fortios.vpn/certificate.Setting
Explore with Pulumi AI
VPN certificate setting.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";
const trname = new fortios.vpn.certificate.Setting("trname", {
certnameDsa1024: "Fortinet_SSL_DSA1024",
certnameDsa2048: "Fortinet_SSL_DSA2048",
certnameEcdsa256: "Fortinet_SSL_ECDSA256",
certnameEcdsa384: "Fortinet_SSL_ECDSA384",
certnameRsa1024: "Fortinet_SSL_RSA1024",
certnameRsa2048: "Fortinet_SSL_RSA2048",
checkCaCert: "enable",
checkCaChain: "disable",
cmpSaveExtraCerts: "disable",
cnMatch: "substring",
ocspOption: "server",
ocspStatus: "disable",
sslMinProtoVersion: "default",
strictCrlCheck: "disable",
strictOcspCheck: "disable",
subjectMatch: "substring",
});
import pulumi
import pulumiverse_fortios as fortios
trname = fortios.vpn.certificate.Setting("trname",
certname_dsa1024="Fortinet_SSL_DSA1024",
certname_dsa2048="Fortinet_SSL_DSA2048",
certname_ecdsa256="Fortinet_SSL_ECDSA256",
certname_ecdsa384="Fortinet_SSL_ECDSA384",
certname_rsa1024="Fortinet_SSL_RSA1024",
certname_rsa2048="Fortinet_SSL_RSA2048",
check_ca_cert="enable",
check_ca_chain="disable",
cmp_save_extra_certs="disable",
cn_match="substring",
ocsp_option="server",
ocsp_status="disable",
ssl_min_proto_version="default",
strict_crl_check="disable",
strict_ocsp_check="disable",
subject_match="substring")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/vpn"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vpn.NewSetting(ctx, "trname", &vpn.SettingArgs{
CertnameDsa1024: pulumi.String("Fortinet_SSL_DSA1024"),
CertnameDsa2048: pulumi.String("Fortinet_SSL_DSA2048"),
CertnameEcdsa256: pulumi.String("Fortinet_SSL_ECDSA256"),
CertnameEcdsa384: pulumi.String("Fortinet_SSL_ECDSA384"),
CertnameRsa1024: pulumi.String("Fortinet_SSL_RSA1024"),
CertnameRsa2048: pulumi.String("Fortinet_SSL_RSA2048"),
CheckCaCert: pulumi.String("enable"),
CheckCaChain: pulumi.String("disable"),
CmpSaveExtraCerts: pulumi.String("disable"),
CnMatch: pulumi.String("substring"),
OcspOption: pulumi.String("server"),
OcspStatus: pulumi.String("disable"),
SslMinProtoVersion: pulumi.String("default"),
StrictCrlCheck: pulumi.String("disable"),
StrictOcspCheck: pulumi.String("disable"),
SubjectMatch: pulumi.String("substring"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;
return await Deployment.RunAsync(() =>
{
var trname = new Fortios.Vpn.Certificate.Setting("trname", new()
{
CertnameDsa1024 = "Fortinet_SSL_DSA1024",
CertnameDsa2048 = "Fortinet_SSL_DSA2048",
CertnameEcdsa256 = "Fortinet_SSL_ECDSA256",
CertnameEcdsa384 = "Fortinet_SSL_ECDSA384",
CertnameRsa1024 = "Fortinet_SSL_RSA1024",
CertnameRsa2048 = "Fortinet_SSL_RSA2048",
CheckCaCert = "enable",
CheckCaChain = "disable",
CmpSaveExtraCerts = "disable",
CnMatch = "substring",
OcspOption = "server",
OcspStatus = "disable",
SslMinProtoVersion = "default",
StrictCrlCheck = "disable",
StrictOcspCheck = "disable",
SubjectMatch = "substring",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.vpn.Setting;
import com.pulumi.fortios.vpn.SettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new Setting("trname", SettingArgs.builder()
.certnameDsa1024("Fortinet_SSL_DSA1024")
.certnameDsa2048("Fortinet_SSL_DSA2048")
.certnameEcdsa256("Fortinet_SSL_ECDSA256")
.certnameEcdsa384("Fortinet_SSL_ECDSA384")
.certnameRsa1024("Fortinet_SSL_RSA1024")
.certnameRsa2048("Fortinet_SSL_RSA2048")
.checkCaCert("enable")
.checkCaChain("disable")
.cmpSaveExtraCerts("disable")
.cnMatch("substring")
.ocspOption("server")
.ocspStatus("disable")
.sslMinProtoVersion("default")
.strictCrlCheck("disable")
.strictOcspCheck("disable")
.subjectMatch("substring")
.build());
}
}
resources:
trname:
type: fortios:vpn/certificate:Setting
properties:
certnameDsa1024: Fortinet_SSL_DSA1024
certnameDsa2048: Fortinet_SSL_DSA2048
certnameEcdsa256: Fortinet_SSL_ECDSA256
certnameEcdsa384: Fortinet_SSL_ECDSA384
certnameRsa1024: Fortinet_SSL_RSA1024
certnameRsa2048: Fortinet_SSL_RSA2048
checkCaCert: enable
