string"),
    	Generation:                      pulumi.Int(0),
    	GenericAlert:                    pulumi.String("string"),
    	HandshakeTimeout:                pulumi.String("string"),
    	InheritCertKeychain:             pulumi.String("string"),
    	Key:                             pulumi.String("string"),
    	ModSslMethods:                   pulumi.String("string"),
    	Mode:                            pulumi.String("string"),
    	OcspStapling:                    pulumi.String("string"),
    	Partition:                       pulumi.String("string"),
    	Passphrase:                      pulumi.String("string"),
    	PeerCertMode:                    pulumi.String("string"),
    	ProxyCaCert:                     pulumi.String("string"),
    	ProxyCaKey:                      pulumi.String("string"),
    	ProxyCaPassphrase:               pulumi.String("string"),
    	ProxySsl:                        pulumi.String("string"),
    	ProxySslPassthrough:             pulumi.String("string"),
    	RenegotiatePeriod:               pulumi.String("string"),
    	RenegotiateSize:                 pulumi.String("string"),
    	Renegotiation:                   pulumi.String("string"),
    	RetainCertificate:               pulumi.String("string"),
    	SecureRenegotiation:             pulumi.String("string"),
    	ServerName:                      pulumi.String("string"),
    	SessionMirroring:                pulumi.String("string"),
    	SessionTicket:                   pulumi.String("string"),
    	SniDefault:                      pulumi.String("string"),
    	SniRequire:                      pulumi.String("string"),
    	SslC3d:                          pulumi.String("string"),
    	SslForwardProxy:                 pulumi.String("string"),
    	SslForwardProxyBypass:           pulumi.String("string"),
    	SslSignHash:                     pulumi.String("string"),
    	StrictResume:                    pulumi.String("string"),
    	TmOptions: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	UncleanShutdown: pulumi.String("string"),
    })
    
    var profileClientSslResource = new ProfileClientSsl("profileClientSslResource", ProfileClientSslArgs.builder()
        .name("string")
        .alertTimeout("string")
        .allowExpiredCrl("string")
        .allowNonSsl("string")
        .authenticate("string")
        .authenticateDepth(0)
        .c3dClientFallbackCert("string")
        .c3dDropUnknownOcspStatus("string")
        .c3dOcsp("string")
        .caFile("string")
        .cacheSize(0)
        .cacheTimeout(0)
        .cert("string")
        .certExtensionIncludes("string")
        .certLifeSpan(0)
        .certLookupByIpaddrPort("string")
        .chain("string")
        .cipherGroup("string")
        .ciphers("string")
        .clientCertCa("string")
        .crlFile("string")
        .defaultsFrom("string")
        .forwardProxyBypassDefaultAction("string")
        .fullPath("string")
        .generation(0)
        .genericAlert("string")
        .handshakeTimeout("string")
        .inheritCertKeychain("string")
        .key("string")
        .modSslMethods("string")
        .mode("string")
        .ocspStapling("string")
        .partition("string")
        .passphrase("string")
        .peerCertMode("string")
        .proxyCaCert("string")
        .proxyCaKey("string")
        .proxyCaPassphrase("string")
        .proxySsl("string")
        .proxySslPassthrough("string")
        .renegotiatePeriod("string")
        .renegotiateSize("string")
        .renegotiation("string")
        .retainCertificate("string")
        .secureRenegotiation("string")
        .serverName("string")
        .sessionMirroring("string")
        .sessionTicket("string")
        .sniDefault("string")
        .sniRequire("string")
        .sslC3d("string")
        .sslForwardProxy("string")
        .sslForwardProxyBypass("string")
        .sslSignHash("string")
        .strictResume("string")
        .tmOptions("string")
        .uncleanShutdown("string")
        .build());
    
    profile_client_ssl_resource = f5bigip.ltm.ProfileClientSsl("profileClientSslResource",
        name="string",
        alert_timeout="string",
        allow_expired_crl="string",
        allow_non_ssl="string",
        authenticate="string",
        authenticate_depth=0,
        c3d_client_fallback_cert="string",
        c3d_drop_unknown_ocsp_status="string",
        c3d_ocsp="string",
        ca_file="string",
        cache_size=0,
        cache_timeout=0,
        cert="string",
        cert_extension_includes=["string"],
        cert_life_span=0,
        cert_lookup_by_ipaddr_port="string",
        chain="string",
        cipher_group="string",
        ciphers="string",
        client_cert_ca="string",
        crl_file="string",
        defaults_from="string",
        forward_proxy_bypass_default_action="string",
        full_path="string",
        generation=0,
        generic_alert="string",
        handshake_timeout="string",
        inherit_cert_keychain="string",
        key="string",
        mod_ssl_methods="string",
        mode="string",
        ocsp_stapling="string",
        partition="string",
        passphrase="string",
        peer_cert_mode="string",
        proxy_ca_cert="string",
        proxy_ca_key="string",
        proxy_ca_passphrase="string",
        proxy_ssl="string",
        proxy_ssl_passthrough="string",
        renegotiate_period="string",
        renegotiate_size="string",
        renegotiation="string",
        retain_certificate="string",
        secure_renegotiation="string",
        server_name="string",
        session_mirroring="string",
        session_ticket="string",
        sni_default="string",
        sni_require="string",
        ssl_c3d="string",
        ssl_forward_proxy="string",
        ssl_forward_proxy_bypass="string",
        ssl_sign_hash="string",
        strict_resume="string",
        tm_options=["string"],
        unclean_shutdown="string")
    
    const profileClientSslResource = new f5bigip.ltm.ProfileClientSsl("profileClientSslResource", {
        name: "string",
        alertTimeout: "string",
        allowExpiredCrl: "string",
        allowNonSsl: "string",
        authenticate: "string",
        authenticateDepth: 0,
        c3dClientFallbackCert: "string",
        c3dDropUnknownOcspStatus: "string",
        c3dOcsp: "string",
        caFile: "string",
        cacheSize: 0,
        cacheTimeout: 0,
        cert: "string",
        certExtensionIncludes: ["string"],
        certLifeSpan: 0,
        certLookupByIpaddrPort: "string",
        chain: "string",
        cipherGroup: "string",
        ciphers: "string",
        clientCertCa: "string",
        crlFile: "string",
        defaultsFrom: "string",
        forwardProxyBypassDefaultAction: "string",
        fullPath: "string",
        generation: 0,
        genericAlert: "string",
        handshakeTimeout: "string",
        inheritCertKeychain: "string",
        key: "string",
        modSslMethods: "string",
        mode: "string",
        ocspStapling: "string",
        partition: "string",
        passphrase: "string",
        peerCertMode: "string",
        proxyCaCert: "string",
        proxyCaKey: "string",
        proxyCaPassphrase: "string",
        proxySsl: "string",
        proxySslPassthrough: "string",
        renegotiatePeriod: "string",
        renegotiateSize: "string",
        renegotiation: "string",
        retainCertificate: "string",
        secureRenegotiation: "string",
        serverName: "string",
        sessionMirroring: "string",
        sessionTicket: "string",
        sniDefault: "string",
        sniRequire: "string",
        sslC3d: "string",
        sslForwardProxy: "string",
        sslForwardProxyBypass: "string",
        sslSignHash: "string",
        strictResume: "string",
        tmOptions: ["string"],
        uncleanShutdown: "string",
    });
    
    type: f5bigip:ltm:ProfileClientSsl
    properties:
        alertTimeout: string
        allowExpiredCrl: string
        allowNonSsl: string
        authenticate: string
        authenticateDepth: 0
        c3dClientFallbackCert: string
        c3dDropUnknownOcspStatus: string
        c3dOcsp: string
        caFile: string
        cacheSize: 0
        cacheTimeout: 0
        cert: string
        certExtensionIncludes:
            - string
        certLifeSpan: 0
        certLookupByIpaddrPort: string
        chain: string
        cipherGroup: string
        ciphers: string
        clientCertCa: string
        crlFile: string
        defaultsFrom: string
        forwardProxyBypassDefaultAction: string
        fullPath: string
        generation: 0
        genericAlert: string
        handshakeTimeout: string
        inheritCertKeychain: string
        key: string
        modSslMethods: string
        mode: string
        name: string
        ocspStapling: string
        partition: string
        passphrase: string
        peerCertMode: string
        proxyCaCert: string
        proxyCaKey: string
        proxyCaPassphrase: string
        proxySsl: string
        proxySslPassthrough: string
        renegotiatePeriod: string
        renegotiateSize: string
        renegotiation: string
        retainCertificate: string
        secureRenegotiation: string
        serverName: string
        sessionMirroring: string
        sessionTicket: string
        sniDefault: string
        sniRequire: string
        sslC3d: string
        sslForwardProxy: string
        sslForwardProxyBypass: string
        sslSignHash: string
        strictResume: string
        tmOptions:
            - string
        uncleanShutdown: string
    

    ProfileClientSsl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ProfileClientSsl resource accepts the following input properties:

    Name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    AlertTimeout string
    Alert time out
    AllowExpiredCrl string
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    AllowNonSsl string
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    Authenticate string
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    AuthenticateDepth int
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    C3dClientFallbackCert string
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    C3dDropUnknownOcspStatus string
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    C3dOcsp string
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    CaFile string
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    CacheSize int
    Cache size (sessions).
    CacheTimeout int
    Cache time out
    Cert string
    Specifies a cert name for use.
    CertExtensionIncludes List<string>
    Cert extension includes for ssl forward proxy
    CertKeyChain Pulumi.F5BigIP.Ltm.Inputs.ProfileClientSslCertKeyChain

