1. Packages
  2. Bigip Provider
  3. API Docs
  4. ltm
  5. ProfileServerSsl
f5 BIG-IP v3.17.6 published on Monday, Oct 28, 2024 by Pulumi

f5bigip.ltm.ProfileServerSsl

Explore with Pulumi AI

f5bigip logo
f5 BIG-IP v3.17.6 published on Monday, Oct 28, 2024 by Pulumi

    f5bigip.ltm.ProfileServerSsl Manages server SSL profiles on a BIG-IP

    Resources should be named with their “full path”. The full path is the combination of the partition + name (example: /Common/my-pool ) or partition + directory + name of the resource (example: /Common/test/my-pool )

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as f5bigip from "@pulumi/f5bigip";
    
    const test_ServerSsl = new f5bigip.ltm.ProfileServerSsl("test-ServerSsl", {
        name: "/Common/test-ServerSsl",
        defaultsFrom: "/Common/serverssl",
        authenticate: "always",
        ciphers: "DEFAULT",
    });
    
    import pulumi
    import pulumi_f5bigip as f5bigip
    
    test__server_ssl = f5bigip.ltm.ProfileServerSsl("test-ServerSsl",
        name="/Common/test-ServerSsl",
        defaults_from="/Common/serverssl",
        authenticate="always",
        ciphers="DEFAULT")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip/ltm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ltm.NewProfileServerSsl(ctx, "test-ServerSsl", &ltm.ProfileServerSslArgs{
    			Name:         pulumi.String("/Common/test-ServerSsl"),
    			DefaultsFrom: pulumi.String("/Common/serverssl"),
    			Authenticate: pulumi.String("always"),
    			Ciphers:      pulumi.String("DEFAULT"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using F5BigIP = Pulumi.F5BigIP;
    
    return await Deployment.RunAsync(() => 
    {
        var test_ServerSsl = new F5BigIP.Ltm.ProfileServerSsl("test-ServerSsl", new()
        {
            Name = "/Common/test-ServerSsl",
            DefaultsFrom = "/Common/serverssl",
            Authenticate = "always",
            Ciphers = "DEFAULT",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.f5bigip.ltm.ProfileServerSsl;
    import com.pulumi.f5bigip.ltm.ProfileServerSslArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test_ServerSsl = new ProfileServerSsl("test-ServerSsl", ProfileServerSslArgs.builder()
                .name("/Common/test-ServerSsl")
                .defaultsFrom("/Common/serverssl")
                .authenticate("always")
                .ciphers("DEFAULT")
                .build());
    
        }
    }
    
    resources:
      test-ServerSsl:
        type: f5bigip:ltm:ProfileServerSsl
        properties:
          name: /Common/test-ServerSsl
          defaultsFrom: /Common/serverssl
          authenticate: always
          ciphers: DEFAULT
    

    Create ProfileServerSsl Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ProfileServerSsl(name: string, args: ProfileServerSslArgs, opts?: CustomResourceOptions);
    @overload
    def ProfileServerSsl(resource_name: str,
                         args: ProfileServerSslArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def ProfileServerSsl(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         name: Optional[str] = None,
                         alert_timeout: Optional[str] = None,
                         authenticate: Optional[str] = None,
                         authenticate_depth: Optional[int] = None,
                         c3d_ca_cert: Optional[str] = None,
                         c3d_ca_key: Optional[str] = None,
                         c3d_ca_passphrase: Optional[str] = None,
                         c3d_cert_extension_custom_oids: Optional[Sequence[str]] = None,
                         c3d_cert_extension_includes: Optional[Sequence[str]] = None,
                         c3d_cert_lifespan: Optional[int] = None,
                         c3d_certificate_extensions: Optional[str] = None,
                         ca_file: Optional[str] = None,
                         cache_size: Optional[int] = None,
                         cache_timeout: Optional[int] = None,
                         cert: Optional[str] = None,
                         chain: Optional[str] = None,
                         cipher_group: Optional[str] = None,
                         ciphers: Optional[str] = None,
                         defaults_from: Optional[str] = None,
                         expire_cert_response_control: Optional[str] = None,
                         full_path: Optional[str] = None,
                         generation: Optional[int] = None,
                         generic_alert: Optional[str] = None,
                         handshake_timeout: Optional[str] = None,
                         key: Optional[str] = None,
                         mod_ssl_methods: Optional[str] = None,
                         mode: Optional[str] = None,
                         partition: Optional[str] = None,
                         passphrase: Optional[str] = None,
                         peer_cert_mode: Optional[str] = None,
                         proxy_ca_cert: Optional[str] = None,
                         proxy_ca_key: Optional[str] = None,
                         proxy_ssl: Optional[str] = None,
                         renegotiate_period: Optional[str] = None,
                         renegotiate_size: Optional[str] = None,
                         renegotiation: Optional[str] = None,
                         retain_certificate: Optional[str] = None,
                         secure_renegotiation: Optional[str] = None,
                         server_name: Optional[str] = None,
                         session_mirroring: Optional[str] = None,
                         session_ticket: Optional[str] = None,
                         sni_default: Optional[str] = None,
                         sni_require: Optional[str] = None,
                         ssl_c3d: Optional[str] = None,
                         ssl_forward_proxy: Optional[str] = None,
                         ssl_forward_proxy_bypass: Optional[str] = None,
                         ssl_sign_hash: Optional[str] = None,
                         strict_resume: Optional[str] = None,
                         tm_options: Optional[Sequence[str]] = None,
                         unclean_shutdown: Optional[str] = None,
                         untrusted_cert_response_control: Optional[str] = None)
    func NewProfileServerSsl(ctx *Context, name string, args ProfileServerSslArgs, opts ...ResourceOption) (*ProfileServerSsl, error)
    public ProfileServerSsl(string name, ProfileServerSslArgs args, CustomResourceOptions? opts = null)
    public ProfileServerSsl(String name, ProfileServerSslArgs args)
    public ProfileServerSsl(String name, ProfileServerSslArgs args, CustomResourceOptions options)
    