checkCaChain: disable
cmpSaveExtraCerts: disable
cnMatch: substring
ocspOption: server
ocspStatus: disable
sslMinProtoVersion: default
strictCrlCheck: disable
strictOcspCheck: disable
subjectMatch: substring
Create Setting Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Setting(name: string, args: SettingArgs, opts?: CustomResourceOptions);
@overload
def Setting(resource_name: str,
args: SettingArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Setting(resource_name: str,
opts: Optional[ResourceOptions] = None,
certname_rsa1024: Optional[str] = None,
certname_dsa1024: Optional[str] = None,
certname_dsa2048: Optional[str] = None,
certname_ecdsa256: Optional[str] = None,
certname_ecdsa384: Optional[str] = None,
certname_rsa2048: Optional[str] = None,
get_all_tables: Optional[str] = None,
ocsp_default_server: Optional[str] = None,
certname_ed25519: Optional[str] = None,
certname_ecdsa521: Optional[str] = None,
certname_rsa4096: Optional[str] = None,
check_ca_cert: Optional[str] = None,
check_ca_chain: Optional[str] = None,
cmp_key_usage_checking: Optional[str] = None,
cmp_save_extra_certs: Optional[str] = None,
cn_allow_multi: Optional[str] = None,
cn_match: Optional[str] = None,
crl_verification: Optional[SettingCrlVerificationArgs] = None,
cert_expire_warning: Optional[int] = None,
interface: Optional[str] = None,
interface_select_method: Optional[str] = None,
certname_ed448: Optional[str] = None,
ocsp_option: Optional[str] = None,
ocsp_status: Optional[str] = None,
proxy: Optional[str] = None,
proxy_password: Optional[str] = None,
proxy_port: Optional[int] = None,
proxy_username: Optional[str] = None,
source_ip: Optional[str] = None,
ssl_min_proto_version: Optional[str] = None,
ssl_ocsp_source_ip: Optional[str] = None,
strict_crl_check: Optional[str] = None,
strict_ocsp_check: Optional[str] = None,
subject_match: Optional[str] = None,
subject_set: Optional[str] = None,
vdomparam: Optional[str] = None)
func NewSetting(ctx *Context, name string, args SettingArgs, opts ...ResourceOption) (*Setting, error)
public Setting(string name, SettingArgs args, CustomResourceOptions? opts = null)
public Setting(String name, SettingArgs args)
public Setting(String name, SettingArgs args, CustomResourceOptions options)
type: fortios:vpn/certificate/setting:Setting
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SettingArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Setting Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Setting resource accepts the following input properties:
- Certname
Dsa1024 string - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Dsa2048 string - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa256 string - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa384 string - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa1024 string - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa2048 string - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Cert
Expire intWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- Certname
Ecdsa521 string - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ed25519 string - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ed448 string - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa4096 string - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Check
Ca stringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - Check
Ca stringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - Cmp
Key stringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - Cmp
Save stringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - Cn
Allow stringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - Cn
Match string - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - Crl
Verification Pulumiverse.Fortios. Vpn. Certificate. Inputs. Setting Crl Verification - CRL verification options. The structure of
crl_verification
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Ocsp
Default stringServer - Default OCSP server.
- Ocsp
Option string - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - Ocsp
Status string - Enable/disable receiving certificates using the OCSP.
- Proxy string
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- Proxy
Password string - Proxy server password.
- Proxy
Port int - Proxy server port (1 - 65535, default = 8080).
- Proxy
Username string - Proxy server user name.
- Source
Ip string - Source IP address for dynamic AIA and OCSP queries.
- Ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Ssl
Ocsp stringSource Ip - Source IP address to use to communicate with the OCSP server.
- Strict
Crl stringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - Strict
Ocsp stringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - Subject
Match string - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - Subject
Set string - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Certname
Dsa1024 string - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Dsa2048 string - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa256 string - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa384 string - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa1024 string - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa2048 string - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Cert
Expire intWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- Certname
Ecdsa521 string - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ed25519 string - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ed448 string - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa4096 string - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Check
Ca stringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - Check
Ca stringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - Cmp
Key stringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - Cmp
Save stringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - Cn
Allow stringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - Cn
Match string - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - Crl
Verification SettingCrl Verification Args - CRL verification options. The structure of
crl_verification
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Ocsp
Default stringServer - Default OCSP server.
- Ocsp
Option string - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - Ocsp
Status string - Enable/disable receiving certificates using the OCSP.
- Proxy string
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- Proxy
Password string - Proxy server password.
- Proxy
Port int - Proxy server port (1 - 65535, default = 8080).
- Proxy
Username string - Proxy server user name.
- Source
Ip string - Source IP address for dynamic AIA and OCSP queries.
- Ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Ssl
Ocsp stringSource Ip - Source IP address to use to communicate with the OCSP server.
- Strict
Crl stringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - Strict
Ocsp stringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - Subject
Match string - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - Subject
Set string - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- certname
Dsa1024 String - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Dsa2048 String - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa256 String - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa384 String - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa1024 String - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa2048 String - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- cert
Expire IntegerWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- certname
Ecdsa521 String - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed25519 String - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed448 String - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa4096 String - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- check
Ca StringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - check
Ca StringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - cmp
Key StringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - cmp
Save StringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - cn
Allow StringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - cn
Match String - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - crl
Verification SettingCrl Verification - CRL verification options. The structure of
crl_verification
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - interface_ String
- Specify outgoing interface to reach server.
- ocsp
Default StringServer - Default OCSP server.
- ocsp
Option String - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - ocsp
Status String - Enable/disable receiving certificates using the OCSP.
- proxy String
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- proxy
Password String - Proxy server password.
- proxy
Port Integer - Proxy server port (1 - 65535, default = 8080).
- proxy
Username String - Proxy server user name.
- source
Ip String - Source IP address for dynamic AIA and OCSP queries.
- ssl
Min StringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- ssl
Ocsp StringSource Ip - Source IP address to use to communicate with the OCSP server.
- strict
Crl StringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - strict
Ocsp StringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - subject
Match String - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - subject
Set String - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- certname
Dsa1024 string - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Dsa2048 string - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa256 string - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa384 string - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa1024 string - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa2048 string - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- cert
Expire numberWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- certname
Ecdsa521 string - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed25519 string - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed448 string - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa4096 string - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- check
Ca stringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - check
Ca stringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - cmp
Key stringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - cmp
Save stringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - cn
Allow stringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - cn
Match string - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - crl
Verification SettingCrl Verification - CRL verification options. The structure of
crl_verification
block is documented below. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - ocsp
Default stringServer - Default OCSP server.
