ProfileClientSsl

f5bigip.ltm.ProfileClientSsl Manages client SSL profiles on a BIG-IP

Example Usage

using Pulumi;
using F5BigIP = Pulumi.F5BigIP;

class MyStack : Stack
{
    public MyStack()
    {
        var test_ClientSsl = new F5BigIP.Ltm.ProfileClientSsl("test-ClientSsl", new F5BigIP.Ltm.ProfileClientSslArgs
        {
            Authenticate = "always",
            Ciphers = "DEFAULT",
            DefaultsFrom = "/Common/clientssl",
            Name = "/Common/test-ClientSsl",
            Partition = "Common",
        });
    }

}

Coming soon!

import pulumi
import pulumi_f5bigip as f5bigip

test__client_ssl = f5bigip.ltm.ProfileClientSsl("test-ClientSsl",
    authenticate="always",
    ciphers="DEFAULT",
    defaults_from="/Common/clientssl",
    name="/Common/test-ClientSsl",
    partition="Common")

import * as pulumi from "@pulumi/pulumi";
import * as f5bigip from "@pulumi/f5bigip";

const test_ClientSsl = new f5bigip.ltm.ProfileClientSsl("test-ClientSsl", {
    authenticate: "always",
    ciphers: "DEFAULT",
    defaultsFrom: "/Common/clientssl",
    name: "/Common/test-ClientSsl",
    partition: "Common",
});

Create a ProfileClientSsl Resource

new ProfileClientSsl(name: string, args: ProfileClientSslArgs, opts?: CustomResourceOptions);

def ProfileClientSsl(resource_name, opts=None, alert_timeout=None, allow_non_ssl=None, authenticate=None, authenticate_depth=None, ca_file=None, cache_size=None, cache_timeout=None, cert=None, cert_extension_includes=None, cert_key_chains=None, cert_life_span=None, cert_lookup_by_ipaddr_port=None, chain=None, ciphers=None, client_cert_ca=None, crl_file=None, defaults_from=None, forward_proxy_bypass_default_action=None, full_path=None, generation=None, generic_alert=None, handshake_timeout=None, inherit_cert_keychain=None, key=None, mod_ssl_methods=None, mode=None, name=None, partition=None, passphrase=None, peer_cert_mode=None, proxy_ca_cert=None, proxy_ca_key=None, proxy_ca_passphrase=None, proxy_ssl=None, proxy_ssl_passthrough=None, renegotiate_period=None, renegotiate_size=None, renegotiation=None, retain_certificate=None, secure_renegotiation=None, server_name=None, session_mirroring=None, session_ticket=None, sni_default=None, sni_require=None, ssl_forward_proxy=None, ssl_forward_proxy_bypass=None, ssl_sign_hash=None, strict_resume=None, tm_options=None, unclean_shutdown=None, __props__=None);

func NewProfileClientSsl(ctx *Context, name string, args ProfileClientSslArgs, opts ...ResourceOption) (*ProfileClientSsl, error)

public ProfileClientSsl(string name, ProfileClientSslArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args ProfileClientSslArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ProfileClientSslArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ProfileClientSslArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

ProfileClientSsl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ProfileClientSsl resource accepts the following input properties:

Name string: Specifies the name of the profile. (type string)
AlertTimeout string: Alert time out
AllowNonSsl string: Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
Authenticate string: Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
AuthenticateDepth int: Specifies the maximum number of certificates to be traversed in a client certificate chain
CaFile string: Client certificate file path. Default None.
CacheSize int: Cache size (sessions).
CacheTimeout int: Cache time out
Cert string: Specifies a cert name for use.
CertExtensionIncludes List<string>: Cert extension includes for ssl forward proxy
CertKeyChains List<Pulumi.F5BigIP.Ltm.Inputs.ProfileClientSslCertKeyChainArgs>
CertLifeSpan int: Life span of the certificate in days for ssl forward proxy
CertLookupByIpaddrPort string: Cert lookup by ip address and port enabled / disabled
Chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
Ciphers string: Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
ClientCertCa string: client certificate name
CrlFile string: Certificate revocation file name
DefaultsFrom string: The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is the clientssl parent on the Common partition.
ForwardProxyBypassDefaultAction string: Forward proxy bypass default action. (enabled / disabled)
FullPath string: full path of the profile
Generation int: generation
GenericAlert string: Generic alerts enabled / disabled.
HandshakeTimeout string: Handshake time out (seconds)
InheritCertKeychain string: Inherit cert key chain
Key string: Contains a key name
ModSslMethods string: ModSSL Methods enabled / disabled. Default is disabled.
Mode string: ModSSL Methods enabled / disabled. Default is disabled.
Partition string: Device partition to manage resources on.
Passphrase string: Client Certificate Constrained Delegation CA passphrase
PeerCertMode string: Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
ProxyCaCert string: Proxy CA Cert
ProxyCaKey string: Proxy CA Key
ProxyCaPassphrase string: Proxy CA Passphrase
ProxySsl string: Proxy SSL enabled / disabled. Default is disabled.
ProxySslPassthrough string: Proxy SSL passthrough enabled / disabled. Default is disabled.
RenegotiatePeriod string: Renogotiate Period (seconds)
RenegotiateSize string: Renogotiate Size
Renegotiation string: Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
RetainCertificate string: When true, client certificate is retained in SSL session.
SecureRenegotiation string: Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
ServerName string: Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
SessionMirroring string: Session Mirroring (enabled / disabled)
SessionTicket string: Session Ticket (enabled / disabled)
SniDefault string: Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
SniRequire string: Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
SslForwardProxy string: SSL forward Proxy (enabled / disabled)
SslForwardProxyBypass string: SSL forward Proxy Bypass (enabled / disabled)
SslSignHash string: SSL sign hash (any, sha1, sha256, sha384)
StrictResume string: Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
TmOptions List<string>
UncleanShutdown string: Unclean Shutdown (enabled / disabled)

Name string: Specifies the name of the profile. (type string)
AlertTimeout string: Alert time out
AllowNonSsl string: Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
Authenticate string: Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
AuthenticateDepth int: Specifies the maximum number of certificates to be traversed in a client certificate chain
CaFile string: Client certificate file path. Default None.
CacheSize int: Cache size (sessions).
CacheTimeout int: Cache time out
Cert string: Specifies a cert name for use.
CertExtensionIncludes []string: Cert extension includes for ssl forward proxy
CertKeyChains []ProfileClientSslCertKeyChain
CertLifeSpan int: Life span of the certificate in days for ssl forward proxy
CertLookupByIpaddrPort string: Cert lookup by ip address and port enabled / disabled
Chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
Ciphers string: Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
ClientCertCa string: client certificate name
CrlFile string: Certificate revocation file name
DefaultsFrom string: The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is the clientssl parent on the Common partition.
ForwardProxyBypassDefaultAction string: Forward proxy bypass default action. (enabled / disabled)
FullPath string: full path of the profile
Generation int: generation
GenericAlert string: Generic alerts enabled / disabled.
HandshakeTimeout string: Handshake time out (seconds)
InheritCertKeychain string: Inherit cert key chain
Key string: Contains a key name
ModSslMethods string: ModSSL Methods enabled / disabled. Default is disabled.
Mode string: ModSSL Methods enabled / disabled. Default is disabled.
Partition string: Device partition to manage resources on.
Passphrase string: Client Certificate Constrained Delegation CA passphrase
PeerCertMode string: Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
ProxyCaCert string: Proxy CA Cert
ProxyCaKey string: Proxy CA Key
ProxyCaPassphrase string: Proxy CA Passphrase
ProxySsl string: Proxy SSL enabled / disabled. Default is disabled.
ProxySslPassthrough string: Proxy SSL passthrough enabled / disabled. Default is disabled.
RenegotiatePeriod string: Renogotiate Period (seconds)
RenegotiateSize string: Renogotiate Size
Renegotiation string: Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
RetainCertificate string: When true, client certificate is retained in SSL session.
SecureRenegotiation string: Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
ServerName string: Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
SessionMirroring string: Session Mirroring (enabled / disabled)
SessionTicket string: Session Ticket (enabled / disabled)
SniDefault string: Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
SniRequire string: Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
SslForwardProxy string: SSL forward Proxy (enabled / disabled)
SslForwardProxyBypass string: SSL forward Proxy Bypass (enabled / disabled)
SslSignHash string: SSL sign hash (any, sha1, sha256, sha384)
StrictResume string: Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
TmOptions []string
UncleanShutdown string: Unclean Shutdown (enabled / disabled)

