Parameter |
Choices/Defaults |
Comments |
cache_error_timeout
integer
|
|
Specifies the lifetime of an error response in the cache, in seconds.
|
cache_timeout
string
|
|
Specifies the lifetime of the OCSP response in the cache, in seconds.
|
certificate
string
|
|
Specifies a certificate used to sign an OCSP request.
|
clock_skew
integer
|
|
Specifies the tolerable absolute difference in the clocks of the responder and the BIG-IP system, in seconds.
|
connection_timeout
integer
|
|
Specifies the time interval the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds.
|
connections_limit
integer
|
|
Specifies the maximum number of connections per second allowed for the OCSP certificate validator.
|
dns_resolver
string
|
|
Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
This involves specifying one or more DNS servers in the DNS resolver configuration.
Use this option when either there is a DNS server that can do the name-resolution of the OCSP responders, or the OCSP responder can be reached on one of BIG-IP system's interfaces.
|
hash_algorithm
string
|
|
Specifies a hash algorithm used to sign an OCSP request.
|
key
string
|
|
Specifies a key used to sign an OCSP request.
|
name
string
/ required
|
|
Specifies the name of the OCSP certificate validator.
|
partition
string
|
Default:
"Common"
|
Device partition to manage resources on.
|
passphrase
string
|
|
Specifies a passphrase used to sign an OCSP request.
|
provider
dictionary
added in 1.0.0 of f5networks.f5_modules
|
|
A dict object containing connection details.
|
|
auth_provider
string
|
|
Configures the auth provider for to obtain authentication tokens from the remote device.
This option is really used when working with BIG-IQ devices.
|
|
no_f5_teem
boolean
|
|
If yes , TEEM telemetry data is not sent to F5.
You may omit this option by setting the environment variable F5_TEEM .
|
|
password
string
/ required
|
|
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable F5_PASSWORD .
aliases: pass, pwd
|
|
server
string
/ required
|
|
The BIG-IP host.
You may omit this option by setting the environment variable F5_SERVER .
|
|
server_port
integer
|
Default:
443
|
The BIG-IP server port.
You may omit this option by setting the environment variable F5_SERVER_PORT .
|
|
timeout
integer
|
|
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
|
|
transport
string
|
|
Configures the transport connection to use when connecting to the remote device.
|
|
user
string
/ required
|
|
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable F5_USER .
|
|
validate_certs
boolean
|
|
If no , SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.
You may omit this option by setting the environment variable F5_VALIDATE_CERTS .
|
proxy_server_pool
string
|
|
Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
This involves creating a pool with proxy-servers.
Use this option when either the OCSP responder cannot be reached on any of BIG-IP system's interfaces, or one or more servers can proxy an HTTP request to an external server and fetch the response.
|
responder_url
string
|
|
Specifies the absolute URL that overrides the OCSP responder URL obtained from the certificate's AIA extensions. This should be an HTTP-based URL.
|
route_domain
string
|
|
Specifies the route domain for fetching an OCSP response using HTTP forward proxy.
|
state
string
|
Choices:
present ←
- absent
|
When present , ensures the resource exists.
When absent , ensures the resource does not exist.
|
status_age
integer
|
|
Specifies the maximum allowed lag time the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response.
|
strict_responder_checking
boolean
|
|
Specifies whether the responder's certificate is checked for an OCSP signing extension.
|
trusted_responders
string
|
|
Specifies the certificates used for validating the OCSP response when the responder's certificate has been omitted from the response.
|
update_password
string
|
Choices:
always ←
- on_create
|
always allows the user to update passwords. on_create only sets the password for newly created OCSP validators.
|