    type: f5bigip:ltm:ProfileServerSsl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ProfileServerSslArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ProfileServerSslArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ProfileServerSslArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ProfileServerSslArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ProfileServerSslArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var profileServerSslResource = new F5BigIP.Ltm.ProfileServerSsl("profileServerSslResource", new()
    {
        Name = "string",
        AlertTimeout = "string",
        Authenticate = "string",
        AuthenticateDepth = 0,
        C3dCaCert = "string",
        C3dCaKey = "string",
        C3dCaPassphrase = "string",
        C3dCertExtensionCustomOids = new[]
        {
            "string",
        },
        C3dCertExtensionIncludes = new[]
        {
            "string",
        },
        C3dCertLifespan = 0,
        C3dCertificateExtensions = "string",
        CaFile = "string",
        CacheSize = 0,
        CacheTimeout = 0,
        Cert = "string",
        Chain = "string",
        CipherGroup = "string",
        Ciphers = "string",
        DefaultsFrom = "string",
        ExpireCertResponseControl = "string",
        FullPath = "string",
        Generation = 0,
        GenericAlert = "string",
        HandshakeTimeout = "string",
        Key = "string",
        ModSslMethods = "string",
        Mode = "string",
        Partition = "string",
        Passphrase = "string",
        PeerCertMode = "string",
        ProxyCaCert = "string",
        ProxyCaKey = "string",
        ProxySsl = "string",
        RenegotiatePeriod = "string",
        RenegotiateSize = "string",
        Renegotiation = "string",
        RetainCertificate = "string",
        SecureRenegotiation = "string",
        ServerName = "string",
        SessionMirroring = "string",
        SessionTicket = "string",
        SniDefault = "string",
        SniRequire = "string",
        SslC3d = "string",
        SslForwardProxy = "string",
        SslForwardProxyBypass = "string",
        SslSignHash = "string",
        StrictResume = "string",
        TmOptions = new[]
        {
            "string",
        },
        UncleanShutdown = "string",
        UntrustedCertResponseControl = "string",
    });
    
    example, err := ltm.NewProfileServerSsl(ctx, "profileServerSslResource", &ltm.ProfileServerSslArgs{
    	Name:              pulumi.String("string"),
    	AlertTimeout:      pulumi.String("string"),
    	Authenticate:      pulumi.String("string"),
    	AuthenticateDepth: pulumi.Int(0),
    	C3dCaCert:         pulumi.String("string"),
    	C3dCaKey:          pulumi.String("string"),
    	C3dCaPassphrase:   pulumi.String("string"),
    	C3dCertExtensionCustomOids: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	C3dCertExtensionIncludes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	C3dCertLifespan:           pulumi.Int(0),
    	C3dCertificateExtensions:  pulumi.String("string"),
    	CaFile:                    pulumi.String("string"),
    	CacheSize:                 pulumi.Int(0),
    	CacheTimeout:              pulumi.Int(0),
    	Cert:                      pulumi.String("string"),
    	Chain:                     pulumi.String("string"),
    	CipherGroup:               pulumi.String("string"),
    	Ciphers:                   pulumi.String("string"),
    	DefaultsFrom:              pulumi.String("string"),
    	ExpireCertResponseControl: pulumi.String("string"),
    	FullPath:                  pulumi.String("string"),
    	Generation:                pulumi.Int(0),
    	GenericAlert:              pulumi.String("string"),
    	HandshakeTimeout:          pulumi.String("string"),
    	Key:                       pulumi.String("string"),
    	ModSslMethods:             pulumi.String("string"),
    	Mode:                      pulumi.String("string"),
    	Partition:                 pulumi.String("string"),
    	Passphrase:                pulumi.String("string"),
    	PeerCertMode:              pulumi.String("string"),
    	ProxyCaCert:               pulumi.String("string"),
    	ProxyCaKey:                pulumi.String("string"),
    	ProxySsl:                  pulumi.String("string"),
    	RenegotiatePeriod:         pulumi.String("string"),
    	RenegotiateSize:           pulumi.String("string"),
    	Renegotiation:             pulumi.String("string"),
    	RetainCertificate:         pulumi.String("string"),
    	SecureRenegotiation:       pulumi.String("string"),
    	ServerName:                pulumi.String("string"),
    	SessionMirroring:          pulumi.String("string"),
    	SessionTicket:             pulumi.String("string"),
    	SniDefault:                pulumi.String("string"),
    	SniRequire:                pulumi.String("string"),
    	SslC3d:                    pulumi.String("string"),
    	SslForwardProxy:           pulumi.String("string"),
    	SslForwardProxyBypass:     pulumi.String("string"),
    	SslSignHash:               pulumi.String("string"),
    	StrictResume:              pulumi.String("string"),
    	TmOptions: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	UncleanShutdown:              pulumi.String("string"),
    	UntrustedCertResponseControl: pulumi.String("string"),
    })
    
    var profileServerSslResource = new ProfileServerSsl("profileServerSslResource", ProfileServerSslArgs.builder()
        .name("string")
        .alertTimeout("string")
        .authenticate("string")
        .authenticateDepth(0)
        .c3dCaCert("string")
        .c3dCaKey("string")
        .c3dCaPassphrase("string")
        .c3dCertExtensionCustomOids("string")
        .c3dCertExtensionIncludes("string")
        .c3dCertLifespan(0)
        .c3dCertificateExtensions("string")
        .caFile("string")
        .cacheSize(0)
        .cacheTimeout(0)
        .cert("string")
        .chain("string")
        .cipherGroup("string")
        .ciphers("string")
        .defaultsFrom("string")
        .expireCertResponseControl("string")
        .fullPath("string")
        .generation(0)
        .genericAlert("string")
        .handshakeTimeout("string")
        .key("string")
        .modSslMethods("string")
        .mode("string")
        .partition("string")
        .passphrase("string")
        .peerCertMode("string")
        .proxyCaCert("string")
        .proxyCaKey("string")
        .proxySsl("string")
        .renegotiatePeriod("string")
        .renegotiateSize("string")
        .renegotiation("string")
        .retainCertificate("string")
        .secureRenegotiation("string")
        .serverName("string")
        .sessionMirroring("string")
        .sessionTicket("string")
        .sniDefault("string")
        .sniRequire("string")
        .sslC3d("string")
        .sslForwardProxy("string")
        .sslForwardProxyBypass("string")
        .sslSignHash("string")
        .strictResume("string")
        .tmOptions("string")
        .uncleanShutdown("string")
        .untrustedCertResponseControl("string")
        .build());
    