name string: Specifies the name of the profile. (type string)
alertTimeout string: Alert time out
allowNonSsl string: Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
authenticate string: Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
authenticateDepth number: Specifies the maximum number of certificates to be traversed in a client certificate chain
caFile string: Client certificate file path. Default None.
cacheSize number: Cache size (sessions).
cacheTimeout number: Cache time out
cert string: Specifies a cert name for use.
certExtensionIncludes string[]: Cert extension includes for ssl forward proxy
certKeyChains ProfileClientSslCertKeyChain[]
certLifeSpan number: Life span of the certificate in days for ssl forward proxy
certLookupByIpaddrPort string: Cert lookup by ip address and port enabled / disabled
chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
ciphers string: Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
clientCertCa string: client certificate name
crlFile string: Certificate revocation file name
defaultsFrom string: The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is the clientssl parent on the Common partition.
forwardProxyBypassDefaultAction string: Forward proxy bypass default action. (enabled / disabled)
fullPath string: full path of the profile
generation number: generation
genericAlert string: Generic alerts enabled / disabled.
handshakeTimeout string: Handshake time out (seconds)
inheritCertKeychain string: Inherit cert key chain
key string: Contains a key name
modSslMethods string: ModSSL Methods enabled / disabled. Default is disabled.
mode string: ModSSL Methods enabled / disabled. Default is disabled.
partition string: Device partition to manage resources on.
passphrase string: Client Certificate Constrained Delegation CA passphrase
peerCertMode string: Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
proxyCaCert string: Proxy CA Cert
proxyCaKey string: Proxy CA Key
proxyCaPassphrase string: Proxy CA Passphrase
proxySsl string: Proxy SSL enabled / disabled. Default is disabled.
proxySslPassthrough string: Proxy SSL passthrough enabled / disabled. Default is disabled.
renegotiatePeriod string: Renogotiate Period (seconds)
renegotiateSize string: Renogotiate Size
renegotiation string: Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
retainCertificate string: When true, client certificate is retained in SSL session.
secureRenegotiation string: Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
serverName string: Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
sessionMirroring string: Session Mirroring (enabled / disabled)
sessionTicket string: Session Ticket (enabled / disabled)
sniDefault string: Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
sniRequire string: Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
sslForwardProxy string: SSL forward Proxy (enabled / disabled)
sslForwardProxyBypass string: SSL forward Proxy Bypass (enabled / disabled)
sslSignHash string: SSL sign hash (any, sha1, sha256, sha384)
strictResume string: Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
tmOptions string[]
uncleanShutdown string: Unclean Shutdown (enabled / disabled)

name str: Specifies the name of the profile. (type string)
alert_timeout str: Alert time out
allow_non_ssl str: Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
authenticate str: Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
authenticate_depth float: Specifies the maximum number of certificates to be traversed in a client certificate chain
ca_file str: Client certificate file path. Default None.
cache_size float: Cache size (sessions).
cache_timeout float: Cache time out
cert str: Specifies a cert name for use.
cert_extension_includes List[str]: Cert extension includes for ssl forward proxy
cert_key_chains List[ProfileClientSslCertKeyChain]
cert_life_span float: Life span of the certificate in days for ssl forward proxy
cert_lookup_by_ipaddr_port str: Cert lookup by ip address and port enabled / disabled
chain str: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
ciphers str: Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
client_cert_ca str: client certificate name
crl_file str: Certificate revocation file name
defaults_from str: The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is the clientssl parent on the Common partition.
forward_proxy_bypass_default_action str: Forward proxy bypass default action. (enabled / disabled)
full_path str: full path of the profile
generation float: generation
generic_alert str: Generic alerts enabled / disabled.
handshake_timeout str: Handshake time out (seconds)
inherit_cert_keychain str: Inherit cert key chain
key str: Contains a key name
mod_ssl_methods str: ModSSL Methods enabled / disabled. Default is disabled.
mode str: ModSSL Methods enabled / disabled. Default is disabled.
partition str: Device partition to manage resources on.
passphrase str: Client Certificate Constrained Delegation CA passphrase
peer_cert_mode str: Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
proxy_ca_cert str: Proxy CA Cert
proxy_ca_key str: Proxy CA Key
proxy_ca_passphrase str: Proxy CA Passphrase
proxy_ssl str: Proxy SSL enabled / disabled. Default is disabled.
proxy_ssl_passthrough str: Proxy SSL passthrough enabled / disabled. Default is disabled.
renegotiate_period str: Renogotiate Period (seconds)
renegotiate_size str: Renogotiate Size
renegotiation str: Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
retain_certificate str: When true, client certificate is retained in SSL session.
secure_renegotiation str: Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
server_name str: Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
session_mirroring str: Session Mirroring (enabled / disabled)
session_ticket str: Session Ticket (enabled / disabled)
sni_default str: Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
sni_require str: Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
ssl_forward_proxy str: SSL forward Proxy (enabled / disabled)
ssl_forward_proxy_bypass str: SSL forward Proxy Bypass (enabled / disabled)
ssl_sign_hash str: SSL sign hash (any, sha1, sha256, sha384)
strict_resume str: Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
tm_options List[str]
unclean_shutdown str: Unclean Shutdown (enabled / disabled)

Outputs

All input properties are implicitly available as output properties. Additionally, the ProfileClientSsl resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing ProfileClientSsl Resource

Get an existing ProfileClientSsl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ProfileClientSslState, opts?: CustomResourceOptions): ProfileClientSsl

static get(resource_name, id, opts=None, alert_timeout=None, allow_non_ssl=None, authenticate=None, authenticate_depth=None, ca_file=None, cache_size=None, cache_timeout=None, cert=None, cert_extension_includes=None, cert_key_chains=None, cert_life_span=None, cert_lookup_by_ipaddr_port=None, chain=None, ciphers=None, client_cert_ca=None, crl_file=None, defaults_from=None, forward_proxy_bypass_default_action=None, full_path=None, generation=None, generic_alert=None, handshake_timeout=None, inherit_cert_keychain=None, key=None, mod_ssl_methods=None, mode=None, name=None, partition=None, passphrase=None, peer_cert_mode=None, proxy_ca_cert=None, proxy_ca_key=None, proxy_ca_passphrase=None, proxy_ssl=None, proxy_ssl_passthrough=None, renegotiate_period=None, renegotiate_size=None, renegotiation=None, retain_certificate=None, secure_renegotiation=None, server_name=None, session_mirroring=None, session_ticket=None, sni_default=None, sni_require=None, ssl_forward_proxy=None, ssl_forward_proxy_bypass=None, ssl_sign_hash=None, strict_resume=None, tm_options=None, unclean_shutdown=None, __props__=None);

func GetProfileClientSsl(ctx *Context, name string, id IDInput, state *ProfileClientSslState, opts ...ResourceOption) (*ProfileClientSsl, error)

