editExternalCACertificate
The editExternalCACertificate operation handles configuration related to ExternalCACertificate model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| name | True | string | A mandatory UTF string containing the name for the certificate. The string can be up to 128 characters. The name is used in the configuration as an object name only, it is not part of the certificate itself. | |||
| cert | False | string | PEM formatted X.509v3 certificate. | |||
| privateKey | False | string | PEM formatted private key. Only unencrypted keys are supported. | |||
| passPhrase | False | string | Password used for encrypted private key. Encrypted keys are not supported yet. | |||
| issuerCommonName | False | string | Common Name, typically product name/brand, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerCountry | False | string | An ISO3166 two character country code of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerLocality | False | string | Locality, city name, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerOrganization | False | string | Organization, company name, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerOrganizationUnit | False | string | The Organization Unit, division or unit, of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| issuerState | False | string | State or the province of the Authority (issuer) that signed and issued the certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectCommonName | False | string | Common Name, typically product name/brand, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectCountry | False | string | An ISO3166 two character country code of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectDistinguishedName | False | string | A DN (Distinguished Name) defining the entity (subject) being certified or authenticated in the given certificate. For a root certificate the issuer and subject will be the same DN. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectLocality | False | string | Locality, city name, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectOrganization | False | string | Organization, company name, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectOrganizationUnit | False | string | The Organization Unit, division or unit, of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| subjectState | False | string | State or the province of the entity (subject) being certified or authenticated in the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validityStartDate | False | string | UTC formatted begin date, for the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validityEndDate | False | string | UTC formatted end or expiry date for the given certificate. This is automatically extracted from the uploaded certificate. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| validationUsage | False | [object] | ||||
| isSystemDefined | False | boolean | A boolean value, TRUE and FALSE (the default). The TRUE value indicates that certificate is created by system and cannot be deleted. FALSE indicates that the certificate can be deleted. | |||
| keyType | False | string | ||||
| keySize | False | integer | ||||
| allowWeakCert | False | boolean | ||||
| signatureHashType | False | string | ||||
| revocationCheck | True | string | Revocation checking options include "CRL" - perform CRL revocation checking "OCSP" - perform OCSP revocation checking "CRL_OCSP" - perform CRL revocation checking if possible, else use OCSP "OCSP_CRL" - perform OCSP revocation checking if possible, else use CRL "NONE" - Do not perform revocation checking (default) Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| crlCacheTime | True | integer | Specifies the refresh time in minutes for the CRL cache range (1-1440), 60(default) Field level constraints: cannot be null, must be between 1 and 1440 (inclusive). (Note: Additional constraints might exist) |
|||
| disableOcspNonce | True | boolean | A boolean value, False(default) indicates to include a nonce (random value) in all of the OCSP requests for security from OCSP replay attacks. True indicates to disable adding nonce Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| weakCertificate | False | boolean | ||||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Path Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| objId | True | string | ||||
Example
- name: Execute 'editExternalCACertificate' operation
ftd_configuration:
operation: "editExternalCACertificate"
data:
version: "{{ version }}"
name: "{{ name }}"
cert: "{{ cert }}"
privateKey: "{{ private_key }}"
passPhrase: "{{ pass_phrase }}"
issuerCommonName: "{{ issuer_common_name }}"
issuerCountry: "{{ issuer_country }}"
issuerLocality: "{{ issuer_locality }}"
issuerOrganization: "{{ issuer_organization }}"
issuerOrganizationUnit: "{{ issuer_organization_unit }}"
issuerState: "{{ issuer_state }}"
subjectCommonName: "{{ subject_common_name }}"
subjectCountry: "{{ subject_country }}"
subjectDistinguishedName: "{{ subject_distinguished_name }}"
subjectLocality: "{{ subject_locality }}"
subjectOrganization: "{{ subject_organization }}"
subjectOrganizationUnit: "{{ subject_organization_unit }}"
subjectState: "{{ subject_state }}"
validityStartDate: "{{ validity_start_date }}"
validityEndDate: "{{ validity_end_date }}"
validationUsage: "{{ validation_usage }}"
isSystemDefined: "{{ is_system_defined }}"
keyType: "{{ key_type }}"
keySize: "{{ key_size }}"
allowWeakCert: "{{ allow_weak_cert }}"
signatureHashType: "{{ signature_hash_type }}"
revocationCheck: "{{ revocation_check }}"
crlCacheTime: "{{ crl_cache_time }}"
disableOcspNonce: "{{ disable_ocsp_nonce }}"
weakCertificate: "{{ weak_certificate }}"
id: "{{ id }}"
type: "{{ type }}"
path_params:
objId: "{{ obj_id }}"