    profile_server_ssl_resource = f5bigip.ltm.ProfileServerSsl("profileServerSslResource",
        name="string",
        alert_timeout="string",
        authenticate="string",
        authenticate_depth=0,
        c3d_ca_cert="string",
        c3d_ca_key="string",
        c3d_ca_passphrase="string",
        c3d_cert_extension_custom_oids=["string"],
        c3d_cert_extension_includes=["string"],
        c3d_cert_lifespan=0,
        c3d_certificate_extensions="string",
        ca_file="string",
        cache_size=0,
        cache_timeout=0,
        cert="string",
        chain="string",
        cipher_group="string",
        ciphers="string",
        defaults_from="string",
        expire_cert_response_control="string",
        full_path="string",
        generation=0,
        generic_alert="string",
        handshake_timeout="string",
        key="string",
        mod_ssl_methods="string",
        mode="string",
        partition="string",
        passphrase="string",
        peer_cert_mode="string",
        proxy_ca_cert="string",
        proxy_ca_key="string",
        proxy_ssl="string",
        renegotiate_period="string",
        renegotiate_size="string",
        renegotiation="string",
        retain_certificate="string",
        secure_renegotiation="string",
        server_name="string",
        session_mirroring="string",
        session_ticket="string",
        sni_default="string",
        sni_require="string",
        ssl_c3d="string",
        ssl_forward_proxy="string",
        ssl_forward_proxy_bypass="string",
        ssl_sign_hash="string",
        strict_resume="string",
        tm_options=["string"],
        unclean_shutdown="string",
        untrusted_cert_response_control="string")
    
    const profileServerSslResource = new f5bigip.ltm.ProfileServerSsl("profileServerSslResource", {
        name: "string",
        alertTimeout: "string",
        authenticate: "string",
        authenticateDepth: 0,
        c3dCaCert: "string",
        c3dCaKey: "string",
        c3dCaPassphrase: "string",
        c3dCertExtensionCustomOids: ["string"],
        c3dCertExtensionIncludes: ["string"],
        c3dCertLifespan: 0,
        c3dCertificateExtensions: "string",
        caFile: "string",
        cacheSize: 0,
        cacheTimeout: 0,
        cert: "string",
        chain: "string",
        cipherGroup: "string",
        ciphers: "string",
        defaultsFrom: "string",
        expireCertResponseControl: "string",
        fullPath: "string",
        generation: 0,
        genericAlert: "string",
        handshakeTimeout: "string",
        key: "string",
        modSslMethods: "string",
        mode: "string",
        partition: "string",
        passphrase: "string",
        peerCertMode: "string",
        proxyCaCert: "string",
        proxyCaKey: "string",
        proxySsl: "string",
        renegotiatePeriod: "string",
        renegotiateSize: "string",
        renegotiation: "string",
        retainCertificate: "string",
        secureRenegotiation: "string",
        serverName: "string",
        sessionMirroring: "string",
        sessionTicket: "string",
        sniDefault: "string",
        sniRequire: "string",
        sslC3d: "string",
        sslForwardProxy: "string",
        sslForwardProxyBypass: "string",
        sslSignHash: "string",
        strictResume: "string",
        tmOptions: ["string"],
        uncleanShutdown: "string",
        untrustedCertResponseControl: "string",
    });
    
    type: f5bigip:ltm:ProfileServerSsl
    properties:
        alertTimeout: string
        authenticate: string
        authenticateDepth: 0
        c3dCaCert: string
        c3dCaKey: string
        c3dCaPassphrase: string
        c3dCertExtensionCustomOids:
            - string
        c3dCertExtensionIncludes:
            - string
        c3dCertLifespan: 0
        c3dCertificateExtensions: string
        caFile: string
        cacheSize: 0
        cacheTimeout: 0
        cert: string
        chain: string
        cipherGroup: string
        ciphers: string
        defaultsFrom: string
        expireCertResponseControl: string
        fullPath: string
        generation: 0
        genericAlert: string
        handshakeTimeout: string
        key: string
        modSslMethods: string
        mode: string
        name: string
        partition: string
        passphrase: string
        peerCertMode: string
        proxyCaCert: string
        proxyCaKey: string
        proxySsl: string
        renegotiatePeriod: string
        renegotiateSize: string
        renegotiation: string
        retainCertificate: string
        secureRenegotiation: string
        serverName: string
        sessionMirroring: string
        sessionTicket: string
        sniDefault: string
        sniRequire: string
        sslC3d: string
        sslForwardProxy: string
        sslForwardProxyBypass: string
        sslSignHash: string
        strictResume: string
        tmOptions:
            - string
        uncleanShutdown: string
        untrustedCertResponseControl: string
    

    ProfileServerSsl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ProfileServerSsl resource accepts the following input properties:

    Name string
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    AlertTimeout string
    Alert time out
    Authenticate string
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    AuthenticateDepth int
    Client certificate chain traversal depth. Default 9.
    C3dCaCert string
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    C3dCaKey string

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    C3dCaPassphrase string
    CA Passphrase. Default
    C3dCertExtensionCustomOids List<string>
    Certificate Extensions List. Default
    C3dCertExtensionIncludes List<string>