- ocsp
Option string - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - ocsp
Status string - Enable/disable receiving certificates using the OCSP.
- proxy string
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- proxy
Password string - Proxy server password.
- proxy
Port number - Proxy server port (1 - 65535, default = 8080).
- proxy
Username string - Proxy server user name.
- source
Ip string - Source IP address for dynamic AIA and OCSP queries.
- ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- ssl
Ocsp stringSource Ip - Source IP address to use to communicate with the OCSP server.
- strict
Crl stringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - strict
Ocsp stringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - subject
Match string - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - subject
Set string - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- certname_
dsa1024 str - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname_
dsa2048 str - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ecdsa256 str - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ecdsa384 str - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
rsa1024 str - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname_
rsa2048 str - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- cert_
expire_ intwarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- certname_
ecdsa521 str - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ed25519 str - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ed448 str - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
rsa4096 str - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- check_
ca_ strcert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - check_
ca_ strchain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - cmp_
key_ strusage_ checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - cmp_
save_ strextra_ certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - cn_
allow_ strmulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - cn_
match str - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - crl_
verification SettingCrl Verification Args - CRL verification options. The structure of
crl_verification
block is documented below. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - ocsp_
default_ strserver - Default OCSP server.
- ocsp_
option str - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - ocsp_
status str - Enable/disable receiving certificates using the OCSP.
- proxy str
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- proxy_
password str - Proxy server password.
- proxy_
port int - Proxy server port (1 - 65535, default = 8080).
- proxy_
username str - Proxy server user name.
- source_
ip str - Source IP address for dynamic AIA and OCSP queries.
- ssl_
min_ strproto_ version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- ssl_
ocsp_ strsource_ ip - Source IP address to use to communicate with the OCSP server.
- strict_
crl_ strcheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - strict_
ocsp_ strcheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - subject_
match str - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - subject_
set str - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- certname
Dsa1024 String - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Dsa2048 String - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa256 String - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa384 String - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa1024 String - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa2048 String - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- cert
Expire NumberWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- certname
Ecdsa521 String - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed25519 String - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed448 String - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa4096 String - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- check
Ca StringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - check
Ca StringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - cmp
Key StringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - cmp
Save StringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - cn
Allow StringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - cn
Match String - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - crl
Verification Property Map - CRL verification options. The structure of
crl_verification
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - ocsp
Default StringServer - Default OCSP server.
- ocsp
Option String - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - ocsp
Status String - Enable/disable receiving certificates using the OCSP.
- proxy String
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- proxy
Password String - Proxy server password.
- proxy
Port Number - Proxy server port (1 - 65535, default = 8080).
- proxy
Username String - Proxy server user name.
- source
Ip String - Source IP address for dynamic AIA and OCSP queries.
- ssl
Min StringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- ssl
Ocsp StringSource Ip - Source IP address to use to communicate with the OCSP server.
- strict
Crl StringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - strict
Ocsp StringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - subject
Match String - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - subject
Set String - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Outputs
All input properties are implicitly available as output properties. Additionally, the Setting resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Setting Resource
Get an existing Setting resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SettingState, opts?: CustomResourceOptions): Setting
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cert_expire_warning: Optional[int] = None,
certname_dsa1024: Optional[str] = None,
certname_dsa2048: Optional[str] = None,
certname_ecdsa256: Optional[str] = None,
certname_ecdsa384: Optional[str] = None,
certname_ecdsa521: Optional[str] = None,
certname_ed25519: Optional[str] = None,
certname_ed448: Optional[str] = None,
certname_rsa1024: Optional[str] = None,
certname_rsa2048: Optional[str] = None,
certname_rsa4096: Optional[str] = None,
check_ca_cert: Optional[str] = None,
check_ca_chain: Optional[str] = None,
cmp_key_usage_checking: Optional[str] = None,
cmp_save_extra_certs: Optional[str] = None,
cn_allow_multi: Optional[str] = None,
cn_match: Optional[str] = None,
crl_verification: Optional[SettingCrlVerificationArgs] = None,
get_all_tables: Optional[str] = None,
interface: Optional[str] = None,
interface_select_method: Optional[str] = None,
ocsp_default_server: Optional[str] = None,
ocsp_option: Optional[str] = None,
ocsp_status: Optional[str] = None,
proxy: Optional[str] = None,
proxy_password: Optional[str] = None,
proxy_port: Optional[int] = None,
proxy_username: Optional[str] = None,
source_ip: Optional[str] = None,
ssl_min_proto_version: Optional[str] = None,
ssl_ocsp_source_ip: Optional[str] = None,
strict_crl_check: Optional[str] = None,
strict_ocsp_check: Optional[str] = None,
subject_match: Optional[str] = None,
subject_set: Optional[str] = None,
vdomparam: Optional[str] = None) -> Setting
func GetSetting(ctx *Context, name string, id IDInput, state *SettingState, opts ...ResourceOption) (*Setting, error)
public static Setting Get(string name, Input<string> id, SettingState? state, CustomResourceOptions? opts = null)
public static Setting get(String name, Output<String> id, SettingState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cert
Expire intWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- Certname
Dsa1024 string - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Dsa2048 string - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa256 string - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa384 string - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa521 string - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ed25519 string - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ed448 string - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa1024 string - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa2048 string - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa4096 string - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Check
Ca stringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - Check
Ca stringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - Cmp
Key stringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - Cmp
Save stringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - Cn
Allow stringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - Cn
Match string - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - Crl
Verification Pulumiverse.Fortios. Vpn. Certificate. Inputs. Setting Crl Verification - CRL verification options. The structure of
crl_verification
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Ocsp
Default stringServer - Default OCSP server.
- Ocsp
Option string - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - Ocsp
Status string - Enable/disable receiving certificates using the OCSP.
- Proxy string
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- Proxy
Password string - Proxy server password.
- Proxy
Port int - Proxy server port (1 - 65535, default = 8080).
- Proxy
Username string - Proxy server user name.
- Source
Ip string - Source IP address for dynamic AIA and OCSP queries.
- Ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Ssl
Ocsp stringSource Ip - Source IP address to use to communicate with the OCSP server.
- Strict
Crl stringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - Strict
Ocsp stringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - Subject
Match string - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - Subject
Set string - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Cert
Expire intWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- Certname
Dsa1024 string - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Dsa2048 string - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa256 string - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa384 string - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ecdsa521 string - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ed25519 string - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Ed448 string - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa1024 string - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa2048 string - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Certname
Rsa4096 string - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- Check
Ca stringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - Check
Ca stringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - Cmp
Key stringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - Cmp
Save stringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - Cn
Allow stringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - Cn
Match string - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - Crl
Verification SettingCrl Verification Args - CRL verification options. The structure of
crl_verification
block is documented below. - Get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- Interface string
- Specify outgoing interface to reach server.
- Interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - Ocsp
Default stringServer - Default OCSP server.
- Ocsp
Option string - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - Ocsp
Status string - Enable/disable receiving certificates using the OCSP.
- Proxy string
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- Proxy
Password string - Proxy server password.
- Proxy
Port int - Proxy server port (1 - 65535, default = 8080).
- Proxy
Username string - Proxy server user name.
- Source
Ip string - Source IP address for dynamic AIA and OCSP queries.
- Ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- Ssl
Ocsp stringSource Ip - Source IP address to use to communicate with the OCSP server.
- Strict
Crl stringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - Strict
Ocsp stringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - Subject
Match string - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - Subject
Set string - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- cert
Expire IntegerWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- certname
Dsa1024 String - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Dsa2048 String - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa256 String - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa384 String - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa521 String - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed25519 String - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed448 String - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa1024 String - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa2048 String - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa4096 String - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- check
Ca StringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - check
Ca StringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - cmp
Key StringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - cmp
Save StringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - cn
Allow StringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - cn
Match String - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - crl
Verification SettingCrl Verification - CRL verification options. The structure of
crl_verification
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - interface_ String
- Specify outgoing interface to reach server.
- ocsp
Default StringServer - Default OCSP server.
- ocsp
Option String - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - ocsp
Status String - Enable/disable receiving certificates using the OCSP.
- proxy String
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- proxy
Password String - Proxy server password.
- proxy
Port Integer - Proxy server port (1 - 65535, default = 8080).
- proxy
Username String - Proxy server user name.
- source
Ip String - Source IP address for dynamic AIA and OCSP queries.
- ssl
Min StringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- ssl
Ocsp StringSource Ip - Source IP address to use to communicate with the OCSP server.
- strict
Crl StringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - strict
Ocsp StringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - subject
Match String - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - subject
Set String - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- cert
Expire numberWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- certname
Dsa1024 string - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Dsa2048 string - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa256 string - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa384 string - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa521 string - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed25519 string - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed448 string - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa1024 string - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa2048 string - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa4096 string - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- check
Ca stringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - check
Ca stringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - cmp
Key stringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - cmp
Save stringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - cn
Allow stringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - cn
Match string - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - crl
Verification SettingCrl Verification - CRL verification options. The structure of
crl_verification
block is documented below. - get
All stringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- interface string
- Specify outgoing interface to reach server.
- interface
Select stringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - ocsp
Default stringServer - Default OCSP server.
- ocsp
Option string - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - ocsp
Status string - Enable/disable receiving certificates using the OCSP.
- proxy string
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- proxy
Password string - Proxy server password.
- proxy
Port number - Proxy server port (1 - 65535, default = 8080).
- proxy
Username string - Proxy server user name.
- source
Ip string - Source IP address for dynamic AIA and OCSP queries.
- ssl
Min stringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- ssl
Ocsp stringSource Ip - Source IP address to use to communicate with the OCSP server.
- strict
Crl stringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - strict
Ocsp stringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - subject
Match string - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - subject
Set string - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- cert_
expire_ intwarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- certname_
dsa1024 str - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname_
dsa2048 str - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ecdsa256 str - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ecdsa384 str - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ecdsa521 str - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ed25519 str - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
ed448 str - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname_
rsa1024 str - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname_
rsa2048 str - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname_
rsa4096 str - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- check_
ca_ strcert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - check_
ca_ strchain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - cmp_
key_ strusage_ checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - cmp_
save_ strextra_ certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - cn_
allow_ strmulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - cn_
match str - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - crl_
verification SettingCrl Verification Args - CRL verification options. The structure of
crl_verification
block is documented below. - get_
all_ strtables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- interface str
- Specify outgoing interface to reach server.
- interface_
select_ strmethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - ocsp_
default_ strserver - Default OCSP server.
- ocsp_
option str - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - ocsp_
status str - Enable/disable receiving certificates using the OCSP.
- proxy str
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- proxy_
password str - Proxy server password.
- proxy_
port int - Proxy server port (1 - 65535, default = 8080).
- proxy_
username str - Proxy server user name.
- source_
ip str - Source IP address for dynamic AIA and OCSP queries.
- ssl_
min_ strproto_ version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- ssl_
ocsp_ strsource_ ip - Source IP address to use to communicate with the OCSP server.
- strict_
crl_ strcheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - strict_
ocsp_ strcheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - subject_
match str - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - subject_
set str - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- cert
Expire NumberWarning - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
- certname
Dsa1024 String - 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Dsa2048 String - 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa256 String - 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa384 String - 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ecdsa521 String - 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed25519 String - 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Ed448 String - 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa1024 String - 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa2048 String - 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
- certname
Rsa4096 String - 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
- check
Ca StringCert - Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values:
enable
,disable
. - check
Ca StringChain - Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values:
enable
,disable
. - cmp
Key StringUsage Checking - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values:
enable
,disable
. - cmp
Save StringExtra Certs - Enable/disable saving extra certificates in CMP mode (default = disable). Valid values:
enable
,disable
. - cn
Allow StringMulti - When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values:
disable
,enable
. - cn
Match String - When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - crl
Verification Property Map - CRL verification options. The structure of
crl_verification
block is documented below. - get
All StringTables - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
- interface String
- Specify outgoing interface to reach server.
- interface
Select StringMethod - Specify how to select outgoing interface to reach server. Valid values:
auto
,sdwan
,specify
. - ocsp
Default StringServer - Default OCSP server.
- ocsp
Option String - Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values:
certificate
,server
. - ocsp
Status String - Enable/disable receiving certificates using the OCSP.
- proxy String
- Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
- proxy
Password String - Proxy server password.
- proxy
Port Number - Proxy server port (1 - 65535, default = 8080).
- proxy
Username String - Proxy server user name.
- source
Ip String - Source IP address for dynamic AIA and OCSP queries.
- ssl
Min StringProto Version - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
- ssl
Ocsp StringSource Ip - Source IP address to use to communicate with the OCSP server.
- strict
Crl StringCheck - Enable/disable strict mode CRL checking. Valid values:
enable
,disable
. - strict
Ocsp StringCheck - Enable/disable strict mode OCSP checking. Valid values:
enable
,disable
. - subject
Match String - When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values:
substring
,value
. - subject
Set String - When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values:
subset
,superset
. - vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Supporting Types
SettingCrlVerification, SettingCrlVerificationArgs
- Chain
Crl stringAbsence - CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values:
ignore
,revoke
. - Expiry string
- CRL verification option when CRL is expired (default = ignore). Valid values:
ignore
,revoke
. - Leaf
Crl stringAbsence - CRL verification option when leaf CRL is absent (default = ignore). Valid values:
ignore
,revoke
.
- Chain
Crl stringAbsence - CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values:
ignore
,revoke
. - Expiry string
- CRL verification option when CRL is expired (default = ignore). Valid values:
ignore
,revoke
. - Leaf
Crl stringAbsence - CRL verification option when leaf CRL is absent (default = ignore). Valid values:
ignore
,revoke
.
- chain
Crl StringAbsence - CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values:
ignore
,revoke
. - expiry String
- CRL verification option when CRL is expired (default = ignore). Valid values:
ignore
,revoke
. - leaf
Crl StringAbsence - CRL verification option when leaf CRL is absent (default = ignore). Valid values:
ignore
,revoke
.
- chain
Crl stringAbsence - CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values:
ignore
,revoke
. - expiry string
- CRL verification option when CRL is expired (default = ignore). Valid values:
ignore
,revoke
. - leaf
Crl stringAbsence - CRL verification option when leaf CRL is absent (default = ignore). Valid values:
ignore
,revoke
.
- chain_
crl_ strabsence - CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values:
ignore
,revoke
. - expiry str
- CRL verification option when CRL is expired (default = ignore). Valid values:
ignore
,revoke
. - leaf_
crl_ strabsence - CRL verification option when leaf CRL is absent (default = ignore). Valid values:
ignore
,revoke
.
- chain
Crl StringAbsence - CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values:
ignore
,revoke
. - expiry String
- CRL verification option when CRL is expired (default = ignore). Valid values:
ignore
,revoke
. - leaf
Crl StringAbsence - CRL verification option when leaf CRL is absent (default = ignore). Valid values:
ignore
,revoke
.
Import
VpnCertificate Setting can be imported using any of these accepted formats:
$ pulumi import fortios:vpn/certificate/setting:Setting labelname VpnCertificateSetting
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:vpn/certificate/setting:Setting labelname VpnCertificateSetting
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.