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    CertLifeSpan int
    Life span of the certificate in days for ssl forward proxy
    CertLookupByIpaddrPort string
    Cert lookup by ip address and port enabled / disabled
    Chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    CipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    Ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    ClientCertCa string
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    CrlFile string
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    DefaultsFrom string
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    ForwardProxyBypassDefaultAction string
    Forward proxy bypass default action. (enabled / disabled)
    FullPath string
    full path of the profile
    Generation int
    generation
    GenericAlert string
    Generic alerts enabled / disabled.
    HandshakeTimeout string
    Handshake time out (seconds)
    InheritCertKeychain string
    Inherit cert key chain
    Key string
    Contains a key name
    ModSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    Mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    OcspStapling string
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    Partition string
    name of partition
    Passphrase string
    Client Certificate Constrained Delegation CA passphrase
    PeerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    ProxyCaCert string
    Proxy CA Cert
    ProxyCaKey string
    Proxy CA Key
    ProxyCaPassphrase string
    Proxy CA Passphrase
    ProxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    ProxySslPassthrough string
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    RenegotiatePeriod string
    Renogotiate Period (seconds)
    RenegotiateSize string
    Renogotiate Size
    Renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    RetainCertificate string
    When true, client certificate is retained in SSL session.
    SecureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    ServerName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    SessionMirroring string
    Session Mirroring (enabled / disabled)
    SessionTicket string
    Session Ticket (enabled / disabled)
    SniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    SniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    SslC3d string
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    SslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    SslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    SslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    StrictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    TmOptions List<string>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    UncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    Name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    AlertTimeout string
    Alert time out
    AllowExpiredCrl string
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    AllowNonSsl string
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    Authenticate string
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    AuthenticateDepth int
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    C3dClientFallbackCert string
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    C3dDropUnknownOcspStatus string
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    C3dOcsp string
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    CaFile string
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    CacheSize int
    Cache size (sessions).
    CacheTimeout int
    Cache time out
    Cert string
    Specifies a cert name for use.
    CertExtensionIncludes []string
    Cert extension includes for ssl forward proxy
    CertKeyChain ProfileClientSslCertKeyChainArgs

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    CertLifeSpan int
    Life span of the certificate in days for ssl forward proxy
    CertLookupByIpaddrPort string
    Cert lookup by ip address and port enabled / disabled
    Chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    CipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    Ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    ClientCertCa string
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    CrlFile string
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    DefaultsFrom string
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    ForwardProxyBypassDefaultAction string
    Forward proxy bypass default action. (enabled / disabled)
    FullPath string
    full path of the profile
    Generation int
    generation
    GenericAlert string
    Generic alerts enabled / disabled.
    HandshakeTimeout string
    Handshake time out (seconds)
    InheritCertKeychain string
    Inherit cert key chain
    Key string
    Contains a key name
    ModSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    Mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    OcspStapling string
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    Partition string
    name of partition
    Passphrase string
    Client Certificate Constrained Delegation CA passphrase
    PeerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    ProxyCaCert string
    Proxy CA Cert
    ProxyCaKey string
    Proxy CA Key
    ProxyCaPassphrase string
    Proxy CA Passphrase
    ProxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    ProxySslPassthrough string
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    RenegotiatePeriod string
    Renogotiate Period (seconds)
    RenegotiateSize string
    Renogotiate Size
    Renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    RetainCertificate string
    When true, client certificate is retained in SSL session.
    SecureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    ServerName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    SessionMirroring string
    Session Mirroring (enabled / disabled)
    SessionTicket string
    Session Ticket (enabled / disabled)
    SniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    SniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    SslC3d string
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    SslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    SslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    SslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    StrictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    TmOptions []string
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    UncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    name String
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    alertTimeout String
    Alert time out
    allowExpiredCrl String
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    allowNonSsl String
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    authenticate String
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    authenticateDepth Integer
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    c3dClientFallbackCert String
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    c3dDropUnknownOcspStatus String
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    c3dOcsp String
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    caFile String
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    cacheSize Integer
    Cache size (sessions).
    cacheTimeout Integer
    Cache time out
    cert String
    Specifies a cert name for use.
    certExtensionIncludes List<String>
    Cert extension includes for ssl forward proxy
    certKeyChain ProfileClientSslCertKeyChain

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    certLifeSpan Integer
    Life span of the certificate in days for ssl forward proxy
    certLookupByIpaddrPort String
    Cert lookup by ip address and port enabled / disabled
    chain String
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    cipherGroup String
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers String
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    clientCertCa String
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    crlFile String
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    defaultsFrom String
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    forwardProxyBypassDefaultAction String
    Forward proxy bypass default action. (enabled / disabled)
    fullPath String
    full path of the profile
    generation Integer
    generation
    genericAlert String
    Generic alerts enabled / disabled.
    handshakeTimeout String
    Handshake time out (seconds)
    inheritCertKeychain String
    Inherit cert key chain
    key String
    Contains a key name
    modSslMethods String
    ModSSL Methods enabled / disabled. Default is disabled.
    mode String
    ModSSL Methods enabled / disabled. Default is disabled.
    ocspStapling String
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    partition String
    name of partition
    passphrase String
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode String
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert String
    Proxy CA Cert
    proxyCaKey String
    Proxy CA Key
    proxyCaPassphrase String
    Proxy CA Passphrase
    proxySsl String
    Proxy SSL enabled / disabled. Default is disabled.
    proxySslPassthrough String
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    renegotiatePeriod String
    Renogotiate Period (seconds)
    renegotiateSize String
    Renogotiate Size
    renegotiation String
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate String
    When true, client certificate is retained in SSL session.
    secureRenegotiation String
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName String
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring String
    Session Mirroring (enabled / disabled)
    sessionTicket String
    Session Ticket (enabled / disabled)
    sniDefault String
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire String
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d String
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    sslForwardProxy String
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass String
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash String
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume String
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions List<String>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown String
    Unclean Shutdown (enabled / disabled)
    name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    alertTimeout string
    Alert time out
    allowExpiredCrl string
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    allowNonSsl string
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    authenticate string
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    authenticateDepth number
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    c3dClientFallbackCert string
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    c3dDropUnknownOcspStatus string
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    c3dOcsp string
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    caFile string
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    cacheSize number
    Cache size (sessions).
    cacheTimeout number
    Cache time out
    cert string
    Specifies a cert name for use.
    certExtensionIncludes string[]
    Cert extension includes for ssl forward proxy
    certKeyChain ProfileClientSslCertKeyChain