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    C3dCertLifespan int
    Certificate Lifespan. Default
    C3dCertificateExtensions string
    CA Passphrase. Default enabled
    CaFile string
    Client certificate file path. Default None.
    CacheSize int
    Cache size (sessions).
    CacheTimeout int
    Cache time out
    Cert string
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    Chain string
    Specifies the certificates-key chain to associate with the SSL profile
    CipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    Ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    DefaultsFrom string
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    ExpireCertResponseControl string
    Response if the cert is expired (drop / ignore).
    FullPath string
    full path of the profile
    Generation int
    generation
    GenericAlert string
    Generic alerts enabled / disabled.
    HandshakeTimeout string
    Handshake time out (seconds)
    Key string
    Specifies the file name of the SSL key.
    ModSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    Mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    Partition string
    name of partition
    Passphrase string
    Client Certificate Constrained Delegation CA passphrase
    PeerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    ProxyCaCert string
    Proxy CA Cert
    ProxyCaKey string
    Proxy CA Key
    ProxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    RenegotiatePeriod string
    Renogotiate Period (seconds)
    RenegotiateSize string
    Renogotiate Size
    Renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    RetainCertificate string
    When true, client certificate is retained in SSL session.
    SecureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    ServerName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    SessionMirroring string
    Session Mirroring (enabled / disabled)
    SessionTicket string
    Session Ticket (enabled / disabled)
    SniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    SniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    SslC3d string
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    SslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    SslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    SslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    StrictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    TmOptions List<string>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    UncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    UntrustedCertResponseControl string
    Unclean Shutdown (drop / ignore)
    Name string
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    AlertTimeout string
    Alert time out
    Authenticate string
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    AuthenticateDepth int
    Client certificate chain traversal depth. Default 9.
    C3dCaCert string
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    C3dCaKey string

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    C3dCaPassphrase string
    CA Passphrase. Default
    C3dCertExtensionCustomOids []string
    Certificate Extensions List. Default
    C3dCertExtensionIncludes []string

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    C3dCertLifespan int
    Certificate Lifespan. Default
    C3dCertificateExtensions string
    CA Passphrase. Default enabled
    CaFile string
    Client certificate file path. Default None.
    CacheSize int
    Cache size (sessions).
    CacheTimeout int
    Cache time out
    Cert string
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    Chain string
    Specifies the certificates-key chain to associate with the SSL profile
    CipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    Ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    DefaultsFrom string
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    ExpireCertResponseControl string
    Response if the cert is expired (drop / ignore).
    FullPath string
    full path of the profile
    Generation int
    generation
    GenericAlert string
    Generic alerts enabled / disabled.
    HandshakeTimeout string
    Handshake time out (seconds)
    Key string
    Specifies the file name of the SSL key.
    ModSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    Mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    Partition string
    name of partition
    Passphrase string
    Client Certificate Constrained Delegation CA passphrase
    PeerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    ProxyCaCert string
    Proxy CA Cert
    ProxyCaKey string
    Proxy CA Key
    ProxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    RenegotiatePeriod string
    Renogotiate Period (seconds)
    RenegotiateSize string
    Renogotiate Size
    Renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    RetainCertificate string
    When true, client certificate is retained in SSL session.
    SecureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    ServerName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    SessionMirroring string
    Session Mirroring (enabled / disabled)
    SessionTicket string
    Session Ticket (enabled / disabled)
    SniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    SniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    SslC3d string
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    SslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    SslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    SslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    StrictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    TmOptions []string
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    UncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    UntrustedCertResponseControl string
    Unclean Shutdown (drop / ignore)
    name String
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    alertTimeout String
    Alert time out
    authenticate String
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    authenticateDepth Integer
    Client certificate chain traversal depth. Default 9.
    c3dCaCert String
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    c3dCaKey String

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    c3dCaPassphrase String
    CA Passphrase. Default
    c3dCertExtensionCustomOids List<String>
    Certificate Extensions List. Default
    c3dCertExtensionIncludes List<String>

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    c3dCertLifespan Integer
    Certificate Lifespan. Default
    c3dCertificateExtensions String
    CA Passphrase. Default enabled
    caFile String
    Client certificate file path. Default None.
    cacheSize Integer
    Cache size (sessions).
    cacheTimeout Integer
    Cache time out
    cert String
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    chain String
    Specifies the certificates-key chain to associate with the SSL profile
    cipherGroup String
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers String
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    defaultsFrom String
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    expireCertResponseControl String
    Response if the cert is expired (drop / ignore).
    fullPath String
    full path of the profile
    generation Integer
    generation
    genericAlert String
    Generic alerts enabled / disabled.
    handshakeTimeout String
    Handshake time out (seconds)
    key String
    Specifies the file name of the SSL key.
    modSslMethods String
    ModSSL Methods enabled / disabled. Default is disabled.
    mode String
    ModSSL Methods enabled / disabled. Default is disabled.
    partition String
    name of partition
    passphrase String
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode String
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert String
    Proxy CA Cert
    proxyCaKey String
    Proxy CA Key
    proxySsl String
    Proxy SSL enabled / disabled. Default is disabled.
    renegotiatePeriod String
    Renogotiate Period (seconds)
    renegotiateSize String
    Renogotiate Size
    renegotiation String
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate String
    When true, client certificate is retained in SSL session.
    secureRenegotiation String
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName String
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring String
    Session Mirroring (enabled / disabled)
    sessionTicket String
    Session Ticket (enabled / disabled)
    sniDefault String
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire String
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d String
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    sslForwardProxy String
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass String
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash String
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume String
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions List<String>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown String
    Unclean Shutdown (enabled / disabled)
    untrustedCertResponseControl String
    Unclean Shutdown (drop / ignore)
    name string
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    alertTimeout string
    Alert time out
    authenticate string
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    authenticateDepth number
    Client certificate chain traversal depth. Default 9.
    c3dCaCert string
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    c3dCaKey string

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    c3dCaPassphrase string
    CA Passphrase. Default
    c3dCertExtensionCustomOids string[]
    Certificate Extensions List. Default
    c3dCertExtensionIncludes string[]

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    c3dCertLifespan number
    Certificate Lifespan. Default
    c3dCertificateExtensions string
    CA Passphrase. Default enabled
    caFile string
    Client certificate file path. Default None.
    cacheSize number
    Cache size (sessions).
    cacheTimeout number
    Cache time out
    cert string
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    chain string
    Specifies the certificates-key chain to associate with the SSL profile
    cipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    defaultsFrom string
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    expireCertResponseControl string
    Response if the cert is expired (drop / ignore).
    fullPath string
    full path of the profile
    generation number
    generation
    genericAlert string
    Generic alerts enabled / disabled.
    handshakeTimeout string
    Handshake time out (seconds)
    key string
    Specifies the file name of the SSL key.
    modSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    partition string
    name of partition
    passphrase string
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert string
    Proxy CA Cert
    proxyCaKey string
    Proxy CA Key
    proxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    renegotiatePeriod string
    Renogotiate Period (seconds)
    renegotiateSize string
    Renogotiate Size
    renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate string
    When true, client certificate is retained in SSL session.
    secureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring string
    Session Mirroring (enabled / disabled)
    sessionTicket string
    Session Ticket (enabled / disabled)
    sniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d string
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    sslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions string[]
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    untrustedCertResponseControl string
    Unclean Shutdown (drop / ignore)
    name str
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    alert_timeout str
    Alert time out
    authenticate str
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    authenticate_depth int
    Client certificate chain traversal depth. Default 9.
    c3d_ca_cert str
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    c3d_ca_key str

