1. Packages
  2. Fortios
  3. API Docs
  4. vpn
  5. vpn/certificate
  6. Setting
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.vpn/certificate.Setting

Explore with Pulumi AI

fortios logo
Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

    VPN certificate setting.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fortios from "@pulumiverse/fortios";
    
    const trname = new fortios.vpn.certificate.Setting("trname", {
        certnameDsa1024: "Fortinet_SSL_DSA1024",
        certnameDsa2048: "Fortinet_SSL_DSA2048",
        certnameEcdsa256: "Fortinet_SSL_ECDSA256",
        certnameEcdsa384: "Fortinet_SSL_ECDSA384",
        certnameRsa1024: "Fortinet_SSL_RSA1024",
        certnameRsa2048: "Fortinet_SSL_RSA2048",
        checkCaCert: "enable",
        checkCaChain: "disable",
        cmpSaveExtraCerts: "disable",
        cnMatch: "substring",
        ocspOption: "server",
        ocspStatus: "disable",
        sslMinProtoVersion: "default",
        strictCrlCheck: "disable",
        strictOcspCheck: "disable",
        subjectMatch: "substring",
    });
    
    import pulumi
    import pulumiverse_fortios as fortios
    
    trname = fortios.vpn.certificate.Setting("trname",
        certname_dsa1024="Fortinet_SSL_DSA1024",
        certname_dsa2048="Fortinet_SSL_DSA2048",
        certname_ecdsa256="Fortinet_SSL_ECDSA256",
        certname_ecdsa384="Fortinet_SSL_ECDSA384",
        certname_rsa1024="Fortinet_SSL_RSA1024",
        certname_rsa2048="Fortinet_SSL_RSA2048",
        check_ca_cert="enable",
        check_ca_chain="disable",
        cmp_save_extra_certs="disable",
        cn_match="substring",
        ocsp_option="server",
        ocsp_status="disable",
        ssl_min_proto_version="default",
        strict_crl_check="disable",
        strict_ocsp_check="disable",
        subject_match="substring")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/vpn"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := vpn.NewSetting(ctx, "trname", &vpn.SettingArgs{
    			CertnameDsa1024:    pulumi.String("Fortinet_SSL_DSA1024"),
    			CertnameDsa2048:    pulumi.String("Fortinet_SSL_DSA2048"),
    			CertnameEcdsa256:   pulumi.String("Fortinet_SSL_ECDSA256"),
    			CertnameEcdsa384:   pulumi.String("Fortinet_SSL_ECDSA384"),
    			CertnameRsa1024:    pulumi.String("Fortinet_SSL_RSA1024"),
    			CertnameRsa2048:    pulumi.String("Fortinet_SSL_RSA2048"),
    			CheckCaCert:        pulumi.String("enable"),
    			CheckCaChain:       pulumi.String("disable"),
    			CmpSaveExtraCerts:  pulumi.String("disable"),
    			CnMatch:            pulumi.String("substring"),
    			OcspOption:         pulumi.String("server"),
    			OcspStatus:         pulumi.String("disable"),
    			SslMinProtoVersion: pulumi.String("default"),
    			StrictCrlCheck:     pulumi.String("disable"),
    			StrictOcspCheck:    pulumi.String("disable"),
    			SubjectMatch:       pulumi.String("substring"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fortios = Pulumiverse.Fortios;
    
    return await Deployment.RunAsync(() => 
    {
        var trname = new Fortios.Vpn.Certificate.Setting("trname", new()
        {
            CertnameDsa1024 = "Fortinet_SSL_DSA1024",
            CertnameDsa2048 = "Fortinet_SSL_DSA2048",
            CertnameEcdsa256 = "Fortinet_SSL_ECDSA256",
            CertnameEcdsa384 = "Fortinet_SSL_ECDSA384",
            CertnameRsa1024 = "Fortinet_SSL_RSA1024",
            CertnameRsa2048 = "Fortinet_SSL_RSA2048",
            CheckCaCert = "enable",
            CheckCaChain = "disable",
            CmpSaveExtraCerts = "disable",
            CnMatch = "substring",
            OcspOption = "server",
            OcspStatus = "disable",
            SslMinProtoVersion = "default",
            StrictCrlCheck = "disable",
            StrictOcspCheck = "disable",
            SubjectMatch = "substring",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fortios.vpn.Setting;
    import com.pulumi.fortios.vpn.SettingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var trname = new Setting("trname", SettingArgs.builder()
                .certnameDsa1024("Fortinet_SSL_DSA1024")
                .certnameDsa2048("Fortinet_SSL_DSA2048")
                .certnameEcdsa256("Fortinet_SSL_ECDSA256")
                .certnameEcdsa384("Fortinet_SSL_ECDSA384")
                .certnameRsa1024("Fortinet_SSL_RSA1024")
                .certnameRsa2048("Fortinet_SSL_RSA2048")
                .checkCaCert("enable")
                .checkCaChain("disable")
                .cmpSaveExtraCerts("disable")
                .cnMatch("substring")
                .ocspOption("server")
                .ocspStatus("disable")
                .sslMinProtoVersion("default")
                .strictCrlCheck("disable")
                .strictOcspCheck("disable")
                .subjectMatch("substring")
                .build());
    
        }
    }
    
    resources:
      trname:
        type: fortios:vpn/certificate:Setting
        properties:
          certnameDsa1024: Fortinet_SSL_DSA1024
          certnameDsa2048: Fortinet_SSL_DSA2048
          certnameEcdsa256: Fortinet_SSL_ECDSA256
          certnameEcdsa384: Fortinet_SSL_ECDSA384
          certnameRsa1024: Fortinet_SSL_RSA1024
          certnameRsa2048: Fortinet_SSL_RSA2048
          checkCaCert: enable
          checkCaChain: disable
          cmpSaveExtraCerts: disable
          cnMatch: substring
          ocspOption: server
          ocspStatus: disable
          sslMinProtoVersion: default
          strictCrlCheck: disable
          strictOcspCheck: disable
          subjectMatch: substring
    

    Create Setting Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Setting(name: string, args: SettingArgs, opts?: CustomResourceOptions);
    @overload
    def Setting(resource_name: str,
                args: SettingArgs,
                opts: Optional[ResourceOptions] = None)
    
    @overload
    def Setting(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                certname_rsa1024: Optional[str] = None,
                certname_dsa1024: Optional[str] = None,
                certname_dsa2048: Optional[str] = None,
                certname_ecdsa256: Optional[str] = None,
                certname_ecdsa384: Optional[str] = None,
                certname_rsa2048: Optional[str] = None,
                get_all_tables: Optional[str] = None,
                ocsp_default_server: Optional[str] = None,
                certname_ed25519: Optional[str] = None,
                certname_ecdsa521: Optional[str] = None,
                certname_rsa4096: Optional[str] = None,
                check_ca_cert: Optional[str] = None,
                check_ca_chain: Optional[str] = None,
                cmp_key_usage_checking: Optional[str] = None,
                cmp_save_extra_certs: Optional[str] = None,
                cn_allow_multi: Optional[str] = None,
                cn_match: Optional[str] = None,
                crl_verification: Optional[SettingCrlVerificationArgs] = None,
                cert_expire_warning: Optional[int] = None,
                interface: Optional[str] = None,
                interface_select_method: Optional[str] = None,
                certname_ed448: Optional[str] = None,
                ocsp_option: Optional[str] = None,
                ocsp_status: Optional[str] = None,
                proxy: Optional[str] = None,
                proxy_password: Optional[str] = None,
                proxy_port: Optional[int] = None,
                proxy_username: Optional[str] = None,
                source_ip: Optional[str] = None,
                ssl_min_proto_version: Optional[str] = None,
                ssl_ocsp_source_ip: Optional[str] = None,
                strict_crl_check: Optional[str] = None,
                strict_ocsp_check: Optional[str] = None,
                subject_match: Optional[str] = None,
                subject_set: Optional[str] = None,
                vdomparam: Optional[str] = None)
    func NewSetting(ctx *Context, name string, args SettingArgs, opts ...ResourceOption) (*Setting, error)
    public Setting(string name, SettingArgs args, CustomResourceOptions? opts = null)
    public Setting(String name, SettingArgs args)
    public Setting(String name, SettingArgs args, CustomResourceOptions options)
    
