addExternalCACertificate
The addExternalCACertificate operation handles configuration related to ExternalCACertificate model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| name | True | string | A mandatory UTF string containing the name for the certificate. The string can be up to 128 characters. The name is used in the configuration as an object name only, it is not part of the certificate itself. | |||
| cert | False | string | PEM formatted X.509v3 certificate. | |||
| privateKey | False | string | PEM formatted private key. Only unencrypted keys are supported. | |||
| passPhrase | False | string | Password used for encrypted private key. Encrypted keys are not supported yet. | |||
| issuerCommonName | False | string | Common Name, typically product name/brand, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerCountry | False | string | An ISO3166 two character country code of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerLocality | False | string | Locality, city name, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerOrganization | False | string | Organization, company name, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerOrganizationUnit | False | string | The Organization Unit, division or unit, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerState | False | string | State or the province of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectCommonName | False | string | Common Name, typically product name/brand, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectCountry | False | string | An ISO3166 two character country code of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectDistinguishedName | False | string | A DN (Distinguished Name) defining the entity (subject) being certified or authenticated in the given certificate. For a root certificate the issuer and subject will be the same DN. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectLocality | False | string | Locality, city name, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectOrganization | False | string | Organization, company name, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectOrganizationUnit | False | string | The Organization Unit, division or unit, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectState | False | string | State or the province of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validityStartDate | False | string | UTC formatted begin date, for the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validityEndDate | False | string | UTC formatted end or expiry date for the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validationUsage | False | [object] | ||||
| isSystemDefined | False | boolean | A boolean value, TRUE and FALSE (the default). The TRUE value indicates that certificate is created by system and cannot be deleted. FALSE indicates that the certificate can be deleted. | |||
| keyType | False | string | ||||
| keySize | False | integer | ||||
| allowWeakCert | False | boolean | ||||
| signatureHashType | False | string | ||||
| revocationCheck | True | string | Revocation checking options include "CRL" - perform CRL revocation checking "OCSP" - perform OCSP revocation checking "CRL_OCSP" - perform CRL revocation checking if possible, else use OCSP "OCSP_CRL" - perform OCSP revocation checking if possible, else use CRL "NONE" - Do not perform revocation checking (default) Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| crlCacheTime | True | integer | Specifies the refresh time in minutes for the CRL cache range (1-1440), 60(default) Field level constraints: cannot be null, must be between 1 and 1440 (inclusive). (Note: Additional constraints might exist) |
|||
| disableOcspNonce | True | boolean | A boolean value, False(default) indicates to include a nonce (random value) in all of the OCSP requests for security from OCSP replay attacks. True indicates to disable adding nonce Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| weakCertificate | False | boolean | ||||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Example
- name: Execute 'addExternalCACertificate' operation
ftd_configuration:
operation: "addExternalCACertificate"
data:
name: "{{ name }}"
cert: "{{ cert }}"
privateKey: "{{ private_key }}"
passPhrase: "{{ pass_phrase }}"
issuerCommonName: "{{ issuer_common_name }}"
issuerCountry: "{{ issuer_country }}"
issuerLocality: "{{ issuer_locality }}"
issuerOrganization: "{{ issuer_organization }}"
issuerOrganizationUnit: "{{ issuer_organization_unit }}"
issuerState: "{{ issuer_state }}"
subjectCommonName: "{{ subject_common_name }}"
subjectCountry: "{{ subject_country }}"
subjectDistinguishedName: "{{ subject_distinguished_name }}"
subjectLocality: "{{ subject_locality }}"
subjectOrganization: "{{ subject_organization }}"
subjectOrganizationUnit: "{{ subject_organization_unit }}"
subjectState: "{{ subject_state }}"
validityStartDate: "{{ validity_start_date }}"
validityEndDate: "{{ validity_end_date }}"
validationUsage: "{{ validation_usage }}"
isSystemDefined: "{{ is_system_defined }}"
keyType: "{{ key_type }}"
keySize: "{{ key_size }}"
allowWeakCert: "{{ allow_weak_cert }}"
signatureHashType: "{{ signature_hash_type }}"
revocationCheck: "{{ revocation_check }}"
crlCacheTime: "{{ crl_cache_time }}"
disableOcspNonce: "{{ disable_ocsp_nonce }}"
weakCertificate: "{{ weak_certificate }}"
type: "{{ type }}"