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    c3d_ca_passphrase str
    CA Passphrase. Default
    c3d_cert_extension_custom_oids Sequence[str]
    Certificate Extensions List. Default
    c3d_cert_extension_includes Sequence[str]

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    c3d_cert_lifespan int
    Certificate Lifespan. Default
    c3d_certificate_extensions str
    CA Passphrase. Default enabled
    ca_file str
    Client certificate file path. Default None.
    cache_size int
    Cache size (sessions).
    cache_timeout int
    Cache time out
    cert str
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    chain str
    Specifies the certificates-key chain to associate with the SSL profile
    cipher_group str
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers str
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    defaults_from str
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    expire_cert_response_control str
    Response if the cert is expired (drop / ignore).
    full_path str
    full path of the profile
    generation int
    generation
    generic_alert str
    Generic alerts enabled / disabled.
    handshake_timeout str
    Handshake time out (seconds)
    key str
    Specifies the file name of the SSL key.
    mod_ssl_methods str
    ModSSL Methods enabled / disabled. Default is disabled.
    mode str
    ModSSL Methods enabled / disabled. Default is disabled.
    partition str
    name of partition
    passphrase str
    Client Certificate Constrained Delegation CA passphrase
    peer_cert_mode str
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxy_ca_cert str
    Proxy CA Cert
    proxy_ca_key str
    Proxy CA Key
    proxy_ssl str
    Proxy SSL enabled / disabled. Default is disabled.
    renegotiate_period str
    Renogotiate Period (seconds)
    renegotiate_size str
    Renogotiate Size
    renegotiation str
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retain_certificate str
    When true, client certificate is retained in SSL session.
    secure_renegotiation str
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    server_name str
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    session_mirroring str
    Session Mirroring (enabled / disabled)
    session_ticket str
    Session Ticket (enabled / disabled)
    sni_default str
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sni_require str
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    ssl_c3d str
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    ssl_forward_proxy str
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    ssl_forward_proxy_bypass str
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    ssl_sign_hash str
    SSL sign hash (any, sha1, sha256, sha384)
    strict_resume str
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tm_options Sequence[str]
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    unclean_shutdown str
    Unclean Shutdown (enabled / disabled)
    untrusted_cert_response_control str
    Unclean Shutdown (drop / ignore)
    name String
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    alertTimeout String
    Alert time out
    authenticate String
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    authenticateDepth Number
    Client certificate chain traversal depth. Default 9.
    c3dCaCert String
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    c3dCaKey String

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    c3dCaPassphrase String
    CA Passphrase. Default
    c3dCertExtensionCustomOids List<String>
    Certificate Extensions List. Default
    c3dCertExtensionIncludes List<String>

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    c3dCertLifespan Number
    Certificate Lifespan. Default
    c3dCertificateExtensions String
    CA Passphrase. Default enabled
    caFile String
    Client certificate file path. Default None.
    cacheSize Number
    Cache size (sessions).
    cacheTimeout Number
    Cache time out
    cert String
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    chain String
    Specifies the certificates-key chain to associate with the SSL profile
    cipherGroup String
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers String
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    defaultsFrom String
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    expireCertResponseControl String
    Response if the cert is expired (drop / ignore).
    fullPath String
    full path of the profile
    generation Number
    generation
    genericAlert String
    Generic alerts enabled / disabled.
    handshakeTimeout String
    Handshake time out (seconds)
    key String
    Specifies the file name of the SSL key.
    modSslMethods String
    ModSSL Methods enabled / disabled. Default is disabled.
    mode String
    ModSSL Methods enabled / disabled. Default is disabled.
    partition String
    name of partition
    passphrase String
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode String
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert String
    Proxy CA Cert
    proxyCaKey String
    Proxy CA Key
    proxySsl String
    Proxy SSL enabled / disabled. Default is disabled.
    renegotiatePeriod String
    Renogotiate Period (seconds)
    renegotiateSize String
    Renogotiate Size
    renegotiation String
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate String
    When true, client certificate is retained in SSL session.
    secureRenegotiation String
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName String
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring String
    Session Mirroring (enabled / disabled)
    sessionTicket String
    Session Ticket (enabled / disabled)
    sniDefault String
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire String
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d String
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    sslForwardProxy String
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass String
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash String
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume String
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions List<String>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown String
    Unclean Shutdown (enabled / disabled)
    untrustedCertResponseControl String
    Unclean Shutdown (drop / ignore)

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ProfileServerSsl resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ProfileServerSsl Resource