public static ProfileClientSsl Get(string name, Input<string> id, ProfileClientSslState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AlertTimeout string: Alert time out
AllowNonSsl string: Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
Authenticate string: Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
AuthenticateDepth int: Specifies the maximum number of certificates to be traversed in a client certificate chain
CaFile string: Client certificate file path. Default None.
CacheSize int: Cache size (sessions).
CacheTimeout int: Cache time out
Cert string: Specifies a cert name for use.
CertExtensionIncludes List<string>: Cert extension includes for ssl forward proxy
CertKeyChains List<Pulumi.F5BigIP.Ltm.Inputs.ProfileClientSslCertKeyChainArgs>
CertLifeSpan int: Life span of the certificate in days for ssl forward proxy
CertLookupByIpaddrPort string: Cert lookup by ip address and port enabled / disabled
Chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
Ciphers string: Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
ClientCertCa string: client certificate name
CrlFile string: Certificate revocation file name
DefaultsFrom string: The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is the clientssl parent on the Common partition.
ForwardProxyBypassDefaultAction string: Forward proxy bypass default action. (enabled / disabled)
FullPath string: full path of the profile
Generation int: generation
GenericAlert string: Generic alerts enabled / disabled.
HandshakeTimeout string: Handshake time out (seconds)
InheritCertKeychain string: Inherit cert key chain
Key string: Contains a key name
ModSslMethods string: ModSSL Methods enabled / disabled. Default is disabled.
Mode string: ModSSL Methods enabled / disabled. Default is disabled.
Name string: Specifies the name of the profile. (type string)
Partition string: Device partition to manage resources on.
Passphrase string: Client Certificate Constrained Delegation CA passphrase
PeerCertMode string: Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
ProxyCaCert string: Proxy CA Cert
ProxyCaKey string: Proxy CA Key
ProxyCaPassphrase string: Proxy CA Passphrase
ProxySsl string: Proxy SSL enabled / disabled. Default is disabled.
ProxySslPassthrough string: Proxy SSL passthrough enabled / disabled. Default is disabled.
RenegotiatePeriod string: Renogotiate Period (seconds)
RenegotiateSize string: Renogotiate Size
Renegotiation string: Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
RetainCertificate string: When true, client certificate is retained in SSL session.
SecureRenegotiation string: Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
ServerName string: Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
SessionMirroring string: Session Mirroring (enabled / disabled)
SessionTicket string: Session Ticket (enabled / disabled)
SniDefault string: Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
SniRequire string: Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
SslForwardProxy string: SSL forward Proxy (enabled / disabled)
SslForwardProxyBypass string: SSL forward Proxy Bypass (enabled / disabled)
SslSignHash string: SSL sign hash (any, sha1, sha256, sha384)
StrictResume string: Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
TmOptions List<string>
UncleanShutdown string: Unclean Shutdown (enabled / disabled)

AlertTimeout string: Alert time out
AllowNonSsl string: Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
Authenticate string: Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
AuthenticateDepth int: Specifies the maximum number of certificates to be traversed in a client certificate chain
CaFile string: Client certificate file path. Default None.
CacheSize int: Cache size (sessions).
CacheTimeout int: Cache time out
Cert string: Specifies a cert name for use.
CertExtensionIncludes []string: Cert extension includes for ssl forward proxy
CertKeyChains []ProfileClientSslCertKeyChain
CertLifeSpan int: Life span of the certificate in days for ssl forward proxy
CertLookupByIpaddrPort string: Cert lookup by ip address and port enabled / disabled
Chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
Ciphers string: Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
ClientCertCa string: client certificate name
CrlFile string: Certificate revocation file name
DefaultsFrom string: The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is the clientssl parent on the Common partition.
ForwardProxyBypassDefaultAction string: Forward proxy bypass default action. (enabled / disabled)
FullPath string: full path of the profile
Generation int: generation
GenericAlert string: Generic alerts enabled / disabled.
HandshakeTimeout string: Handshake time out (seconds)
InheritCertKeychain string: Inherit cert key chain
Key string: Contains a key name
ModSslMethods string: ModSSL Methods enabled / disabled. Default is disabled.
Mode string: ModSSL Methods enabled / disabled. Default is disabled.
Name string: Specifies the name of the profile. (type string)
Partition string: Device partition to manage resources on.
Passphrase string: Client Certificate Constrained Delegation CA passphrase
PeerCertMode string: Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
ProxyCaCert string: Proxy CA Cert
ProxyCaKey string: Proxy CA Key
ProxyCaPassphrase string: Proxy CA Passphrase
ProxySsl string: Proxy SSL enabled / disabled. Default is disabled.
ProxySslPassthrough string: Proxy SSL passthrough enabled / disabled. Default is disabled.
RenegotiatePeriod string: Renogotiate Period (seconds)
RenegotiateSize string: Renogotiate Size
Renegotiation string: Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
RetainCertificate string: When true, client certificate is retained in SSL session.
SecureRenegotiation string: Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
ServerName string: Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
SessionMirroring string: Session Mirroring (enabled / disabled)
SessionTicket string: Session Ticket (enabled / disabled)
SniDefault string: Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
SniRequire string: Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
SslForwardProxy string: SSL forward Proxy (enabled / disabled)
SslForwardProxyBypass string: SSL forward Proxy Bypass (enabled / disabled)
SslSignHash string: SSL sign hash (any, sha1, sha256, sha384)
StrictResume string: Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
TmOptions []string
UncleanShutdown string: Unclean Shutdown (enabled / disabled)