    type: fortios:vpn/certificate/setting:Setting
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SettingArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Setting Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Setting resource accepts the following input properties:

    CertnameDsa1024 string
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    CertnameDsa2048 string
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa256 string
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa384 string
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa1024 string
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa2048 string
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CertExpireWarning int
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    CertnameEcdsa521 string
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEd25519 string
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEd448 string
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa4096 string
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CheckCaCert string
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    CheckCaChain string
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    CmpKeyUsageChecking string
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    CmpSaveExtraCerts string
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    CnAllowMulti string
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    CnMatch string
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    CrlVerification Pulumiverse.Fortios.Vpn.Certificate.Inputs.SettingCrlVerification
    CRL verification options. The structure of crl_verification block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    OcspDefaultServer string
    Default OCSP server.
    OcspOption string
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    OcspStatus string
    Enable/disable receiving certificates using the OCSP.
    Proxy string
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    ProxyPassword string
    Proxy server password.
    ProxyPort int
    Proxy server port (1 - 65535, default = 8080).
    ProxyUsername string
    Proxy server user name.
    SourceIp string
    Source IP address for dynamic AIA and OCSP queries.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    SslOcspSourceIp string
    Source IP address to use to communicate with the OCSP server.
    StrictCrlCheck string
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    StrictOcspCheck string
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    SubjectMatch string
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    SubjectSet string
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    CertnameDsa1024 string
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    CertnameDsa2048 string
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa256 string
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa384 string
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa1024 string
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa2048 string
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CertExpireWarning int
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    CertnameEcdsa521 string
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEd25519 string
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEd448 string
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa4096 string
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CheckCaCert string
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    CheckCaChain string
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    CmpKeyUsageChecking string
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    CmpSaveExtraCerts string
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    CnAllowMulti string
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    CnMatch string
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    CrlVerification SettingCrlVerificationArgs
    CRL verification options. The structure of crl_verification block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    OcspDefaultServer string
    Default OCSP server.
    OcspOption string
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    OcspStatus string
    Enable/disable receiving certificates using the OCSP.
    Proxy string
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    ProxyPassword string
    Proxy server password.
    ProxyPort int
    Proxy server port (1 - 65535, default = 8080).
    ProxyUsername string
    Proxy server user name.
    SourceIp string
    Source IP address for dynamic AIA and OCSP queries.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    SslOcspSourceIp string
    Source IP address to use to communicate with the OCSP server.
    StrictCrlCheck string
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    StrictOcspCheck string
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    SubjectMatch string
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    SubjectSet string
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certnameDsa1024 String
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameDsa2048 String
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa256 String
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa384 String
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa1024 String
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa2048 String
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certExpireWarning Integer
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    certnameEcdsa521 String
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd25519 String
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd448 String
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa4096 String
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    checkCaCert String
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    checkCaChain String
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    cmpKeyUsageChecking String
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    cmpSaveExtraCerts String
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    cnAllowMulti String
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    cnMatch String
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    crlVerification SettingCrlVerification
    CRL verification options. The structure of crl_verification block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    interface_ String
    Specify outgoing interface to reach server.
    ocspDefaultServer String
    Default OCSP server.
    ocspOption String
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    ocspStatus String
    Enable/disable receiving certificates using the OCSP.
    proxy String
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    proxyPassword String
    Proxy server password.
    proxyPort Integer
    Proxy server port (1 - 65535, default = 8080).
    proxyUsername String
    Proxy server user name.
    sourceIp String
    Source IP address for dynamic AIA and OCSP queries.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    sslOcspSourceIp String
    Source IP address to use to communicate with the OCSP server.
    strictCrlCheck String
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    strictOcspCheck String
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    subjectMatch String
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    subjectSet String
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certnameDsa1024 string
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameDsa2048 string
