CertificateStatus
Description
An object that defines SSL decryption rule traffic matching criteria based on the status of the certificate presented in the SSL transaction for a connection. Refer to this object from an SSLRule object. (Note: The field level constraints listed here might not cover all the constraints on the field. Additional constraints might exist.)
Model Properties
| Property | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| isValid | True | string | An enum value that determines if traffic is matched based on the validity of the server certificate. Possible values are: YES - A connection matches the rule only if the certificate is valid. A certificate is considered valid if all of the following conditions are met, otherwise it is invalid: • The policy trusts the CA that issued the certificate. • The certificate’s signature can be properly validated against the certificate’s content. • The issuer CA certificate is stored in the policy’s list of trusted CA certificates. • None of the policy’s trusted CAs revoked the certificate. • The current date is between the certificate Valid From and Valid To dates. NO - A connection matches the rule only if the certificate is invalid. Certificates are considered invalid if any criteria for validity are not met. ANY (the default) - Do not match connections based on whether the server certificate is valid. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| isSelfSigned | True | string | An enum value that determines if traffic is matched based on whether the server certificate is self-signed. Possible values are: YES - A connection matches the rule if the server certificate contains the same subject and issuer distinguished name. NO - A connection matches the rule only if the server certificate contains different subject and issuer distinguished names, that is, the issuer is a Certificate Authority (CA). ANY (the default) - Do not match connections based on whether the server certificate is self-signed. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||