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    certLifeSpan number
    Life span of the certificate in days for ssl forward proxy
    certLookupByIpaddrPort string
    Cert lookup by ip address and port enabled / disabled
    chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    cipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    clientCertCa string
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    crlFile string
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    defaultsFrom string
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    forwardProxyBypassDefaultAction string
    Forward proxy bypass default action. (enabled / disabled)
    fullPath string
    full path of the profile
    generation number
    generation
    genericAlert string
    Generic alerts enabled / disabled.
    handshakeTimeout string
    Handshake time out (seconds)
    inheritCertKeychain string
    Inherit cert key chain
    key string
    Contains a key name
    modSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    ocspStapling string
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    partition string
    name of partition
    passphrase string
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert string
    Proxy CA Cert
    proxyCaKey string
    Proxy CA Key
    proxyCaPassphrase string
    Proxy CA Passphrase
    proxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    proxySslPassthrough string
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    renegotiatePeriod string
    Renogotiate Period (seconds)
    renegotiateSize string
    Renogotiate Size
    renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate string
    When true, client certificate is retained in SSL session.
    secureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring string
    Session Mirroring (enabled / disabled)
    sessionTicket string
    Session Ticket (enabled / disabled)
    sniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d string
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    sslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions string[]
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    name str
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    alert_timeout str
    Alert time out
    allow_expired_crl str
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    allow_non_ssl str
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    authenticate str
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    authenticate_depth int
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    c3d_client_fallback_cert str
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    c3d_drop_unknown_ocsp_status str
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    c3d_ocsp str
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    ca_file str
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    cache_size int
    Cache size (sessions).
    cache_timeout int
    Cache time out
    cert str
    Specifies a cert name for use.
    cert_extension_includes Sequence[str]
    Cert extension includes for ssl forward proxy
    cert_key_chain ProfileClientSslCertKeyChainArgs

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    cert_life_span int
    Life span of the certificate in days for ssl forward proxy
    cert_lookup_by_ipaddr_port str
    Cert lookup by ip address and port enabled / disabled
    chain str
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    cipher_group str
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers str
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    client_cert_ca str
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    crl_file str
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    defaults_from str
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    forward_proxy_bypass_default_action str
    Forward proxy bypass default action. (enabled / disabled)
    full_path str
    full path of the profile
    generation int
    generation
    generic_alert str
    Generic alerts enabled / disabled.
    handshake_timeout str
    Handshake time out (seconds)
    inherit_cert_keychain str
    Inherit cert key chain
    key str
    Contains a key name
    mod_ssl_methods str
    ModSSL Methods enabled / disabled. Default is disabled.
    mode str
    ModSSL Methods enabled / disabled. Default is disabled.
    ocsp_stapling str
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    partition str
    name of partition
    passphrase str
    Client Certificate Constrained Delegation CA passphrase
    peer_cert_mode str
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxy_ca_cert str
    Proxy CA Cert
    proxy_ca_key str
    Proxy CA Key
    proxy_ca_passphrase str
    Proxy CA Passphrase
    proxy_ssl str
    Proxy SSL enabled / disabled. Default is disabled.
    proxy_ssl_passthrough str
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    renegotiate_period str
    Renogotiate Period (seconds)
    renegotiate_size str
    Renogotiate Size
    renegotiation str
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retain_certificate str
    When true, client certificate is retained in SSL session.
    secure_renegotiation str
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    server_name str
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    session_mirroring str
    Session Mirroring (enabled / disabled)
    session_ticket str
    Session Ticket (enabled / disabled)
    sni_default str
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sni_require str
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    ssl_c3d str
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    ssl_forward_proxy str
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    ssl_forward_proxy_bypass str
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    ssl_sign_hash str
    SSL sign hash (any, sha1, sha256, sha384)
    strict_resume str
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tm_options Sequence[str]
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    unclean_shutdown str
    Unclean Shutdown (enabled / disabled)
    name String
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    alertTimeout String
    Alert time out
    allowExpiredCrl String
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    allowNonSsl String
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    authenticate String
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    authenticateDepth Number
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    c3dClientFallbackCert String
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    c3dDropUnknownOcspStatus String
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    c3dOcsp String
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    caFile String
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    cacheSize Number
    Cache size (sessions).
    cacheTimeout Number
    Cache time out
    cert String
    Specifies a cert name for use.
    certExtensionIncludes List<String>
    Cert extension includes for ssl forward proxy
    certKeyChain Property Map

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    certLifeSpan Number
    Life span of the certificate in days for ssl forward proxy
    certLookupByIpaddrPort String
    Cert lookup by ip address and port enabled / disabled
    chain String
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    cipherGroup String
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers String
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    clientCertCa String
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    crlFile String
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    defaultsFrom String
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    forwardProxyBypassDefaultAction String
    Forward proxy bypass default action. (enabled / disabled)
    fullPath String
    full path of the profile
    generation Number
    generation
    genericAlert String
    Generic alerts enabled / disabled.
    handshakeTimeout String
    Handshake time out (seconds)
    inheritCertKeychain String
    Inherit cert key chain
    key String
    Contains a key name
    modSslMethods String
    ModSSL Methods enabled / disabled. Default is disabled.
    mode String
    ModSSL Methods enabled / disabled. Default is disabled.
    ocspStapling String
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    partition String
    name of partition
    passphrase String
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode String
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert String
    Proxy CA Cert
    proxyCaKey String
    Proxy CA Key
    proxyCaPassphrase String
    Proxy CA Passphrase
    proxySsl String
    Proxy SSL enabled / disabled. Default is disabled.
    proxySslPassthrough String
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    renegotiatePeriod String
    Renogotiate Period (seconds)
    renegotiateSize String
    Renogotiate Size
    renegotiation String
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate String
    When true, client certificate is retained in SSL session.
    secureRenegotiation String
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName String
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring String
    Session Mirroring (enabled / disabled)
    sessionTicket String
    Session Ticket (enabled / disabled)
    sniDefault String
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire String
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d String
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    sslForwardProxy String
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass String
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash String
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume String
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions List<String>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown String
    Unclean Shutdown (enabled / disabled)

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ProfileClientSsl resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ProfileClientSsl Resource

    Get an existing ProfileClientSsl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ProfileClientSslState, opts?: CustomResourceOptions): ProfileClientSsl
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            alert_timeout: Optional[str] = None,
            allow_expired_crl: Optional[str] = None,
            allow_non_ssl: Optional[str] = None,
            authenticate: Optional[str] = None,
            authenticate_depth: Optional[int] = None,
            c3d_client_fallback_cert: Optional[str] = None,
            c3d_drop_unknown_ocsp_status: Optional[str] = None,
            c3d_ocsp: Optional[str] = None,
            ca_file: Optional[str] = None,
            cache_size: Optional[int] = None,
            cache_timeout: Optional[int] = None,
            cert: Optional[str] = None,
            cert_extension_includes: Optional[Sequence[str]] = None,
            cert_key_chain: Optional[ProfileClientSslCertKeyChainArgs] = None,
            cert_life_span: Optional[int] = None,
            cert_lookup_by_ipaddr_port: Optional[str] = None,
            chain: Optional[str] = None,
            cipher_group: Optional[str] = None,
            ciphers: Optional[str] = None,
            client_cert_ca: Optional[str] = None,
            crl_file: Optional[str] = None,
            defaults_from: Optional[str] = None,
            forward_proxy_bypass_default_action: Optional[str] = None,
            full_path: Optional[str] = None,
            generation: Optional[int] = None,
            generic_alert: Optional[str] = None,
            handshake_timeout: Optional[str] = None,
            inherit_cert_keychain: Optional[str] = None,
            key: Optional[str] = None,
            mod_ssl_methods: Optional[str] = None,
            mode: Optional[str] = None,
            name: Optional[str] = None,
            ocsp_stapling: Optional[str] = None,
            partition: Optional[str] = None,
            passphrase: Optional[str] = None,
            peer_cert_mode: Optional[str] = None,
            proxy_ca_cert: Optional[str] = None,
            proxy_ca_key: Optional[str] = None,
            proxy_ca_passphrase: Optional[str] = None,
            proxy_ssl: Optional[str] = None,
            proxy_ssl_passthrough: Optional[str] = None,
            renegotiate_period: Optional[str] = None,
            renegotiate_size: Optional[str] = None,
            renegotiation: Optional[str] = None,
            retain_certificate: Optional[str] = None,
            secure_renegotiation: Optional[str] = None,
            server_name: Optional[str] = None,
            session_mirroring: Optional[str] = None,
            session_ticket: Optional[str] = None,
            sni_default: Optional[str] = None,
            sni_require: Optional[str] = None,
            ssl_c3d: Optional[str] = None,
            ssl_forward_proxy: Optional[str] = None,
            ssl_forward_proxy_bypass: Optional[str] = None,
            ssl_sign_hash: Optional[str] = None,
            strict_resume: Optional[str] = None,
            tm_options: Optional[Sequence[str]] = None,
            unclean_shutdown: Optional[str] = None) -> ProfileClientSsl
    func GetProfileClientSsl(ctx *Context, name string, id IDInput, state *ProfileClientSslState, opts ...ResourceOption) (*ProfileClientSsl, error)
    public static ProfileClientSsl Get(string name, Input<string> id, ProfileClientSslState? state, CustomResourceOptions? opts = null)
    public static ProfileClientSsl get(String name, Output<String> id, ProfileClientSslState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AlertTimeout string
    Alert time out
    AllowExpiredCrl string
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    AllowNonSsl string
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    Authenticate string
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    AuthenticateDepth int
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    C3dClientFallbackCert string
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    C3dDropUnknownOcspStatus string
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    C3dOcsp string
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    CaFile string
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    CacheSize int
    Cache size (sessions).
    CacheTimeout int
    Cache time out
    Cert string
    Specifies a cert name for use.
    CertExtensionIncludes List<string>
    Cert extension includes for ssl forward proxy
    CertKeyChain Pulumi.F5BigIP.Ltm.Inputs.ProfileClientSslCertKeyChain

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    CertLifeSpan int
    Life span of the certificate in days for ssl forward proxy
    CertLookupByIpaddrPort string
    Cert lookup by ip address and port enabled / disabled
    Chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    CipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    Ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    ClientCertCa string
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    CrlFile string
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    DefaultsFrom string
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    ForwardProxyBypassDefaultAction string
    Forward proxy bypass default action. (enabled / disabled)
    FullPath string
    full path of the profile
    Generation int
    generation
    GenericAlert string
    Generic alerts enabled / disabled.
    HandshakeTimeout string
    Handshake time out (seconds)
    InheritCertKeychain string
    Inherit cert key chain
    Key string
    Contains a key name
    ModSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    Mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    Name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    OcspStapling string
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    Partition string
    name of partition
    Passphrase string
    Client Certificate Constrained Delegation CA passphrase
    PeerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    ProxyCaCert string
    Proxy CA Cert
    ProxyCaKey string
    Proxy CA Key
    ProxyCaPassphrase string
    Proxy CA Passphrase
    ProxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    ProxySslPassthrough string
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    RenegotiatePeriod string
    Renogotiate Period (seconds)
    RenegotiateSize string
    Renogotiate Size
    Renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    RetainCertificate string
    When true, client certificate is retained in SSL session.
    SecureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    ServerName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    SessionMirroring string
    Session Mirroring (enabled / disabled)
    SessionTicket string
    Session Ticket (enabled / disabled)
    SniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    SniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    SslC3d string
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    SslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    SslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    SslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    StrictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    TmOptions List<string>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    UncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    AlertTimeout string
    Alert time out
    AllowExpiredCrl string
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    AllowNonSsl string
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    Authenticate string
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    AuthenticateDepth int
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    C3dClientFallbackCert string
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    C3dDropUnknownOcspStatus string
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    C3dOcsp string
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    CaFile string
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    CacheSize int
    Cache size (sessions).
    CacheTimeout int
    Cache time out
    Cert string
    Specifies a cert name for use.
    CertExtensionIncludes []string
    Cert extension includes for ssl forward proxy
    CertKeyChain ProfileClientSslCertKeyChainArgs

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    CertLifeSpan int
    Life span of the certificate in days for ssl forward proxy
    CertLookupByIpaddrPort string
    Cert lookup by ip address and port enabled / disabled
    Chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    CipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    Ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    ClientCertCa string
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    CrlFile string
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    DefaultsFrom string
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    ForwardProxyBypassDefaultAction string
    Forward proxy bypass default action. (enabled / disabled)
    FullPath string
    full path of the profile
    Generation int
    generation
    GenericAlert string
    Generic alerts enabled / disabled.
    HandshakeTimeout string
    Handshake time out (seconds)
    InheritCertKeychain string
    Inherit cert key chain
    Key string
    Contains a key name
    ModSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    Mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    Name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    OcspStapling string
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    Partition string
    name of partition
    Passphrase string
    Client Certificate Constrained Delegation CA passphrase
    PeerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    ProxyCaCert string
    Proxy CA Cert
    ProxyCaKey string
    Proxy CA Key
    ProxyCaPassphrase string
    Proxy CA Passphrase
    ProxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    ProxySslPassthrough string
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    RenegotiatePeriod string
    Renogotiate Period (seconds)
    RenegotiateSize string
    Renogotiate Size
    Renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    RetainCertificate string
    When true, client certificate is retained in SSL session.
    SecureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    ServerName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    SessionMirroring string
    Session Mirroring (enabled / disabled)
    SessionTicket string
    Session Ticket (enabled / disabled)
    SniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    SniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    SslC3d string
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    SslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    SslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    SslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    StrictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    TmOptions []string
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    UncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    alertTimeout String
    Alert time out
    allowExpiredCrl String
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    allowNonSsl String
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    authenticate String
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    authenticateDepth Integer
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    c3dClientFallbackCert String
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    c3dDropUnknownOcspStatus String
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    c3dOcsp String
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    caFile String
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    cacheSize Integer
    Cache size (sessions).
    cacheTimeout Integer
    Cache time out
    cert String
    Specifies a cert name for use.
    certExtensionIncludes List<String>
    Cert extension includes for ssl forward proxy
    certKeyChain ProfileClientSslCertKeyChain

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    certLifeSpan Integer
    Life span of the certificate in days for ssl forward proxy
    certLookupByIpaddrPort String
    Cert lookup by ip address and port enabled / disabled
    chain String
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    cipherGroup String
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers String
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    clientCertCa String
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    crlFile String
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    defaultsFrom String
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    forwardProxyBypassDefaultAction String
    Forward proxy bypass default action. (enabled / disabled)
    fullPath String
    full path of the profile
    generation Integer
    generation
    genericAlert String
    Generic alerts enabled / disabled.
    handshakeTimeout String
    Handshake time out (seconds)
    inheritCertKeychain String
    Inherit cert key chain
    key String
    Contains a key name
    modSslMethods String
    ModSSL Methods enabled / disabled. Default is disabled.
    mode String
    ModSSL Methods enabled / disabled. Default is disabled.
    name String
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    ocspStapling String
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    partition String
    name of partition
    passphrase String
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode String
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert String
    Proxy CA Cert
    proxyCaKey String
    Proxy CA Key
    proxyCaPassphrase String
    Proxy CA Passphrase
    proxySsl String
    Proxy SSL enabled / disabled. Default is disabled.
    proxySslPassthrough String
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    renegotiatePeriod String
    Renogotiate Period (seconds)
    renegotiateSize String
    Renogotiate Size
    renegotiation String
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate String
    When true, client certificate is retained in SSL session.
    secureRenegotiation String
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName String
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring String
    Session Mirroring (enabled / disabled)
    sessionTicket String
    Session Ticket (enabled / disabled)
    sniDefault String
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire String
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d String
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    sslForwardProxy String
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass String
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash String
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume String
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions List<String>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown String
    Unclean Shutdown (enabled / disabled)
    alertTimeout string
    Alert time out
    allowExpiredCrl string
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    allowNonSsl string
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    authenticate string
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    authenticateDepth number
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    c3dClientFallbackCert string
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    c3dDropUnknownOcspStatus string
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    c3dOcsp string
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    caFile string
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    cacheSize number
    Cache size (sessions).
    cacheTimeout number
    Cache time out
    cert string
    Specifies a cert name for use.
    certExtensionIncludes string[]
    Cert extension includes for ssl forward proxy
    certKeyChain ProfileClientSslCertKeyChain

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    certLifeSpan number
    Life span of the certificate in days for ssl forward proxy
    certLookupByIpaddrPort string
    Cert lookup by ip address and port enabled / disabled
    chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    cipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    clientCertCa string
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    crlFile string
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    defaultsFrom string
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    forwardProxyBypassDefaultAction string
    Forward proxy bypass default action. (enabled / disabled)
    fullPath string
    full path of the profile
    generation number
    generation
    genericAlert string
    Generic alerts enabled / disabled.
    handshakeTimeout string
    Handshake time out (seconds)
    inheritCertKeychain string
    Inherit cert key chain
    key string
    Contains a key name
    modSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    ocspStapling string
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    partition string
    name of partition
    passphrase string
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert string
    Proxy CA Cert
    proxyCaKey string
    Proxy CA Key
    proxyCaPassphrase string
    Proxy CA Passphrase
    proxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    proxySslPassthrough string
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    renegotiatePeriod string
    Renogotiate Period (seconds)
    renegotiateSize string
    Renogotiate Size
    renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate string
    When true, client certificate is retained in SSL session.
    secureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring string
    Session Mirroring (enabled / disabled)
    sessionTicket string
    Session Ticket (enabled / disabled)
    sniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d string
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    sslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions string[]
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    alert_timeout str
    Alert time out
    allow_expired_crl str
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    allow_non_ssl str
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    authenticate str
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    authenticate_depth int
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    c3d_client_fallback_cert str
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    c3d_drop_unknown_ocsp_status str
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    c3d_ocsp str
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    ca_file str
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    cache_size int
    Cache size (sessions).
    cache_timeout int
    Cache time out
    cert str
    Specifies a cert name for use.
    cert_extension_includes Sequence[str]
    Cert extension includes for ssl forward proxy
    cert_key_chain ProfileClientSslCertKeyChainArgs

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    cert_life_span int
    Life span of the certificate in days for ssl forward proxy
    cert_lookup_by_ipaddr_port str
    Cert lookup by ip address and port enabled / disabled
    chain str
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    cipher_group str
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers str
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    client_cert_ca str
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    crl_file str
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    defaults_from str
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    forward_proxy_bypass_default_action str
    Forward proxy bypass default action. (enabled / disabled)
    full_path str
    full path of the profile
    generation int
    generation
    generic_alert str
    Generic alerts enabled / disabled.
    handshake_timeout str
    Handshake time out (seconds)
    inherit_cert_keychain str
    Inherit cert key chain
    key str
    Contains a key name
    mod_ssl_methods str
    ModSSL Methods enabled / disabled. Default is disabled.
    mode str
    ModSSL Methods enabled / disabled. Default is disabled.
    name str
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    ocsp_stapling str
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    partition str
    name of partition
    passphrase str
    Client Certificate Constrained Delegation CA passphrase
    peer_cert_mode str
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxy_ca_cert str
    Proxy CA Cert
    proxy_ca_key str
    Proxy CA Key
    proxy_ca_passphrase str
    Proxy CA Passphrase
    proxy_ssl str
    Proxy SSL enabled / disabled. Default is disabled.
    proxy_ssl_passthrough str
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    renegotiate_period str
    Renogotiate Period (seconds)
    renegotiate_size str
    Renogotiate Size
    renegotiation str
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retain_certificate str
    When true, client certificate is retained in SSL session.
    secure_renegotiation str
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    server_name str
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    session_mirroring str
    Session Mirroring (enabled / disabled)
    session_ticket str
    Session Ticket (enabled / disabled)
    sni_default str
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sni_require str
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    ssl_c3d str
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    ssl_forward_proxy str
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    ssl_forward_proxy_bypass str
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    ssl_sign_hash str
    SSL sign hash (any, sha1, sha256, sha384)
    strict_resume str
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tm_options Sequence[str]
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    unclean_shutdown str
    Unclean Shutdown (enabled / disabled)
    alertTimeout String
    Alert time out
    allowExpiredCrl String
    Instructs the system to use the specified CRL file even if it has expired. The default is disabled.
    allowNonSsl String
    Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
    authenticate String
    Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
    authenticateDepth Number
    Specifies the maximum number of certificates to be traversed in a client certificate chain
    c3dClientFallbackCert String
    Specifies the client certificate to use in SSL client certificate constrained delegation. This certificate will be used if client does not provide a cert during the SSL handshake. The default value is none.
    c3dDropUnknownOcspStatus String
    Specifies the BIG-IP action when the OCSP responder returns unknown status. The default value is drop, which causes the onnection to be dropped. Conversely, you can specify ignore, which causes the connection to ignore the unknown status and continue.
    c3dOcsp String
    Specifies the SSL client certificate constrained delegation OCSP object that the BIG-IP SSL should use to connect to the OCSP responder and check the client certificate status.
    caFile String
    (Trusted Certificate Authorities)Specifies a client CA that the system trusts. The default is None.
    cacheSize Number
    Cache size (sessions).
    cacheTimeout Number
    Cache time out
    cert String
    Specifies a cert name for use.
    certExtensionIncludes List<String>
    Cert extension includes for ssl forward proxy
    certKeyChain Property Map

    Deprecated: This Field 'cert_key_chain' going to deprecate in future version, please specify with cert,key,chain,passphrase as separate attribute.

    certLifeSpan Number
    Life span of the certificate in days for ssl forward proxy
    certLookupByIpaddrPort String
    Cert lookup by ip address and port enabled / disabled
    chain String
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    cipherGroup String
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers String
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    clientCertCa String
    (Advertised Certificate Authorities)Specifies that the CAs that the system advertises to clients is being trusted by the profile. The default is None.
    crlFile String
    Specifies the name of a file containing a list of revoked client certificates. The default is None.
    defaultsFrom String
    Parent profile for this clientssl profile.Once this value has been set, it cannot be changed. Default value is /Common/clientssl. It Should Full path /partition/profile_name
    forwardProxyBypassDefaultAction String
    Forward proxy bypass default action. (enabled / disabled)
    fullPath String
    full path of the profile
    generation Number
    generation
    genericAlert String
    Generic alerts enabled / disabled.
    handshakeTimeout String
    Handshake time out (seconds)
    inheritCertKeychain String
    Inherit cert key chain
    key String
    Contains a key name
    modSslMethods String
    ModSSL Methods enabled / disabled. Default is disabled.
    mode String
    ModSSL Methods enabled / disabled. Default is disabled.
    name String
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    ocspStapling String
    Specifies whether the system uses OCSP stapling. The default value is disabled.
    partition String
    name of partition
    passphrase String
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode String
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert String
    Proxy CA Cert
    proxyCaKey String
    Proxy CA Key
    proxyCaPassphrase String
    Proxy CA Passphrase
    proxySsl String
    Proxy SSL enabled / disabled. Default is disabled.
    proxySslPassthrough String
    Proxy SSL passthrough enabled / disabled. Default is disabled.
    renegotiatePeriod String
    Renogotiate Period (seconds)
    renegotiateSize String
    Renogotiate Size
    renegotiation String
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate String
    When true, client certificate is retained in SSL session.
    secureRenegotiation String
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName String
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring String
    Session Mirroring (enabled / disabled)
    sessionTicket String
    Session Ticket (enabled / disabled)
    sniDefault String
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire String
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d String
    Enables or disables SSL client certificate constrained delegation. The default option is disabled. Conversely, you can specify enabled to use the SSL client certificate constrained delegation.
    sslForwardProxy String
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass String
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash String
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume String
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions List<String>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown String
    Unclean Shutdown (enabled / disabled)

    Supporting Types

    ProfileClientSslCertKeyChain, ProfileClientSslCertKeyChainArgs

    Cert string
    Specifies a cert name for use.
    Chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    Key string
    Contains a key name
    Name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    Passphrase string
    Key passphrase
    Cert string
    Specifies a cert name for use.
    Chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    Key string
    Contains a key name
    Name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    Passphrase string
    Key passphrase
    cert String
    Specifies a cert name for use.
    chain String
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    key String
    Contains a key name
    name String
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    passphrase String
    Key passphrase
    cert string
    Specifies a cert name for use.
    chain string
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    key string
    Contains a key name
    name string
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    passphrase string
    Key passphrase
    cert str
    Specifies a cert name for use.
    chain str
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    key str
    Contains a key name
    name str
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    passphrase str
    Key passphrase
    cert String
    Specifies a cert name for use.
    chain String
    Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
    key String
    Contains a key name
    name String
    Specifies the name of the profile.Name of Profile should be full path.The full path is the combination of the partition + profile name,For example /Common/test-clientssl-profile.
    passphrase String
    Key passphrase

    Import

    ing

    An existing client-ssl profile can be imported into this resource by supplying client-ssl profile Name in full path as id. An example is below:

    $ terraform import bigip_ltm_profile_client_ssl.test-ClientSsl-import /Common/test-ClientSsl
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    f5 BIG-IP pulumi/pulumi-f5bigip
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the bigip Terraform Provider.
    f5bigip logo
    f5 BIG-IP v3.17.6 published on Monday, Oct 28, 2024 by Pulumi