    Get an existing ProfileServerSsl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ProfileServerSslState, opts?: CustomResourceOptions): ProfileServerSsl
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            alert_timeout: Optional[str] = None,
            authenticate: Optional[str] = None,
            authenticate_depth: Optional[int] = None,
            c3d_ca_cert: Optional[str] = None,
            c3d_ca_key: Optional[str] = None,
            c3d_ca_passphrase: Optional[str] = None,
            c3d_cert_extension_custom_oids: Optional[Sequence[str]] = None,
            c3d_cert_extension_includes: Optional[Sequence[str]] = None,
            c3d_cert_lifespan: Optional[int] = None,
            c3d_certificate_extensions: Optional[str] = None,
            ca_file: Optional[str] = None,
            cache_size: Optional[int] = None,
            cache_timeout: Optional[int] = None,
            cert: Optional[str] = None,
            chain: Optional[str] = None,
            cipher_group: Optional[str] = None,
            ciphers: Optional[str] = None,
            defaults_from: Optional[str] = None,
            expire_cert_response_control: Optional[str] = None,
            full_path: Optional[str] = None,
            generation: Optional[int] = None,
            generic_alert: Optional[str] = None,
            handshake_timeout: Optional[str] = None,
            key: Optional[str] = None,
            mod_ssl_methods: Optional[str] = None,
            mode: Optional[str] = None,
            name: Optional[str] = None,
            partition: Optional[str] = None,
            passphrase: Optional[str] = None,
            peer_cert_mode: Optional[str] = None,
            proxy_ca_cert: Optional[str] = None,
            proxy_ca_key: Optional[str] = None,
            proxy_ssl: Optional[str] = None,
            renegotiate_period: Optional[str] = None,
            renegotiate_size: Optional[str] = None,
            renegotiation: Optional[str] = None,
            retain_certificate: Optional[str] = None,
            secure_renegotiation: Optional[str] = None,
            server_name: Optional[str] = None,
            session_mirroring: Optional[str] = None,
            session_ticket: Optional[str] = None,
            sni_default: Optional[str] = None,
            sni_require: Optional[str] = None,
            ssl_c3d: Optional[str] = None,
            ssl_forward_proxy: Optional[str] = None,
            ssl_forward_proxy_bypass: Optional[str] = None,
            ssl_sign_hash: Optional[str] = None,
            strict_resume: Optional[str] = None,
            tm_options: Optional[Sequence[str]] = None,
            unclean_shutdown: Optional[str] = None,
            untrusted_cert_response_control: Optional[str] = None) -> ProfileServerSsl
    func GetProfileServerSsl(ctx *Context, name string, id IDInput, state *ProfileServerSslState, opts ...ResourceOption) (*ProfileServerSsl, error)
    public static ProfileServerSsl Get(string name, Input<string> id, ProfileServerSslState? state, CustomResourceOptions? opts = null)
    public static ProfileServerSsl get(String name, Output<String> id, ProfileServerSslState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AlertTimeout string
    Alert time out
    Authenticate string
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    AuthenticateDepth int
    Client certificate chain traversal depth. Default 9.
    C3dCaCert string
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    C3dCaKey string

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    C3dCaPassphrase string
    CA Passphrase. Default
    C3dCertExtensionCustomOids List<string>
    Certificate Extensions List. Default
    C3dCertExtensionIncludes List<string>

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    C3dCertLifespan int
    Certificate Lifespan. Default
    C3dCertificateExtensions string
    CA Passphrase. Default enabled
    CaFile string
    Client certificate file path. Default None.
    CacheSize int
    Cache size (sessions).
    CacheTimeout int
    Cache time out
    Cert string
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    Chain string
    Specifies the certificates-key chain to associate with the SSL profile
    CipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    Ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    DefaultsFrom string
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    ExpireCertResponseControl string
    Response if the cert is expired (drop / ignore).
    FullPath string
    full path of the profile
    Generation int
    generation
    GenericAlert string
    Generic alerts enabled / disabled.
    HandshakeTimeout string
    Handshake time out (seconds)
    Key string
    Specifies the file name of the SSL key.
    ModSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    Mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    Name string
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    Partition string
    name of partition
    Passphrase string
    Client Certificate Constrained Delegation CA passphrase
    PeerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    ProxyCaCert string
    Proxy CA Cert
    ProxyCaKey string
    Proxy CA Key
    ProxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    RenegotiatePeriod string
    Renogotiate Period (seconds)
    RenegotiateSize string
    Renogotiate Size
    Renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    RetainCertificate string
    When true, client certificate is retained in SSL session.
    SecureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    ServerName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    SessionMirroring string
    Session Mirroring (enabled / disabled)
    SessionTicket string
    Session Ticket (enabled / disabled)
    SniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    SniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    SslC3d string
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    SslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    SslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    SslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    StrictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    TmOptions List<string>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    UncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    UntrustedCertResponseControl string
    Unclean Shutdown (drop / ignore)
    AlertTimeout string
    Alert time out
    Authenticate string
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    AuthenticateDepth int
    Client certificate chain traversal depth. Default 9.
    C3dCaCert string
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    C3dCaKey string

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    C3dCaPassphrase string
    CA Passphrase. Default
    C3dCertExtensionCustomOids []string
    Certificate Extensions List. Default
    C3dCertExtensionIncludes []string

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    C3dCertLifespan int
    Certificate Lifespan. Default
    C3dCertificateExtensions string
    CA Passphrase. Default enabled
    CaFile string
    Client certificate file path. Default None.
    CacheSize int
    Cache size (sessions).
    CacheTimeout int
    Cache time out
    Cert string
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    Chain string
    Specifies the certificates-key chain to associate with the SSL profile
    CipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    Ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    DefaultsFrom string
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    ExpireCertResponseControl string
    Response if the cert is expired (drop / ignore).
    FullPath string
    full path of the profile
    Generation int
    generation
    GenericAlert string
    Generic alerts enabled / disabled.
    HandshakeTimeout string
    Handshake time out (seconds)
    Key string
    Specifies the file name of the SSL key.
    ModSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    Mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    Name string
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    Partition string
    name of partition
    Passphrase string
    Client Certificate Constrained Delegation CA passphrase
    PeerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    ProxyCaCert string
    Proxy CA Cert
    ProxyCaKey string
    Proxy CA Key
    ProxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    RenegotiatePeriod string
    Renogotiate Period (seconds)
    RenegotiateSize string
    Renogotiate Size
    Renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    RetainCertificate string
    When true, client certificate is retained in SSL session.
    SecureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    ServerName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    SessionMirroring string
    Session Mirroring (enabled / disabled)
    SessionTicket string
    Session Ticket (enabled / disabled)
    SniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    SniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    SslC3d string
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    SslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    SslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    SslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    StrictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    TmOptions []string
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    UncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    UntrustedCertResponseControl string
    Unclean Shutdown (drop / ignore)
    alertTimeout String
    Alert time out
    authenticate String
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    authenticateDepth Integer
    Client certificate chain traversal depth. Default 9.
    c3dCaCert String
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    c3dCaKey String

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    c3dCaPassphrase String
    CA Passphrase. Default
    c3dCertExtensionCustomOids List<String>
    Certificate Extensions List. Default
    c3dCertExtensionIncludes List<String>

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    c3dCertLifespan Integer
    Certificate Lifespan. Default
    c3dCertificateExtensions String
    CA Passphrase. Default enabled
    caFile String
    Client certificate file path. Default None.
    cacheSize Integer
    Cache size (sessions).
    cacheTimeout Integer
    Cache time out
    cert String
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    chain String
    Specifies the certificates-key chain to associate with the SSL profile
    cipherGroup String
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers String
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    defaultsFrom String
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    expireCertResponseControl String
    Response if the cert is expired (drop / ignore).
    fullPath String
    full path of the profile
    generation Integer
    generation
    genericAlert String
    Generic alerts enabled / disabled.
    handshakeTimeout String
    Handshake time out (seconds)
    key String
    Specifies the file name of the SSL key.
    modSslMethods String
    ModSSL Methods enabled / disabled. Default is disabled.
    mode String
    ModSSL Methods enabled / disabled. Default is disabled.
    name String
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    partition String
    name of partition
    passphrase String
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode String
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert String
    Proxy CA Cert
    proxyCaKey String
    Proxy CA Key
    proxySsl String
    Proxy SSL enabled / disabled. Default is disabled.
    renegotiatePeriod String
    Renogotiate Period (seconds)
    renegotiateSize String
    Renogotiate Size
    renegotiation String
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate String
    When true, client certificate is retained in SSL session.
    secureRenegotiation String
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName String
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring String
    Session Mirroring (enabled / disabled)
    sessionTicket String
    Session Ticket (enabled / disabled)
    sniDefault String
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire String
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d String
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    sslForwardProxy String
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass String
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash String
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume String
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions List<String>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown String
    Unclean Shutdown (enabled / disabled)
    untrustedCertResponseControl String
    Unclean Shutdown (drop / ignore)
    alertTimeout string
    Alert time out
    authenticate string
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    authenticateDepth number
    Client certificate chain traversal depth. Default 9.
    c3dCaCert string
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    c3dCaKey string

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    c3dCaPassphrase string
    CA Passphrase. Default
    c3dCertExtensionCustomOids string[]
    Certificate Extensions List. Default
    c3dCertExtensionIncludes string[]

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    c3dCertLifespan number
    Certificate Lifespan. Default
    c3dCertificateExtensions string
    CA Passphrase. Default enabled
    caFile string
    Client certificate file path. Default None.
    cacheSize number
    Cache size (sessions).
    cacheTimeout number
    Cache time out
    cert string
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    chain string
    Specifies the certificates-key chain to associate with the SSL profile
    cipherGroup string
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers string
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    defaultsFrom string
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    expireCertResponseControl string
    Response if the cert is expired (drop / ignore).
    fullPath string
    full path of the profile
    generation number
    generation
    genericAlert string
    Generic alerts enabled / disabled.
    handshakeTimeout string
    Handshake time out (seconds)
    key string
    Specifies the file name of the SSL key.
    modSslMethods string
    ModSSL Methods enabled / disabled. Default is disabled.
    mode string
    ModSSL Methods enabled / disabled. Default is disabled.
    name string
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    partition string
    name of partition
    passphrase string
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode string
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert string
    Proxy CA Cert
    proxyCaKey string
    Proxy CA Key
    proxySsl string
    Proxy SSL enabled / disabled. Default is disabled.
    renegotiatePeriod string
    Renogotiate Period (seconds)
    renegotiateSize string
    Renogotiate Size
    renegotiation string
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate string
    When true, client certificate is retained in SSL session.
    secureRenegotiation string
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName string
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring string
    Session Mirroring (enabled / disabled)
    sessionTicket string
    Session Ticket (enabled / disabled)
    sniDefault string
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire string
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d string
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    sslForwardProxy string
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass string
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash string
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume string
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions string[]
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown string
    Unclean Shutdown (enabled / disabled)
    untrustedCertResponseControl string
    Unclean Shutdown (drop / ignore)
    alert_timeout str
    Alert time out
    authenticate str
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    authenticate_depth int
    Client certificate chain traversal depth. Default 9.
    c3d_ca_cert str
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    c3d_ca_key str

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    c3d_ca_passphrase str
    CA Passphrase. Default
    c3d_cert_extension_custom_oids Sequence[str]
    Certificate Extensions List. Default
    c3d_cert_extension_includes Sequence[str]

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    c3d_cert_lifespan int
    Certificate Lifespan. Default
    c3d_certificate_extensions str
    CA Passphrase. Default enabled
    ca_file str
    Client certificate file path. Default None.
    cache_size int
    Cache size (sessions).
    cache_timeout int
    Cache time out
    cert str
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    chain str
    Specifies the certificates-key chain to associate with the SSL profile
    cipher_group str
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers str
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    defaults_from str
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    expire_cert_response_control str
    Response if the cert is expired (drop / ignore).
    full_path str
    full path of the profile
    generation int
    generation
    generic_alert str
    Generic alerts enabled / disabled.
    handshake_timeout str
    Handshake time out (seconds)
    key str
    Specifies the file name of the SSL key.
    mod_ssl_methods str
    ModSSL Methods enabled / disabled. Default is disabled.
    mode str
    ModSSL Methods enabled / disabled. Default is disabled.
    name str
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    partition str
    name of partition
    passphrase str
    Client Certificate Constrained Delegation CA passphrase
    peer_cert_mode str
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxy_ca_cert str
    Proxy CA Cert
    proxy_ca_key str
    Proxy CA Key
    proxy_ssl str
    Proxy SSL enabled / disabled. Default is disabled.
    renegotiate_period str
    Renogotiate Period (seconds)
    renegotiate_size str
    Renogotiate Size
    renegotiation str
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retain_certificate str
    When true, client certificate is retained in SSL session.
    secure_renegotiation str
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    server_name str
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    session_mirroring str
    Session Mirroring (enabled / disabled)
    session_ticket str
    Session Ticket (enabled / disabled)
    sni_default str
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sni_require str
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    ssl_c3d str
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    ssl_forward_proxy str
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    ssl_forward_proxy_bypass str
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    ssl_sign_hash str
    SSL sign hash (any, sha1, sha256, sha384)
    strict_resume str
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tm_options Sequence[str]
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    unclean_shutdown str
    Unclean Shutdown (enabled / disabled)
    untrusted_cert_response_control str
    Unclean Shutdown (drop / ignore)
    alertTimeout String
    Alert time out
    authenticate String
    Specifies the frequency of server authentication for an SSL session.When once,specifies that the system authenticates the server once for an SSL session. When always, specifies that the system authenticates the server once for an SSL session and also upon reuse of that session.
    authenticateDepth Number
    Client certificate chain traversal depth. Default 9.
    c3dCaCert String
    Specifies the name of the certificate file that is used as the certification authority certificate when SSL client certificate constrained delegation is enabled. The certificate should be generated and installed by you on the system. When selecting this option, type a certificate file name.
    c3dCaKey String

    Specifies the name of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. The key should be generated and installed by you on the system. When selecting this option, type a key file name.

    • c3d-ca-passphrase (Optional) Specifies the passphrase of the key file that is used as the certification authority key when SSL client certificate constrained delegation is enabled. When selecting this option, type the passphrase corresponding to the selected c3d-ca-key.

    • c3d-cert-extension-custom-oids (Optional) Specifies the custom extension OID of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation.

    c3dCaPassphrase String
    CA Passphrase. Default
    c3dCertExtensionCustomOids List<String>
    Certificate Extensions List. Default
    c3dCertExtensionIncludes List<String>

    Specifies the extensions of the client certificates to be included in the generated certificates using SSL client certificate constrained delegation. For example, { basic-constraints }. The default value is { basic-constraints extended-key-usage key-usage subject-alternative-name }. The extensions are:

    basic-constraints Basic constraints are used to indicate whether the certificate belongs to a CA.

    extended-key-usage Extended Key Usage is used, typically on a leaf certificate, to indicate the purpose of the public key contained in the certificate.

    key-usage Key Usage provides a bitmap specifying the cryptographic operations which may be performed using the public key contained in the certificate; for example, it could indicate that the key should be used for signature but not for encipherment.

    subject-alternative-name Subject Alternative Name allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    • c3d-cert-lifespan Specifies the lifespan of the certificate generated using the SSL client certificate constrained delegation. The default value is 24.
    c3dCertLifespan Number
    Certificate Lifespan. Default
    c3dCertificateExtensions String
    CA Passphrase. Default enabled
    caFile String
    Client certificate file path. Default None.
    cacheSize Number
    Cache size (sessions).
    cacheTimeout Number
    Cache time out
    cert String
    Specifies the name of the certificate that the system uses for server-side SSL processing.
    chain String
    Specifies the certificates-key chain to associate with the SSL profile
    cipherGroup String
    Specifies the cipher group for the SSL server profile. It is mutually exclusive with the argument, ciphers. The default value is none.
    ciphers String
    Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
    defaultsFrom String
    The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is /Common/serverssl.
    expireCertResponseControl String
    Response if the cert is expired (drop / ignore).
    fullPath String
    full path of the profile
    generation Number
    generation
    genericAlert String
    Generic alerts enabled / disabled.
    handshakeTimeout String
    Handshake time out (seconds)
    key String
    Specifies the file name of the SSL key.
    modSslMethods String
    ModSSL Methods enabled / disabled. Default is disabled.
    mode String
    ModSSL Methods enabled / disabled. Default is disabled.
    name String
    Specifies the name of the profile.Name of Profile should be full path,full path is the combination of the partition + profile name. For example /Common/test-serverssl-profile.
    partition String
    name of partition
    passphrase String
    Client Certificate Constrained Delegation CA passphrase
    peerCertMode String
    Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
    proxyCaCert String
    Proxy CA Cert
    proxyCaKey String
    Proxy CA Key
    proxySsl String
    Proxy SSL enabled / disabled. Default is disabled.
    renegotiatePeriod String
    Renogotiate Period (seconds)
    renegotiateSize String
    Renogotiate Size
    renegotiation String
    Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
    retainCertificate String
    When true, client certificate is retained in SSL session.
    secureRenegotiation String
    Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
    serverName String
    Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
    sessionMirroring String
    Session Mirroring (enabled / disabled)
    sessionTicket String
    Session Ticket (enabled / disabled)
    sniDefault String
    Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
    sniRequire String
    Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
    sslC3d String
    Enables or disables SSL forward proxy bypass on receiving handshake_failure, protocol_version or unsupported_extension alert message during the serverside SSL handshake. When enabled and there is an SSL handshake_failure, protocol_version or unsupported_extension alert during the serverside SSL handshake, SSL traffic bypasses the BIG-IP system untouched, without decryption/encryption. The default value is disabled. Conversely, you can specify enabled to use this feature.
    sslForwardProxy String
    Specifies whether SSL forward proxy feature is enabled or not. The default value is disabled.
    sslForwardProxyBypass String
    Specifies whether SSL forward proxy bypass feature is enabled or not. The default value is disabled.
    sslSignHash String
    SSL sign hash (any, sha1, sha256, sha384)
    strictResume String
    Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
    tmOptions List<String>
    List of Enabled selection from a set of industry standard options for handling SSL processing.By default, Don't insert empty fragments and No TLSv1.3 are listed as Enabled Options. Usage : tm_options = ["dont-insert-empty-fragments","no-tlsv1.3"]
    uncleanShutdown String
    Unclean Shutdown (enabled / disabled)
    untrustedCertResponseControl String
    Unclean Shutdown (drop / ignore)

    Import

    ing

    An existing server-ssl profile can be imported into this resource by supplying server-ssl profile Name in full path as id. An example is below:

    $ terraform import bigip_ltm_profile_server_ssl.test-ServerSsl-import /Common/test-ServerSsl
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    f5 BIG-IP pulumi/pulumi-f5bigip
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the bigip Terraform Provider.
    f5bigip logo
    f5 BIG-IP v3.17.6 published on Monday, Oct 28, 2024 by Pulumi