This object represents an certificate authentication service.
References to certificate:authservice are object references. The name part of the Certificate authentication service object reference has the following components:
Example: certificate:authservice/ZG5zLm5ldHdvcmtfdmlldyQxMTk:Infoblox
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): name.
The following fields are required to create this object:
| Field | Notes |
|---|---|
| ca_certificates | |
| name |
Specifies the value of the client certificate for automatically populating the NIOS login name.
Type
String.
Create
The default value is S_DN_CN.
Search
The field is not available for search.
The list of CA certificates.
Type
A/An cacertificate object array.
This field supports nested return fields as described here.
Create
The field is required on creation.
Search
The field is not available for search.
The descriptive comment for the certificate authentication service.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is available for search via
Determines if this certificate authentication service is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if username/password authentication together with client certificate authentication is enabled or disabled.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
Determines if the lookup for user group membership information on remote services is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The number of validation attempts before the appliance contacts the next responder.
Type
Unsigned integer.
Create
The default value is 0.
Search
The field is not available for search.
The name of the certificate authentication service.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required on creation.
Search
The field is available for search via
Notes
The name is part of the base object.
Specifies the source of OCSP settings.
Type
String.
Create
The default value is MANUAL.
Search
The field is not available for search.
An ordered list of OCSP responders that are part of the certificate authentication service.
Type
A/An OCSP Responder struct array.
Create
The default value is undefined.
Search
The field is not available for search.
The period of time the appliance waits before it attempts to contact a responder that is out of service again. The value must be between 1 and 600 seconds.
Type
Unsigned integer.
Create
The default value is 30.
Search
The field is not available for search.
The password for the service account.
Type
String.
Create
The default value is empty.
Search
The field is not available for search.
Notes
remote_lookup_password is not readable.
The service that will be used for remote lookup.
Type
String.
This field supports nested return fields as described here.
Create
The default value is empty.
Search
The field is not available for search.
The username for the service account.
Type
String.
Create
The default value is empty.
Search
The field is not available for search.
The validation timeout period in milliseconds.
Type
Unsigned integer.
Create
The default value is 1000.
Search
The field is not available for search.
Use this function to test OCSP responder configuration.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
certificate_auth_service ( String. ) The certificate authentication service name.
ocsp_responder ( A/An OCSP Responder struct. ). This parameter is mandatory. The OCSP responder to test.
Output fields
result ( String. Valid values are: “CANNOT_RESOLVE_FQDN”, “CANNOT_CONNECT”, “FAILED_TEST”, “TEST_OK” ) The result of the OCSP responder settings testing.
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| auto_populate_login | String | N | N | N | N/A |
| ca_certificates | [obj] | Y | N | N | N/A |
| comment | String | N | N | N | : = ~ |
| disabled | Bool | N | N | N | N/A |
| enable_password_request | Bool | N | N | N | N/A |
| enable_remote_lookup | Bool | N | N | N | N/A |
| max_retries | Unsigned int | N | N | N | N/A |
| name | String | Y | N | Y | : = ~ |
| ocsp_check | String | N | N | N | N/A |
| ocsp_responders | [struct] | N | N | N | N/A |
| recovery_interval | Unsigned int | N | N | N | N/A |
| remote_lookup_password | String | N | N | N | N/A |
| remote_lookup_service | String | N | N | N | N/A |
| remote_lookup_username | String | N | N | N | N/A |
| response_timeout | Unsigned int | N | N | N | N/A |
| trust_model | String | N | N | N | N/A |
| user_match_type | String | N | N | N | N/A |
