a10_slb_template_server_ssl

Synopsis

Server Side SSL Template

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

name

str/required

Server SSL Template Name

ca_certs

list

Field ca_certs

ca_cert

str

Specify CA certificate

ca_cert_partition_shared

bool

CA Certificate Partition Shared

server_ocsp_srvr

str

Specify authentication server

server_ocsp_sg

str

Specify service-group (Service group name)

server_name

str

Specify Server Name

crl_certs

list

Field crl_certs

crl

str

Certificate Revocation Lists (Certificate Revocation Lists file name)

crl_partition_shared

bool

Certificate Revocation Lists Partition Shared

cipher_without_prio_list

list

Field cipher_without_prio_list

cipher_wo_prio

str

‘SSL3_RSA_DES_192_CBC3_SHA’= SSL3_RSA_DES_192_CBC3_SHA; ‘SSL3_RSA_RC4_128_MD5’= SSL3_RSA_RC4_128_MD5; ‘SSL3_RSA_RC4_128_SHA’= SSL3_RSA_RC4_128_SHA; ‘TLS1_RSA_AES_128_SHA’= TLS1_RSA_AES_128_SHA; ‘TLS1_RSA_AES_256_SHA’= TLS1_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_SHA256’= TLS1_RSA_AES_128_SHA256; ‘TLS1_RSA_AES_256_SHA256’= TLS1_RSA_AES_256_SHA256; ‘TLS1_DHE_RSA_AES_128_GCM_SHA256’= TLS1_DHE_RSA_AES_128_GCM_SHA256; ‘TLS1_DHE_RSA_AES_128_SHA’= TLS1_DHE_RSA_AES_128_SHA; ‘TLS1_DHE_RSA_AES_128_SHA256’= TLS1_DHE_RSA_AES_128_SHA256; ‘TLS1_DHE_RSA_AES_256_GCM_SHA384’= TLS1_DHE_RSA_AES_256_GCM_SHA384; ‘TLS1_DHE_RSA_AES_256_SHA’= TLS1_DHE_RSA_AES_256_SHA; ‘TLS1_DHE_RSA_AES_256_SHA256’= TLS1_DHE_RSA_AES_256_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256’= TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_ECDSA_AES_128_SHA’= TLS1_ECDHE_ECDSA_AES_128_SHA; ‘TLS1_ECDHE_ECDSA_AES_128_SHA256’= TLS1_ECDHE_ECDSA_AES_128_SHA256; ‘TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384’= TLS1_ECDHE_ECDSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA’= TLS1_ECDHE_ECDSA_AES_256_SHA; ‘TLS1_ECDHE_RSA_AES_128_GCM_SHA256’= TLS1_ECDHE_RSA_AES_128_GCM_SHA256; ‘TLS1_ECDHE_RSA_AES_128_SHA’= TLS1_ECDHE_RSA_AES_128_SHA; ‘TLS1_ECDHE_RSA_AES_128_SHA256’= TLS1_ECDHE_RSA_AES_128_SHA256; ‘TLS1_ECDHE_RSA_AES_256_GCM_SHA384’= TLS1_ECDHE_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA’= TLS1_ECDHE_RSA_AES_256_SHA; ‘TLS1_RSA_AES_128_GCM_SHA256’= TLS1_RSA_AES_128_GCM_SHA256; ‘TLS1_RSA_AES_256_GCM_SHA384’= TLS1_RSA_AES_256_GCM_SHA384; ‘TLS1_ECDHE_RSA_AES_256_SHA384’= TLS1_ECDHE_RSA_AES_256_SHA384; ‘TLS1_ECDHE_ECDSA_AES_256_SHA384’= TLS1_ECDHE_ECDSA_AES_256_SHA384; ‘TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256’= TLS1_ECDHE_RSA_CHACHA20_POLY1305_SHA256; ‘TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256’= TLS1_ECDHE_ECDSA_CHACHA20_POLY1305_SHA256; ‘TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256’= TLS1_DHE_RSA_CHACHA20_POLY1305_SHA256;

dh_type

str

‘1024’= 1024; ‘1024-dsa’= 1024-dsa; ‘2048’= 2048;

ec_list

list

Field ec_list

ec

str

‘secp256r1’= X9_62_prime256v1; ‘secp384r1’= secp384r1;

enable_tls_alert_logging

bool

Enable TLS alert logging

alert_type

str

‘fatal’= Log fatal alerts;

handshake_logging_enable

bool

Enable SSL handshake logging

close_notify

bool

Send close notification when terminate connection

forward_proxy_enable

bool

Enable SSL forward proxy

session_ticket_enable

bool

Enable server side session ticket support

version

int

TLS/SSL version, default is the highest number supported (TLS/SSL version= 30-SSLv3.0, 31-TLSv1.0, 32-TLSv1.1, 33-TLSv1.2 and 34-TLSv1.3)

dgversion

int

Lower TLS/SSL version can be downgraded

server_certificate_error

list

Field server_certificate_error

error_type

str

‘email’= Notify the error via email; ‘ignore’= Ignore the error, which mean the connection can continue; ‘logging’= Log the error; ‘trap’= Notify the error by SNMP trap;

ssli_logging

bool

SSLi logging level, default is error logging only

sslilogging

str

‘disable’= Disable all logging; ‘all’= enable all logging(error, info);

ocsp_stapling

bool

Enable ocsp-stapling support

use_client_sni

bool

use client SNI

renegotiation_disable

bool

Disable SSL renegotiation

session_cache_size

int

Session Cache Size (Maximum cache size. Default value 0 (Session ID reuse disabled))

session_cache_timeout

int

Session Cache Timeout (Timeout value, in seconds. Default no timeout.)

cipher_template

str

Cipher Template Name

shared_partition_cipher_template

bool

Reference a cipher template from shared partition

template_cipher_shared

str

Cipher Template Name

enable_ssli_ftp_alg

int

Enable SSLi FTP over TLS support at which port

early_data

bool

Enable TLS 1.3 early data (0-RTT)

uuid

str

uuid of the object

user_tag

str

Customized tag

certificate

dict

Field certificate

cert

str

Certificate Name

key

str

Client private-key (Key Name)

passphrase

str

Password Phrase

encrypted

str

Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

shared

bool

Client Certificate and Key Partition Shared

uuid

str

uuid of the object

Examples


Return Values

modified_values (changed, dict, )

Values modified (or potential changes if using check_mode) as a result of task operation

axapi_calls (always, list, )

Sequential list of AXAPI calls made by the task

endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])

The AXAPI endpoint being accessed.

http_method (, str, [‘POST’, ‘GET’])

HTTP method being used by the primary task to interact with the AXAPI endpoint.

request_body (, complex, )

Params used to query the AXAPI

response_body (, complex, )

Response from the AXAPI

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks