slb template server-ssl

Configure the ACOS device to validate real servers based on their certificates. You can bind only one server-SSL template to a virtual port. However, you can bind the same server-SSL template to multiple ports.

server-ssl Specification

Type Collection
Object Key(s) name
Collection Name server-ssl-list
Collection URI /axapi/v3/slb/template/server-ssl/
Element Name server-ssl
Element URI /axapi/v3/slb/template/server-ssl/{name}
Element Attributes server-ssl_attributes
Schema server-ssl schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/slb/template/server-ssl/

server-ssl Attributes

Create List

POST

/axapi/v3/slb/template/server-ssl/

server-ssl Attributes

Get Object

GET

/axapi/v3/slb/template/server-ssl/{name}

server-ssl Attributes

Get List

GET

/axapi/v3/slb/template/server-ssl/

server-ssl-list

Modify Object

POST

/axapi/v3/slb/template/server-ssl/{name}

server-ssl Attributes

Replace Object

PUT

/axapi/v3/slb/template/server-ssl/{name}

server-ssl Attributes

Replace List

PUT

/axapi/v3/slb/template/server-ssl/

server-ssl-list

Delete Object

DELETE

/axapi/v3/slb/template/server-ssl/{name}

server-ssl Attributes

server-ssl-list

server-ssl-list is JSON List of server-ssl Attributes

server-ssl-list : [

server-ssl Attributes

alert-type

Description: ‘fatal’: Log fatal alerts;

Type: string

Supported Values: fatal

ca-certs

Description: ca-certs is a JSON List . Please see below for ca-certs

Type: List

cert

Description: Specifies the name of the certificate to use for terminating or initiating an SSL connection. The certificate must be installed on the ACOS device.

Type: string

cipher-template

Description: Cipher Template (Cipher Config Name)

Type: string

Mutual Exclusion: cipher-template and cipher-wo-prio are mutually exclusive

Reference Object: /axapi/v3/slb/template/cipher

cipher-without-prio-list

Description: cipher-without-prio-list is a JSON List . Please see below for cipher-without-prio-list

Type: List

close-notify

Description: Enables support for close notification (close_notify) alerts. When this option is enabled, the ACOS device sends a close_notify message when an SSL transaction ends, before sending a FIN. This behavior is required by certain types of applications, including PHP cgi.

The close notification option may not work if connection reuse is also configured on the same virtual port. In this case, when the server sends a FIN to the ACOS device, the ACOS device will not send a FIN followed by a close notification. Instead, the ACOS device will send a RST.

The Close Notify option can not be used along with the TCP-proxy template Force Delete Timeout option. Doing so may cause unexpected behavior.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

crl-certs

Description: crl-certs is a JSON List . Please see below for crl-certs

Type: List

dgversion

Description: Lower TLS/SSL version can be downgraded

Type: number

Range: 30-33

dh-type

Description: ‘1024’: 1024; ‘1024-dsa’: 1024-dsa; ‘2048’: 2048; ‘512’: 512;

Type: string

Supported Values: 1024, 1024-dsa, 2048, 512

ec-list

Description: ec-list is a JSON List . Please see below for ec-list

Type: List

enable-tls-alert-logging

Description: Enable TLS alert logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

encrypted

Description: Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

forward-proxy-enable

Description: Enable SSL Intercept support.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key

Description: Specifies the key for the certificate.

Type: string

name

Description: Name of the template.

Type: string

Format: string-rlx

Required: Yes

ocsp-stapling

Description: Enable ocsp-stapling support

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

passphrase

Description: Specifies the passphrase used to encrypt the key.

Type: string

Format: password

server-certificate-error

Description: server-certificate-error is a JSON List . Please see below for server-certificate-error

Type: List

session-cache-size

Description: Sets the maximum number of session-ID entries. If you set the size to 0, caching is disabled.

Type: number

Range: 0-128

session-cache-timeout

Description: Sets the maximum number of seconds a cache entry can remain unused before being removed from the cache, 1-7200 seconds. Cache entries age according to the ticket age time. The age time is not reset when a cache entry is used. After a client’s SSL ticket expires, they must complete an SSL handshake in order to set up the next secure session with ACOS.

Type: number

Range: 1-7200

session-ticket-enable

Description: Enables stateless SSL session ticketing.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

use-client-sni

Description: use client SNI

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

version

Description: Specifies the security version:

  • 30 – Secure Sockets Layer (SSL) v3.0
  • 31 – Transport Layer Security (TLS) v1.0
  • 32 – TLS v1.1
  • 33 – TLS v1.2

Type: number

Range: 30-33

crl-certs

Specification
Type list
Block object keys

crl

Description: Certificate Revocation Lists (Certificate Revocation Lists file name)

Type: string

ec-list

Specification
Type list
Block object keys

ec

Description: ‘secp256r1’: X9_62_prime256v1; ‘secp384r1’: secp384r1;

Type: string

Supported Values: secp256r1, secp384r1

server-certificate-error

Specification
Type list
Block object keys

error-type

Description: ‘email’: Notify the error via email; ‘ignore’: Ignore the error, which mean the connection can continue; ‘logging’: Log the error; ‘trap’: Notify the error by SNMP trap;

Type: string

Supported Values: email, ignore, logging, trap

ca-certs

Specification
Type list
Block object keys

ca-cert

Description: Specify CA certificate

Type: string

server-ocsp-sg

Description: Specify service-group (Service group name)

Type: string

Format: string-rlx

Reference Object: /axapi/v3/aam/authentication/service-group

server-ocsp-srvr

Description: Specify authentication server

Type: string

Format: string-rlx

Reference Object: /axapi/v3/aam/authentication/server/ocsp

cipher-without-prio-list

Specification
Type list
Block object keys

cipher-wo-prio

Description: ‘SSL3_RSA_DES_192_CBC3_SHA’: SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_DES_40_CBC_SHA’: SSL3_RSA_DES_40_CBC_SHA; ‘SSL3_RSA_DES_64_CBC_SHA’: SSL3_RSA_DES_64_CBC_SHA; ‘SSL3_RSA_RC4_128_MD5’: SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’: SSL3_RSA_RC4_128_SHA; ‘SSL3_RSA_RC4_40_MD5’: SSL3_RSA_RC4_40_MD5; ‘TLS1_RSA_AES_128_SHA’: TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’: TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_EXPORT1024_RC4_56_MD5’: TLS1_RSA_EXPORT1024_RC4_56_MD5; ‘TLS1_RSA_EXPORT1024_RC4_56_SHA’: TLS1_RSA_EXPORT1024_RC4_56_SHA; ‘TLS1_RSA_AES_128_SHA256’: TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’: TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’: TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’: TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’: TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’: TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’: TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’: TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’: TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’: TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’: TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’: TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’: TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’: TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’: TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’: TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’: TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’: TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’: TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’: TLS1_RSA_AES_256_GCM_SHA384;

Type: string

Supported Values: SSL3_RSA_DES_192_CBC3_SHA, SSL3_RSA_DES_40_CBC_SHA, SSL3_RSA_DES_64_CBC_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, SSL3_RSA_RC4_40_MD5, TLS1_RSA_AES_128_SHA, TLS1_RSA_AES_256_SHA, TLS1_RSA_EXPORT1024_RC4_56_MD5, TLS1_RSA_EXPORT1024_RC4_56_SHA, TLS1_RSA_AES_128_SHA256, TLS1_RSA_AES_256_SHA256, TLS1_DHE_RSA_AES_128_GCM_SHA256, TLS1_DHE_RSA_AES_128_SHA, TLS1_DHE_RSA_AES_128_SHA256, TLS1_DHE_RSA_AES_256_GCM_SHA384, TLS1_DHE_RSA_AES_256_SHA, TLS1_DHE_RSA_AES_256_SHA256, TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256, TLS1_ECDHE_ECDSA_AES_128_SHA, TLS1_ECDHE_ECDSA_AES_128_SHA256, TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384, TLS1_ECDHE_ECDSA_AES_256_SHA, TLS1_ECDHE_RSA_AES_128_GCM_SHA256, TLS1_ECDHE_RSA_AES_128_SHA, TLS1_ECDHE_RSA_AES_128_SHA256, TLS1_ECDHE_RSA_AES_256_GCM_SHA384, TLS1_ECDHE_RSA_AES_256_SHA, TLS1_RSA_AES_128_GCM_SHA256, TLS1_RSA_AES_256_GCM_SHA384

Mutual Exclusion: cipher-wo-prio and cipher-template are mutually exclusive