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa256 string
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa384 string
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa1024 string
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa2048 string
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certExpireWarning number
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    certnameEcdsa521 string
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd25519 string
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd448 string
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa4096 string
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    checkCaCert string
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    checkCaChain string
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    cmpKeyUsageChecking string
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    cmpSaveExtraCerts string
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    cnAllowMulti string
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    cnMatch string
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    crlVerification SettingCrlVerification
    CRL verification options. The structure of crl_verification block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    interface string
    Specify outgoing interface to reach server.
    interfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    ocspDefaultServer string
    Default OCSP server.
    ocspOption string
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    ocspStatus string
    Enable/disable receiving certificates using the OCSP.
    proxy string
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    proxyPassword string
    Proxy server password.
    proxyPort number
    Proxy server port (1 - 65535, default = 8080).
    proxyUsername string
    Proxy server user name.
    sourceIp string
    Source IP address for dynamic AIA and OCSP queries.
    sslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    sslOcspSourceIp string
    Source IP address to use to communicate with the OCSP server.
    strictCrlCheck string
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    strictOcspCheck string
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    subjectMatch string
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    subjectSet string
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certname_dsa1024 str
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certname_dsa2048 str
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certname_ecdsa256 str
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certname_ecdsa384 str
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certname_rsa1024 str
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certname_rsa2048 str
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    cert_expire_warning int
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    certname_ecdsa521 str
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certname_ed25519 str
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certname_ed448 str
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certname_rsa4096 str
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    check_ca_cert str
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    check_ca_chain str
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    cmp_key_usage_checking str
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    cmp_save_extra_certs str
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    cn_allow_multi str
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    cn_match str
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    crl_verification SettingCrlVerificationArgs
    CRL verification options. The structure of crl_verification block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    interface str
    Specify outgoing interface to reach server.
    interface_select_method str
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    ocsp_default_server str
    Default OCSP server.
    ocsp_option str
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    ocsp_status str
    Enable/disable receiving certificates using the OCSP.
    proxy str
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    proxy_password str
    Proxy server password.
    proxy_port int
    Proxy server port (1 - 65535, default = 8080).
    proxy_username str
    Proxy server user name.
    source_ip str
    Source IP address for dynamic AIA and OCSP queries.
    ssl_min_proto_version str
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    ssl_ocsp_source_ip str
    Source IP address to use to communicate with the OCSP server.
    strict_crl_check str
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    strict_ocsp_check str
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    subject_match str
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    subject_set str
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certnameDsa1024 String
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameDsa2048 String
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa256 String
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa384 String
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa1024 String
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa2048 String
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certExpireWarning Number
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    certnameEcdsa521 String
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd25519 String
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd448 String
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa4096 String
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    checkCaCert String
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    checkCaChain String
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    cmpKeyUsageChecking String
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    cmpSaveExtraCerts String
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    cnAllowMulti String
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    cnMatch String
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    crlVerification Property Map
    CRL verification options. The structure of crl_verification block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    interface String
    Specify outgoing interface to reach server.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    ocspDefaultServer String
    Default OCSP server.
    ocspOption String
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    ocspStatus String
    Enable/disable receiving certificates using the OCSP.
    proxy String
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    proxyPassword String
    Proxy server password.
    proxyPort Number
    Proxy server port (1 - 65535, default = 8080).
    proxyUsername String
    Proxy server user name.
    sourceIp String
    Source IP address for dynamic AIA and OCSP queries.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    sslOcspSourceIp String
    Source IP address to use to communicate with the OCSP server.
    strictCrlCheck String
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    strictOcspCheck String
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    subjectMatch String
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    subjectSet String
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Setting resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Setting Resource

    Get an existing Setting resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SettingState, opts?: CustomResourceOptions): Setting
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            cert_expire_warning: Optional[int] = None,
            certname_dsa1024: Optional[str] = None,
            certname_dsa2048: Optional[str] = None,
            certname_ecdsa256: Optional[str] = None,
            certname_ecdsa384: Optional[str] = None,
            certname_ecdsa521: Optional[str] = None,
            certname_ed25519: Optional[str] = None,
            certname_ed448: Optional[str] = None,
            certname_rsa1024: Optional[str] = None,
            certname_rsa2048: Optional[str] = None,
            certname_rsa4096: Optional[str] = None,
            check_ca_cert: Optional[str] = None,
            check_ca_chain: Optional[str] = None,
            cmp_key_usage_checking: Optional[str] = None,
            cmp_save_extra_certs: Optional[str] = None,
            cn_allow_multi: Optional[str] = None,
            cn_match: Optional[str] = None,
            crl_verification: Optional[SettingCrlVerificationArgs] = None,
            get_all_tables: Optional[str] = None,
            interface: Optional[str] = None,
            interface_select_method: Optional[str] = None,
            ocsp_default_server: Optional[str] = None,
            ocsp_option: Optional[str] = None,
            ocsp_status: Optional[str] = None,
            proxy: Optional[str] = None,
            proxy_password: Optional[str] = None,
            proxy_port: Optional[int] = None,
            proxy_username: Optional[str] = None,
            source_ip: Optional[str] = None,
            ssl_min_proto_version: Optional[str] = None,
            ssl_ocsp_source_ip: Optional[str] = None,
            strict_crl_check: Optional[str] = None,
            strict_ocsp_check: Optional[str] = None,
            subject_match: Optional[str] = None,
            subject_set: Optional[str] = None,
            vdomparam: Optional[str] = None) -> Setting
    func GetSetting(ctx *Context, name string, id IDInput, state *SettingState, opts ...ResourceOption) (*Setting, error)
    public static Setting Get(string name, Input<string> id, SettingState? state, CustomResourceOptions? opts = null)
    public static Setting get(String name, Output<String> id, SettingState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CertExpireWarning int
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    CertnameDsa1024 string
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    CertnameDsa2048 string
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa256 string
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa384 string
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa521 string
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEd25519 string
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEd448 string
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa1024 string
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa2048 string
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa4096 string
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CheckCaCert string
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    CheckCaChain string
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    CmpKeyUsageChecking string
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    CmpSaveExtraCerts string
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    CnAllowMulti string
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    CnMatch string
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    CrlVerification Pulumiverse.Fortios.Vpn.Certificate.Inputs.SettingCrlVerification
    CRL verification options. The structure of crl_verification block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    OcspDefaultServer string
    Default OCSP server.
    OcspOption string
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    OcspStatus string
    Enable/disable receiving certificates using the OCSP.
    Proxy string
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    ProxyPassword string
    Proxy server password.
    ProxyPort int
    Proxy server port (1 - 65535, default = 8080).
    ProxyUsername string
    Proxy server user name.
    SourceIp string
    Source IP address for dynamic AIA and OCSP queries.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    SslOcspSourceIp string
    Source IP address to use to communicate with the OCSP server.
    StrictCrlCheck string
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    StrictOcspCheck string
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    SubjectMatch string
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    SubjectSet string
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    CertExpireWarning int
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    CertnameDsa1024 string
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    CertnameDsa2048 string
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa256 string
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa384 string
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEcdsa521 string
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEd25519 string
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameEd448 string
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa1024 string
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa2048 string
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CertnameRsa4096 string
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    CheckCaCert string
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    CheckCaChain string
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    CmpKeyUsageChecking string
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    CmpSaveExtraCerts string
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    CnAllowMulti string
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    CnMatch string
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    CrlVerification SettingCrlVerificationArgs
    CRL verification options. The structure of crl_verification block is documented below.
    GetAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    Interface string
    Specify outgoing interface to reach server.
    InterfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    OcspDefaultServer string
    Default OCSP server.
    OcspOption string
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    OcspStatus string
    Enable/disable receiving certificates using the OCSP.
    Proxy string
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    ProxyPassword string
    Proxy server password.
    ProxyPort int
    Proxy server port (1 - 65535, default = 8080).
    ProxyUsername string
    Proxy server user name.
    SourceIp string
    Source IP address for dynamic AIA and OCSP queries.
    SslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    SslOcspSourceIp string
    Source IP address to use to communicate with the OCSP server.
    StrictCrlCheck string
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    StrictOcspCheck string
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    SubjectMatch string
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    SubjectSet string
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    Vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certExpireWarning Integer
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    certnameDsa1024 String
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameDsa2048 String
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa256 String
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa384 String
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa521 String
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd25519 String
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd448 String
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa1024 String
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa2048 String
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa4096 String
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    checkCaCert String
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    checkCaChain String
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    cmpKeyUsageChecking String
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    cmpSaveExtraCerts String
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    cnAllowMulti String
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    cnMatch String
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    crlVerification SettingCrlVerification
    CRL verification options. The structure of crl_verification block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    interface_ String
    Specify outgoing interface to reach server.
    ocspDefaultServer String
    Default OCSP server.
    ocspOption String
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    ocspStatus String
    Enable/disable receiving certificates using the OCSP.
    proxy String
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    proxyPassword String
    Proxy server password.
    proxyPort Integer
    Proxy server port (1 - 65535, default = 8080).
    proxyUsername String
    Proxy server user name.
    sourceIp String
    Source IP address for dynamic AIA and OCSP queries.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    sslOcspSourceIp String
    Source IP address to use to communicate with the OCSP server.
    strictCrlCheck String
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    strictOcspCheck String
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    subjectMatch String
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    subjectSet String
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certExpireWarning number
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    certnameDsa1024 string
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameDsa2048 string
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa256 string
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa384 string
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa521 string
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd25519 string
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd448 string
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa1024 string
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa2048 string
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa4096 string
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    checkCaCert string
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    checkCaChain string
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    cmpKeyUsageChecking string
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    cmpSaveExtraCerts string
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    cnAllowMulti string
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    cnMatch string
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    crlVerification SettingCrlVerification
    CRL verification options. The structure of crl_verification block is documented below.
    getAllTables string
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    interface string
    Specify outgoing interface to reach server.
    interfaceSelectMethod string
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    ocspDefaultServer string
    Default OCSP server.
    ocspOption string
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    ocspStatus string
    Enable/disable receiving certificates using the OCSP.
    proxy string
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    proxyPassword string
    Proxy server password.
    proxyPort number
    Proxy server port (1 - 65535, default = 8080).
    proxyUsername string
    Proxy server user name.
    sourceIp string
    Source IP address for dynamic AIA and OCSP queries.
    sslMinProtoVersion string
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    sslOcspSourceIp string
    Source IP address to use to communicate with the OCSP server.
    strictCrlCheck string
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    strictOcspCheck string
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    subjectMatch string
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    subjectSet string
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    vdomparam string
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    cert_expire_warning int
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    certname_dsa1024 str
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certname_dsa2048 str
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certname_ecdsa256 str
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certname_ecdsa384 str
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certname_ecdsa521 str
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certname_ed25519 str
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certname_ed448 str
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certname_rsa1024 str
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certname_rsa2048 str
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certname_rsa4096 str
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    check_ca_cert str
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    check_ca_chain str
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    cmp_key_usage_checking str
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    cmp_save_extra_certs str
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    cn_allow_multi str
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    cn_match str
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    crl_verification SettingCrlVerificationArgs
    CRL verification options. The structure of crl_verification block is documented below.
    get_all_tables str
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    interface str
    Specify outgoing interface to reach server.
    interface_select_method str
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    ocsp_default_server str
    Default OCSP server.
    ocsp_option str
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    ocsp_status str
    Enable/disable receiving certificates using the OCSP.
    proxy str
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    proxy_password str
    Proxy server password.
    proxy_port int
    Proxy server port (1 - 65535, default = 8080).
    proxy_username str
    Proxy server user name.
    source_ip str
    Source IP address for dynamic AIA and OCSP queries.
    ssl_min_proto_version str
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    ssl_ocsp_source_ip str
    Source IP address to use to communicate with the OCSP server.
    strict_crl_check str
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    strict_ocsp_check str
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    subject_match str
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    subject_set str
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    vdomparam str
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
    certExpireWarning Number
    Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
    certnameDsa1024 String
    1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameDsa2048 String
    2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa256 String
    256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa384 String
    384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEcdsa521 String
    521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd25519 String
    253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameEd448 String
    456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa1024 String
    1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa2048 String
    2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
    certnameRsa4096 String
    4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
    checkCaCert String
    Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
    checkCaChain String
    Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
    cmpKeyUsageChecking String
    Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
    cmpSaveExtraCerts String
    Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
    cnAllowMulti String
    When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
    cnMatch String
    When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
    crlVerification Property Map
    CRL verification options. The structure of crl_verification block is documented below.
    getAllTables String
    Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
    interface String
    Specify outgoing interface to reach server.
    interfaceSelectMethod String
    Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
    ocspDefaultServer String
    Default OCSP server.
    ocspOption String
    Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
    ocspStatus String
    Enable/disable receiving certificates using the OCSP.
    proxy String
    Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
    proxyPassword String
    Proxy server password.
    proxyPort Number
    Proxy server port (1 - 65535, default = 8080).
    proxyUsername String
    Proxy server user name.
    sourceIp String
    Source IP address for dynamic AIA and OCSP queries.
    sslMinProtoVersion String
    Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
    sslOcspSourceIp String
    Source IP address to use to communicate with the OCSP server.
    strictCrlCheck String
    Enable/disable strict mode CRL checking. Valid values: enable, disable.
    strictOcspCheck String
    Enable/disable strict mode OCSP checking. Valid values: enable, disable.
    subjectMatch String
    When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
    subjectSet String
    When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
    vdomparam String
    Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

    Supporting Types

    SettingCrlVerification, SettingCrlVerificationArgs

    ChainCrlAbsence string
    CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
    Expiry string
    CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
    LeafCrlAbsence string
    CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.
    ChainCrlAbsence string
    CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
    Expiry string
    CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
    LeafCrlAbsence string
    CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.
    chainCrlAbsence String
    CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
    expiry String
    CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
    leafCrlAbsence String
    CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.
    chainCrlAbsence string
    CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
    expiry string
    CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
    leafCrlAbsence string
    CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.
    chain_crl_absence str
    CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
    expiry str
    CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
    leaf_crl_absence str
    CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.
    chainCrlAbsence String
    CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
    expiry String
    CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
    leafCrlAbsence String
    CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.

    Import

    VpnCertificate Setting can be imported using any of these accepted formats:

    $ pulumi import fortios:vpn/certificate/setting:Setting labelname VpnCertificateSetting
    

    If you do not want to import arguments of block:

    $ export “FORTIOS_IMPORT_TABLE”=“false”

    $ pulumi import fortios:vpn/certificate/setting:Setting labelname VpnCertificateSetting
    

    $ unset “FORTIOS_IMPORT_TABLE”

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    fortios pulumiverse/pulumi-fortios
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the fortios Terraform Provider.
    fortios logo
    Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse