f5 BIG-IP v3.17.10, Apr 8 25

f5 BIG-IP v3.17.10 published on Tuesday, Apr 8, 2025 by Pulumi

f5bigip.sys.Ocsp

Explore with Pulumi AI

f5 BIG-IP v3.17.10 published on Tuesday, Apr 8, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as f5bigip from "@pulumi/f5bigip";

const test_ocsp = new f5bigip.sys.Ocsp("test-ocsp", {
    name: "/Uncommon/test-ocsp",
    proxyServerPool: "/Common/test-poolxyz",
    signerKey: "/Common/le-ssl",
    signerCert: "/Common/le-ssl",
    passphrase: "testabcdef",
});

import pulumi
import pulumi_f5bigip as f5bigip

test_ocsp = f5bigip.sys.Ocsp("test-ocsp",
    name="/Uncommon/test-ocsp",
    proxy_server_pool="/Common/test-poolxyz",
    signer_key="/Common/le-ssl",
    signer_cert="/Common/le-ssl",
    passphrase="testabcdef")

package main

import (
	"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip/sys"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sys.NewOcsp(ctx, "test-ocsp", &sys.OcspArgs{
			Name:            pulumi.String("/Uncommon/test-ocsp"),
			ProxyServerPool: pulumi.String("/Common/test-poolxyz"),
			SignerKey:       pulumi.String("/Common/le-ssl"),
			SignerCert:      pulumi.String("/Common/le-ssl"),
			Passphrase:      pulumi.String("testabcdef"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using F5BigIP = Pulumi.F5BigIP;

return await Deployment.RunAsync(() => 
{
    var test_ocsp = new F5BigIP.Sys.Ocsp("test-ocsp", new()
    {
        Name = "/Uncommon/test-ocsp",
        ProxyServerPool = "/Common/test-poolxyz",
        SignerKey = "/Common/le-ssl",
        SignerCert = "/Common/le-ssl",
        Passphrase = "testabcdef",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.f5bigip.sys.Ocsp;
import com.pulumi.f5bigip.sys.OcspArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test_ocsp = new Ocsp("test-ocsp", OcspArgs.builder()
            .name("/Uncommon/test-ocsp")
            .proxyServerPool("/Common/test-poolxyz")
            .signerKey("/Common/le-ssl")
            .signerCert("/Common/le-ssl")
            .passphrase("testabcdef")
            .build());

    }
}

resources:
  test-ocsp:
    type: f5bigip:sys:Ocsp
    properties:
      name: /Uncommon/test-ocsp
      proxyServerPool: /Common/test-poolxyz
      signerKey: /Common/le-ssl
      signerCert: /Common/le-ssl
      passphrase: testabcdef

Create Ocsp Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new Ocsp(name: string, args: OcspArgs, opts?: CustomResourceOptions);

@overload
def Ocsp(resource_name: str,
         args: OcspArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def Ocsp(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         name: Optional[str] = None,
         proxy_server_pool: Optional[str] = None,
         passphrase: Optional[str] = None,
         concurrent_connections_limit: Optional[int] = None,
         connection_timeout: Optional[int] = None,
         responder_url: Optional[str] = None,
         cache_timeout: Optional[str] = None,
         clock_skew: Optional[int] = None,
         cache_error_timeout: Optional[int] = None,
         dns_resolver: Optional[str] = None,
         route_domain: Optional[str] = None,
         sign_hash: Optional[str] = None,
         signer_cert: Optional[str] = None,
         signer_key: Optional[str] = None,
         status_age: Optional[int] = None,
         strict_resp_cert_check: Optional[str] = None,
         trusted_responders: Optional[str] = None)

func NewOcsp(ctx *Context, name string, args OcspArgs, opts ...ResourceOption) (*Ocsp, error)

public Ocsp(string name, OcspArgs args, CustomResourceOptions? opts = null)

public Ocsp(String name, OcspArgs args)
public Ocsp(String name, OcspArgs args, CustomResourceOptions options)

type: f5bigip:sys:Ocsp
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args OcspArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args OcspArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OcspArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OcspArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args OcspArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var ocspResource = new F5BigIP.Sys.Ocsp("ocspResource", new()
{
    Name = "string",
    ProxyServerPool = "string",
    Passphrase = "string",
    ConcurrentConnectionsLimit = 0,
    ConnectionTimeout = 0,
    ResponderUrl = "string",
    CacheTimeout = "string",
    ClockSkew = 0,
    CacheErrorTimeout = 0,
    DnsResolver = "string",
    RouteDomain = "string",
    SignHash = "string",
    SignerCert = "string",
    SignerKey = "string",
    StatusAge = 0,
    StrictRespCertCheck = "string",
    TrustedResponders = "string",
});

example, err := sys.NewOcsp(ctx, "ocspResource", &sys.OcspArgs{
	Name:                       pulumi.String("string"),
	ProxyServerPool:            pulumi.String("string"),
	Passphrase:                 pulumi.String("string"),
	ConcurrentConnectionsLimit: pulumi.Int(0),
	ConnectionTimeout:          pulumi.Int(0),
	ResponderUrl:               pulumi.String("string"),
	CacheTimeout:               pulumi.String("string"),
	ClockSkew:                  pulumi.Int(0),
	CacheErrorTimeout:          pulumi.Int(0),
	DnsResolver:                pulumi.String("string"),
	RouteDomain:                pulumi.String("string"),
	SignHash:                   pulumi.String("string"),
	SignerCert:                 pulumi.String("string"),
	SignerKey:                  pulumi.String("string"),
	StatusAge:                  pulumi.Int(0),
	StrictRespCertCheck:        pulumi.String("string"),
	TrustedResponders:          pulumi.String("string"),
})

var ocspResource = new Ocsp("ocspResource", OcspArgs.builder()
    .name("string")
    .proxyServerPool("string")
    .passphrase("string")
    .concurrentConnectionsLimit(0)
    .connectionTimeout(0)
    .responderUrl("string")
    .cacheTimeout("string")
    .clockSkew(0)
    .cacheErrorTimeout(0)
    .dnsResolver("string")
    .routeDomain("string")
    .signHash("string")
    .signerCert("string")
    .signerKey("string")
    .statusAge(0)
    .strictRespCertCheck("string")
    .trustedResponders("string")
    .build());

ocsp_resource = f5bigip.sys.Ocsp("ocspResource",
    name="string",
    proxy_server_pool="string",
    passphrase="string",
    concurrent_connections_limit=0,
    connection_timeout=0,
    responder_url="string",
    cache_timeout="string",
    clock_skew=0,
    cache_error_timeout=0,
    dns_resolver="string",
    route_domain="string",
    sign_hash="string",
    signer_cert="string",
    signer_key="string",
    status_age=0,
    strict_resp_cert_check="string",
    trusted_responders="string")

const ocspResource = new f5bigip.sys.Ocsp("ocspResource", {
    name: "string",
    proxyServerPool: "string",
    passphrase: "string",
    concurrentConnectionsLimit: 0,
    connectionTimeout: 0,
    responderUrl: "string",
    cacheTimeout: "string",
    clockSkew: 0,
    cacheErrorTimeout: 0,
    dnsResolver: "string",
    routeDomain: "string",
    signHash: "string",
    signerCert: "string",
    signerKey: "string",
    statusAge: 0,
    strictRespCertCheck: "string",
    trustedResponders: "string",
});

type: f5bigip:sys:Ocsp
properties:
    cacheErrorTimeout: 0
    cacheTimeout: string
    clockSkew: 0
    concurrentConnectionsLimit: 0
    connectionTimeout: 0
    dnsResolver: string
    name: string
    passphrase: string
    proxyServerPool: string
    responderUrl: string
    routeDomain: string
    signHash: string
    signerCert: string
    signerKey: string
    statusAge: 0
    strictRespCertCheck: string
    trustedResponders: string

Ocsp Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Ocsp resource accepts the following input properties:

Name string: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
CacheErrorTimeout int: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
CacheTimeout string: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
ClockSkew int: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
ConcurrentConnectionsLimit int: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
ConnectionTimeout int: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
DnsResolver string: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
Passphrase string: Specifies a passphrase used to sign an OCSP request.
ProxyServerPool string: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
ResponderUrl string: Specifies the URL of the OCSP responder.
RouteDomain string: Specifies the route domain for the OCSP responder.
SignHash string: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
SignerCert string: Specifies the certificate used to sign the OCSP request.
SignerKey string: Specifies the key used to sign the OCSP request.
StatusAge int: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
StrictRespCertCheck string: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
TrustedResponders string: Specifies the certificates used for validating the OCSP response.

Name string: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
CacheErrorTimeout int: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
CacheTimeout string: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
ClockSkew int: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
ConcurrentConnectionsLimit int: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
ConnectionTimeout int: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
DnsResolver string: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
Passphrase string: Specifies a passphrase used to sign an OCSP request.
ProxyServerPool string: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
ResponderUrl string: Specifies the URL of the OCSP responder.
RouteDomain string: Specifies the route domain for the OCSP responder.
SignHash string: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
SignerCert string: Specifies the certificate used to sign the OCSP request.
SignerKey string: Specifies the key used to sign the OCSP request.
StatusAge int: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
StrictRespCertCheck string: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
TrustedResponders string: Specifies the certificates used for validating the OCSP response.

name String: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
cacheErrorTimeout Integer: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
cacheTimeout String: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
clockSkew Integer: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
concurrentConnectionsLimit Integer: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
connectionTimeout Integer: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
dnsResolver String: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
passphrase String: Specifies a passphrase used to sign an OCSP request.
proxyServerPool String: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
responderUrl String: Specifies the URL of the OCSP responder.
routeDomain String: Specifies the route domain for the OCSP responder.
signHash String: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
signerCert String: Specifies the certificate used to sign the OCSP request.
signerKey String: Specifies the key used to sign the OCSP request.
statusAge Integer: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
strictRespCertCheck String: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
trustedResponders String: Specifies the certificates used for validating the OCSP response.

name string: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
cacheErrorTimeout number: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
cacheTimeout string: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
clockSkew number: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
concurrentConnectionsLimit number: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
connectionTimeout number: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
dnsResolver string: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
passphrase string: Specifies a passphrase used to sign an OCSP request.
proxyServerPool string: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
responderUrl string: Specifies the URL of the OCSP responder.
routeDomain string: Specifies the route domain for the OCSP responder.
signHash string: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
signerCert string: Specifies the certificate used to sign the OCSP request.
signerKey string: Specifies the key used to sign the OCSP request.
statusAge number: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
strictRespCertCheck string: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
trustedResponders string: Specifies the certificates used for validating the OCSP response.

name str: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
cache_error_timeout int: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
cache_timeout str: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
clock_skew int: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
concurrent_connections_limit int: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
connection_timeout int: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
dns_resolver str: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
passphrase str: Specifies a passphrase used to sign an OCSP request.
proxy_server_pool str: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
responder_url str: Specifies the URL of the OCSP responder.
route_domain str: Specifies the route domain for the OCSP responder.
sign_hash str: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
signer_cert str: Specifies the certificate used to sign the OCSP request.
signer_key str: Specifies the key used to sign the OCSP request.
status_age int: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
strict_resp_cert_check str: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
trusted_responders str: Specifies the certificates used for validating the OCSP response.

name String: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
cacheErrorTimeout Number: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
cacheTimeout String: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
clockSkew Number: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
concurrentConnectionsLimit Number: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
connectionTimeout Number: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
dnsResolver String: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
passphrase String: Specifies a passphrase used to sign an OCSP request.
proxyServerPool String: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
responderUrl String: Specifies the URL of the OCSP responder.
routeDomain String: Specifies the route domain for the OCSP responder.
signHash String: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
signerCert String: Specifies the certificate used to sign the OCSP request.
signerKey String: Specifies the key used to sign the OCSP request.
statusAge Number: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
strictRespCertCheck String: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
trustedResponders String: Specifies the certificates used for validating the OCSP response.

Outputs

All input properties are implicitly available as output properties. Additionally, the Ocsp resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Ocsp Resource

Get an existing Ocsp resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: OcspState, opts?: CustomResourceOptions): Ocsp

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cache_error_timeout: Optional[int] = None,
        cache_timeout: Optional[str] = None,
        clock_skew: Optional[int] = None,
        concurrent_connections_limit: Optional[int] = None,
        connection_timeout: Optional[int] = None,
        dns_resolver: Optional[str] = None,
        name: Optional[str] = None,
        passphrase: Optional[str] = None,
        proxy_server_pool: Optional[str] = None,
        responder_url: Optional[str] = None,
        route_domain: Optional[str] = None,
        sign_hash: Optional[str] = None,
        signer_cert: Optional[str] = None,
        signer_key: Optional[str] = None,
        status_age: Optional[int] = None,
        strict_resp_cert_check: Optional[str] = None,
        trusted_responders: Optional[str] = None) -> Ocsp

func GetOcsp(ctx *Context, name string, id IDInput, state *OcspState, opts ...ResourceOption) (*Ocsp, error)

public static Ocsp Get(string name, Input<string> id, OcspState? state, CustomResourceOptions? opts = null)

public static Ocsp get(String name, Output<String> id, OcspState state, CustomResourceOptions options)

resources:  _:    type: f5bigip:sys:Ocsp    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CacheErrorTimeout int: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
CacheTimeout string: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
ClockSkew int: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
ConcurrentConnectionsLimit int: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
ConnectionTimeout int: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
DnsResolver string: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
Name string: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
Passphrase string: Specifies a passphrase used to sign an OCSP request.
ProxyServerPool string: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
ResponderUrl string: Specifies the URL of the OCSP responder.
RouteDomain string: Specifies the route domain for the OCSP responder.
SignHash string: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
SignerCert string: Specifies the certificate used to sign the OCSP request.
SignerKey string: Specifies the key used to sign the OCSP request.
StatusAge int: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
StrictRespCertCheck string: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
TrustedResponders string: Specifies the certificates used for validating the OCSP response.

CacheErrorTimeout int: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
CacheTimeout string: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
ClockSkew int: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
ConcurrentConnectionsLimit int: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
ConnectionTimeout int: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
DnsResolver string: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
Name string: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
Passphrase string: Specifies a passphrase used to sign an OCSP request.
ProxyServerPool string: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
ResponderUrl string: Specifies the URL of the OCSP responder.
RouteDomain string: Specifies the route domain for the OCSP responder.
SignHash string: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
SignerCert string: Specifies the certificate used to sign the OCSP request.
SignerKey string: Specifies the key used to sign the OCSP request.
StatusAge int: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
StrictRespCertCheck string: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
TrustedResponders string: Specifies the certificates used for validating the OCSP response.

cacheErrorTimeout Integer: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
cacheTimeout String: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
clockSkew Integer: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
concurrentConnectionsLimit Integer: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
connectionTimeout Integer: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
dnsResolver String: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
name String: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
passphrase String: Specifies a passphrase used to sign an OCSP request.
proxyServerPool String: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
responderUrl String: Specifies the URL of the OCSP responder.
routeDomain String: Specifies the route domain for the OCSP responder.
signHash String: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
signerCert String: Specifies the certificate used to sign the OCSP request.
signerKey String: Specifies the key used to sign the OCSP request.
statusAge Integer: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
strictRespCertCheck String: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
trustedResponders String: Specifies the certificates used for validating the OCSP response.

cacheErrorTimeout number: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
cacheTimeout string: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
clockSkew number: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
concurrentConnectionsLimit number: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
connectionTimeout number: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
dnsResolver string: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
name string: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
passphrase string: Specifies a passphrase used to sign an OCSP request.
proxyServerPool string: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
responderUrl string: Specifies the URL of the OCSP responder.
routeDomain string: Specifies the route domain for the OCSP responder.
signHash string: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
signerCert string: Specifies the certificate used to sign the OCSP request.
signerKey string: Specifies the key used to sign the OCSP request.
statusAge number: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
strictRespCertCheck string: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
trustedResponders string: Specifies the certificates used for validating the OCSP response.

cache_error_timeout int: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
cache_timeout str: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
clock_skew int: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
concurrent_connections_limit int: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
connection_timeout int: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
dns_resolver str: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
name str: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
passphrase str: Specifies a passphrase used to sign an OCSP request.
proxy_server_pool str: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
responder_url str: Specifies the URL of the OCSP responder.
route_domain str: Specifies the route domain for the OCSP responder.
sign_hash str: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
signer_cert str: Specifies the certificate used to sign the OCSP request.
signer_key str: Specifies the key used to sign the OCSP request.
status_age int: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
strict_resp_cert_check str: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
trusted_responders str: Specifies the certificates used for validating the OCSP response.

cacheErrorTimeout Number: Specifies the lifetime of an error response in the cache, in seconds. This value must be greater than connection_timeout. The default value is 3600.
cacheTimeout String: Specifies the lifetime of the OCSP response in the cache, in seconds. The default value is indefinite.
clockSkew Number: Specifies the time interval that the BIG-IP system allows for clock skew, in seconds. The default value is 300.
concurrentConnectionsLimit Number: Specifies the maximum number of connections per second allowed for the OCSP certificate validator. The default value is 50.
connectionTimeout Number: Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. The default value is 8.
dnsResolver String: Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response.
name String: Name of the OCSP Responder. Name should be in pattern /partition/ocsp_name.
passphrase String: Specifies a passphrase used to sign an OCSP request.
proxyServerPool String: Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response.
responderUrl String: Specifies the URL of the OCSP responder.
routeDomain String: Specifies the route domain for the OCSP responder.
signHash String: Specifies the hash algorithm used to sign the OCSP request. The default value is sha256.
signerCert String: Specifies the certificate used to sign the OCSP request.
signerKey String: Specifies the key used to sign the OCSP request.
statusAge Number: Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response, in seconds. The default value is 0.
strictRespCertCheck String: Specifies whether the responder's certificate is checked for an OCSP signing extension. The default value is enabled.
trustedResponders String: Specifies the certificates used for validating the OCSP response.

Import

ing

An existing OCSP can be imported into this resource by supplying the full path name ex : /partition/name An example is below:

$ terraform import bigip_sys_ocsp.test-ocsp /Common/test-ocsp

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: f5 BIG-IP pulumi/pulumi-f5bigip
License: Apache-2.0
Notes: This Pulumi package is based on the bigip Terraform Provider.

f5 BIG-IP v3.17.10 published on Tuesday, Apr 8, 2025 by Pulumi

pulumi/pulumi-f5bigip

f5bigip.sys.Ocsp

On this page

On this page

Example Usage

Create Ocsp Resource

Constructor syntax

Parameters

Constructor example

Ocsp Resource Properties

Inputs

Outputs

Look up Existing Ocsp Resource

Import

Package Details

On this page

On this page