alertTimeout string: Alert time out
allowNonSsl string: Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
authenticate string: Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
authenticateDepth number: Specifies the maximum number of certificates to be traversed in a client certificate chain
caFile string: Client certificate file path. Default None.
cacheSize number: Cache size (sessions).
cacheTimeout number: Cache time out
cert string: Specifies a cert name for use.
certExtensionIncludes string[]: Cert extension includes for ssl forward proxy
certKeyChains ProfileClientSslCertKeyChain[]
certLifeSpan number: Life span of the certificate in days for ssl forward proxy
certLookupByIpaddrPort string: Cert lookup by ip address and port enabled / disabled
chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
ciphers string: Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
clientCertCa string: client certificate name
crlFile string: Certificate revocation file name
defaultsFrom string: The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is the clientssl parent on the Common partition.
forwardProxyBypassDefaultAction string: Forward proxy bypass default action. (enabled / disabled)
fullPath string: full path of the profile
generation number: generation
genericAlert string: Generic alerts enabled / disabled.
handshakeTimeout string: Handshake time out (seconds)
inheritCertKeychain string: Inherit cert key chain
key string: Contains a key name
modSslMethods string: ModSSL Methods enabled / disabled. Default is disabled.
mode string: ModSSL Methods enabled / disabled. Default is disabled.
name string: Specifies the name of the profile. (type string)
partition string: Device partition to manage resources on.
passphrase string: Client Certificate Constrained Delegation CA passphrase
peerCertMode string: Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
proxyCaCert string: Proxy CA Cert
proxyCaKey string: Proxy CA Key
proxyCaPassphrase string: Proxy CA Passphrase
proxySsl string: Proxy SSL enabled / disabled. Default is disabled.
proxySslPassthrough string: Proxy SSL passthrough enabled / disabled. Default is disabled.
renegotiatePeriod string: Renogotiate Period (seconds)
renegotiateSize string: Renogotiate Size
renegotiation string: Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
retainCertificate string: When true, client certificate is retained in SSL session.
secureRenegotiation string: Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
serverName string: Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
sessionMirroring string: Session Mirroring (enabled / disabled)
sessionTicket string: Session Ticket (enabled / disabled)
sniDefault string: Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
sniRequire string: Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
sslForwardProxy string: SSL forward Proxy (enabled / disabled)
sslForwardProxyBypass string: SSL forward Proxy Bypass (enabled / disabled)
sslSignHash string: SSL sign hash (any, sha1, sha256, sha384)
strictResume string: Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
tmOptions string[]
uncleanShutdown string: Unclean Shutdown (enabled / disabled)

alert_timeout str: Alert time out
allow_non_ssl str: Enables or disables acceptance of non-SSL connections, When creating a new profile, the setting is provided by the parent profile
authenticate str: Specifies the frequency of client authentication for an SSL session.When once,specifies that the system authenticates the client once for an SSL session. When always, specifies that the system authenticates the client once for an SSL session and also upon reuse of that session.
authenticate_depth float: Specifies the maximum number of certificates to be traversed in a client certificate chain
ca_file str: Client certificate file path. Default None.
cache_size float: Cache size (sessions).
cache_timeout float: Cache time out
cert str: Specifies a cert name for use.
cert_extension_includes List[str]: Cert extension includes for ssl forward proxy
cert_key_chains List[ProfileClientSslCertKeyChain]
cert_life_span float: Life span of the certificate in days for ssl forward proxy
cert_lookup_by_ipaddr_port str: Cert lookup by ip address and port enabled / disabled
chain str: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
ciphers str: Specifies the list of ciphers that the system supports. When creating a new profile, the default cipher list is provided by the parent profile.
client_cert_ca str: client certificate name
crl_file str: Certificate revocation file name
defaults_from str: The parent template of this monitor template. Once this value has been set, it cannot be changed. By default, this value is the clientssl parent on the Common partition.
forward_proxy_bypass_default_action str: Forward proxy bypass default action. (enabled / disabled)
full_path str: full path of the profile
generation float: generation
generic_alert str: Generic alerts enabled / disabled.
handshake_timeout str: Handshake time out (seconds)
inherit_cert_keychain str: Inherit cert key chain
key str: Contains a key name
mod_ssl_methods str: ModSSL Methods enabled / disabled. Default is disabled.
mode str: ModSSL Methods enabled / disabled. Default is disabled.
name str: Specifies the name of the profile. (type string)
partition str: Device partition to manage resources on.
passphrase str: Client Certificate Constrained Delegation CA passphrase
peer_cert_mode str: Specifies the way the system handles client certificates.When ignore, specifies that the system ignores certificates from client systems.When require, specifies that the system requires a client to present a valid certificate.When request, specifies that the system requests a valid certificate from a client but always authenticate the client.
proxy_ca_cert str: Proxy CA Cert
proxy_ca_key str: Proxy CA Key
proxy_ca_passphrase str: Proxy CA Passphrase
proxy_ssl str: Proxy SSL enabled / disabled. Default is disabled.
proxy_ssl_passthrough str: Proxy SSL passthrough enabled / disabled. Default is disabled.
renegotiate_period str: Renogotiate Period (seconds)
renegotiate_size str: Renogotiate Size
renegotiation str: Enables or disables SSL renegotiation.When creating a new profile, the setting is provided by the parent profile
retain_certificate str: When true, client certificate is retained in SSL session.
secure_renegotiation str: Specifies the method of secure renegotiations for SSL connections. When creating a new profile, the setting is provided by the parent profile. When request is set the system request secure renegotation of SSL connections. require is a default setting and when set the system permits initial SSL handshakes from clients but terminates renegotiations from unpatched clients. The require-strict setting the system requires strict renegotiation of SSL connections. In this mode the system refuses connections to insecure servers, and terminates existing SSL connections to insecure servers
server_name str: Specifies the fully qualified DNS hostname of the server used in Server Name Indication communications. When creating a new profile, the setting is provided by the parent profile.The server name can also be a wildcard string containing the asterisk * character.
session_mirroring str: Session Mirroring (enabled / disabled)
session_ticket str: Session Ticket (enabled / disabled)
sni_default str: Indicates that the system uses this profile as the default SSL profile when there is no match to the server name, or when the client provides no SNI extension support.When creating a new profile, the setting is provided by the parent profile. There can be only one SSL profile with this setting enabled.
sni_require str: Requires that the network peers also provide SNI support, this setting only takes effect when sni_default is set to true.When creating a new profile, the setting is provided by the parent profile
ssl_forward_proxy str: SSL forward Proxy (enabled / disabled)
ssl_forward_proxy_bypass str: SSL forward Proxy Bypass (enabled / disabled)
ssl_sign_hash str: SSL sign hash (any, sha1, sha256, sha384)
strict_resume str: Enables or disables the resumption of SSL sessions after an unclean shutdown.When creating a new profile, the setting is provided by the parent profile.
tm_options List[str]
unclean_shutdown str: Unclean Shutdown (enabled / disabled)

Supporting Types

ProfileClientSslCertKeyChain

See the input and output API doc for this type.

Cert string: Specifies a cert name for use.
Chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
Key string: Contains a key name
Name string: Specifies the name of the profile. (type string)
Passphrase string

Cert string: Specifies a cert name for use.
Chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
Key string: Contains a key name
Name string: Specifies the name of the profile. (type string)
Passphrase string

cert string: Specifies a cert name for use.
chain string: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
key string: Contains a key name
name string: Specifies the name of the profile. (type string)
passphrase string

cert str: Specifies a cert name for use.
chain str: Contains a certificate chain that is relevant to the certificate and key mentioned earlier.This key is optional
key str: Contains a key name
name str: Specifies the name of the profile. (type string)
passphrase str

Package Details

Repository: https://github.com/pulumi/pulumi-f5bigip
License: Apache-2.0
Notes: This Pulumi package is based on the bigip Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud