Fortios v0.0.6, Jul 9 24

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

fortios.vpn/certificate.Setting

Explore with Pulumi AI

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as fortios from "@pulumiverse/fortios";

const trname = new fortios.vpn.certificate.Setting("trname", {
    certnameDsa1024: "Fortinet_SSL_DSA1024",
    certnameDsa2048: "Fortinet_SSL_DSA2048",
    certnameEcdsa256: "Fortinet_SSL_ECDSA256",
    certnameEcdsa384: "Fortinet_SSL_ECDSA384",
    certnameRsa1024: "Fortinet_SSL_RSA1024",
    certnameRsa2048: "Fortinet_SSL_RSA2048",
    checkCaCert: "enable",
    checkCaChain: "disable",
    cmpSaveExtraCerts: "disable",
    cnMatch: "substring",
    ocspOption: "server",
    ocspStatus: "disable",
    sslMinProtoVersion: "default",
    strictCrlCheck: "disable",
    strictOcspCheck: "disable",
    subjectMatch: "substring",
});

import pulumi
import pulumiverse_fortios as fortios

trname = fortios.vpn.certificate.Setting("trname",
    certname_dsa1024="Fortinet_SSL_DSA1024",
    certname_dsa2048="Fortinet_SSL_DSA2048",
    certname_ecdsa256="Fortinet_SSL_ECDSA256",
    certname_ecdsa384="Fortinet_SSL_ECDSA384",
    certname_rsa1024="Fortinet_SSL_RSA1024",
    certname_rsa2048="Fortinet_SSL_RSA2048",
    check_ca_cert="enable",
    check_ca_chain="disable",
    cmp_save_extra_certs="disable",
    cn_match="substring",
    ocsp_option="server",
    ocsp_status="disable",
    ssl_min_proto_version="default",
    strict_crl_check="disable",
    strict_ocsp_check="disable",
    subject_match="substring")

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-fortios/sdk/go/fortios/vpn"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vpn.NewSetting(ctx, "trname", &vpn.SettingArgs{
			CertnameDsa1024:    pulumi.String("Fortinet_SSL_DSA1024"),
			CertnameDsa2048:    pulumi.String("Fortinet_SSL_DSA2048"),
			CertnameEcdsa256:   pulumi.String("Fortinet_SSL_ECDSA256"),
			CertnameEcdsa384:   pulumi.String("Fortinet_SSL_ECDSA384"),
			CertnameRsa1024:    pulumi.String("Fortinet_SSL_RSA1024"),
			CertnameRsa2048:    pulumi.String("Fortinet_SSL_RSA2048"),
			CheckCaCert:        pulumi.String("enable"),
			CheckCaChain:       pulumi.String("disable"),
			CmpSaveExtraCerts:  pulumi.String("disable"),
			CnMatch:            pulumi.String("substring"),
			OcspOption:         pulumi.String("server"),
			OcspStatus:         pulumi.String("disable"),
			SslMinProtoVersion: pulumi.String("default"),
			StrictCrlCheck:     pulumi.String("disable"),
			StrictOcspCheck:    pulumi.String("disable"),
			SubjectMatch:       pulumi.String("substring"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortios = Pulumiverse.Fortios;

return await Deployment.RunAsync(() => 
{
    var trname = new Fortios.Vpn.Certificate.Setting("trname", new()
    {
        CertnameDsa1024 = "Fortinet_SSL_DSA1024",
        CertnameDsa2048 = "Fortinet_SSL_DSA2048",
        CertnameEcdsa256 = "Fortinet_SSL_ECDSA256",
        CertnameEcdsa384 = "Fortinet_SSL_ECDSA384",
        CertnameRsa1024 = "Fortinet_SSL_RSA1024",
        CertnameRsa2048 = "Fortinet_SSL_RSA2048",
        CheckCaCert = "enable",
        CheckCaChain = "disable",
        CmpSaveExtraCerts = "disable",
        CnMatch = "substring",
        OcspOption = "server",
        OcspStatus = "disable",
        SslMinProtoVersion = "default",
        StrictCrlCheck = "disable",
        StrictOcspCheck = "disable",
        SubjectMatch = "substring",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortios.vpn.Setting;
import com.pulumi.fortios.vpn.SettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var trname = new Setting("trname", SettingArgs.builder()
            .certnameDsa1024("Fortinet_SSL_DSA1024")
            .certnameDsa2048("Fortinet_SSL_DSA2048")
            .certnameEcdsa256("Fortinet_SSL_ECDSA256")
            .certnameEcdsa384("Fortinet_SSL_ECDSA384")
            .certnameRsa1024("Fortinet_SSL_RSA1024")
            .certnameRsa2048("Fortinet_SSL_RSA2048")
            .checkCaCert("enable")
            .checkCaChain("disable")
            .cmpSaveExtraCerts("disable")
            .cnMatch("substring")
            .ocspOption("server")
            .ocspStatus("disable")
            .sslMinProtoVersion("default")
            .strictCrlCheck("disable")
            .strictOcspCheck("disable")
            .subjectMatch("substring")
            .build());

    }
}

resources:
  trname:
    type: fortios:vpn/certificate:Setting
    properties:
      certnameDsa1024: Fortinet_SSL_DSA1024
      certnameDsa2048: Fortinet_SSL_DSA2048
      certnameEcdsa256: Fortinet_SSL_ECDSA256
      certnameEcdsa384: Fortinet_SSL_ECDSA384
      certnameRsa1024: Fortinet_SSL_RSA1024
      certnameRsa2048: Fortinet_SSL_RSA2048
      checkCaCert: enable
      checkCaChain: disable
      cmpSaveExtraCerts: disable
      cnMatch: substring
      ocspOption: server
      ocspStatus: disable
      sslMinProtoVersion: default
      strictCrlCheck: disable
      strictOcspCheck: disable
      subjectMatch: substring

Create Setting Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new Setting(name: string, args: SettingArgs, opts?: CustomResourceOptions);

@overload
def Setting(resource_name: str,
            args: SettingArgs,
            opts: Optional[ResourceOptions] = None)

@overload
def Setting(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            certname_rsa1024: Optional[str] = None,
            certname_dsa1024: Optional[str] = None,
            certname_dsa2048: Optional[str] = None,
            certname_ecdsa256: Optional[str] = None,
            certname_ecdsa384: Optional[str] = None,
            certname_rsa2048: Optional[str] = None,
            get_all_tables: Optional[str] = None,
            ocsp_default_server: Optional[str] = None,
            certname_ed25519: Optional[str] = None,
            certname_ecdsa521: Optional[str] = None,
            certname_rsa4096: Optional[str] = None,
            check_ca_cert: Optional[str] = None,
            check_ca_chain: Optional[str] = None,
            cmp_key_usage_checking: Optional[str] = None,
            cmp_save_extra_certs: Optional[str] = None,
            cn_allow_multi: Optional[str] = None,
            cn_match: Optional[str] = None,
            crl_verification: Optional[SettingCrlVerificationArgs] = None,
            cert_expire_warning: Optional[int] = None,
            interface: Optional[str] = None,
            interface_select_method: Optional[str] = None,
            certname_ed448: Optional[str] = None,
            ocsp_option: Optional[str] = None,
            ocsp_status: Optional[str] = None,
            proxy: Optional[str] = None,
            proxy_password: Optional[str] = None,
            proxy_port: Optional[int] = None,
            proxy_username: Optional[str] = None,
            source_ip: Optional[str] = None,
            ssl_min_proto_version: Optional[str] = None,
            ssl_ocsp_source_ip: Optional[str] = None,
            strict_crl_check: Optional[str] = None,
            strict_ocsp_check: Optional[str] = None,
            subject_match: Optional[str] = None,
            subject_set: Optional[str] = None,
            vdomparam: Optional[str] = None)

func NewSetting(ctx *Context, name string, args SettingArgs, opts ...ResourceOption) (*Setting, error)

public Setting(string name, SettingArgs args, CustomResourceOptions? opts = null)

public Setting(String name, SettingArgs args)
public Setting(String name, SettingArgs args, CustomResourceOptions options)

type: fortios:vpn/certificate/setting:Setting
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SettingArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SettingArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SettingArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SettingArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SettingArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Setting Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Setting resource accepts the following input properties:

CertnameDsa1024 string: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
CertnameDsa2048 string: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa256 string: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa384 string: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa1024 string: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa2048 string: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
CertExpireWarning int: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
CertnameEcdsa521 string: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEd25519 string: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEd448 string: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa4096 string: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
CheckCaCert string: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
CheckCaChain string: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
CmpKeyUsageChecking string: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
CmpSaveExtraCerts string: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
CnAllowMulti string: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
CnMatch string: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
CrlVerification Pulumiverse.Fortios.Vpn.Certificate.Inputs.SettingCrlVerification: CRL verification options. The structure of crl_verification block is documented below.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
OcspDefaultServer string: Default OCSP server.
OcspOption string: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
OcspStatus string: Enable/disable receiving certificates using the OCSP.
Proxy string: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
ProxyPassword string: Proxy server password.
ProxyPort int: Proxy server port (1 - 65535, default = 8080).
ProxyUsername string: Proxy server user name.
SourceIp string: Source IP address for dynamic AIA and OCSP queries.
SslMinProtoVersion string: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
SslOcspSourceIp string: Source IP address to use to communicate with the OCSP server.
StrictCrlCheck string: Enable/disable strict mode CRL checking. Valid values: enable, disable.
StrictOcspCheck string: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
SubjectMatch string: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
SubjectSet string: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

CertnameDsa1024 string: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
CertnameDsa2048 string: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa256 string: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa384 string: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa1024 string: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa2048 string: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
CertExpireWarning int: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
CertnameEcdsa521 string: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEd25519 string: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEd448 string: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa4096 string: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
CheckCaCert string: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
CheckCaChain string: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
CmpKeyUsageChecking string: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
CmpSaveExtraCerts string: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
CnAllowMulti string: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
CnMatch string: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
CrlVerification SettingCrlVerificationArgs: CRL verification options. The structure of crl_verification block is documented below.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
OcspDefaultServer string: Default OCSP server.
OcspOption string: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
OcspStatus string: Enable/disable receiving certificates using the OCSP.
Proxy string: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
ProxyPassword string: Proxy server password.
ProxyPort int: Proxy server port (1 - 65535, default = 8080).
ProxyUsername string: Proxy server user name.
SourceIp string: Source IP address for dynamic AIA and OCSP queries.
SslMinProtoVersion string: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
SslOcspSourceIp string: Source IP address to use to communicate with the OCSP server.
StrictCrlCheck string: Enable/disable strict mode CRL checking. Valid values: enable, disable.
StrictOcspCheck string: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
SubjectMatch string: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
SubjectSet string: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

certnameDsa1024 String: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameDsa2048 String: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa256 String: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa384 String: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa1024 String: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa2048 String: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
certExpireWarning Integer: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
certnameEcdsa521 String: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd25519 String: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd448 String: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa4096 String: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
checkCaCert String: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
checkCaChain String: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
cmpKeyUsageChecking String: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
cmpSaveExtraCerts String: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
cnAllowMulti String: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
cnMatch String: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
crlVerification SettingCrlVerification: CRL verification options. The structure of crl_verification block is documented below.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
interface_ String: Specify outgoing interface to reach server.
ocspDefaultServer String: Default OCSP server.
ocspOption String: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
ocspStatus String: Enable/disable receiving certificates using the OCSP.
proxy String: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
proxyPassword String: Proxy server password.
proxyPort Integer: Proxy server port (1 - 65535, default = 8080).
proxyUsername String: Proxy server user name.
sourceIp String: Source IP address for dynamic AIA and OCSP queries.
sslMinProtoVersion String: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
sslOcspSourceIp String: Source IP address to use to communicate with the OCSP server.
strictCrlCheck String: Enable/disable strict mode CRL checking. Valid values: enable, disable.
strictOcspCheck String: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
subjectMatch String: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
subjectSet String: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

certnameDsa1024 string: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameDsa2048 string: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa256 string: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa384 string: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa1024 string: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa2048 string: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
certExpireWarning number: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
certnameEcdsa521 string: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd25519 string: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd448 string: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa4096 string: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
checkCaCert string: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
checkCaChain string: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
cmpKeyUsageChecking string: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
cmpSaveExtraCerts string: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
cnAllowMulti string: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
cnMatch string: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
crlVerification SettingCrlVerification: CRL verification options. The structure of crl_verification block is documented below.
getAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
interface string: Specify outgoing interface to reach server.
interfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
ocspDefaultServer string: Default OCSP server.
ocspOption string: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
ocspStatus string: Enable/disable receiving certificates using the OCSP.
proxy string: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
proxyPassword string: Proxy server password.
proxyPort number: Proxy server port (1 - 65535, default = 8080).
proxyUsername string: Proxy server user name.
sourceIp string: Source IP address for dynamic AIA and OCSP queries.
sslMinProtoVersion string: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
sslOcspSourceIp string: Source IP address to use to communicate with the OCSP server.
strictCrlCheck string: Enable/disable strict mode CRL checking. Valid values: enable, disable.
strictOcspCheck string: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
subjectMatch string: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
subjectSet string: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

certname_dsa1024 str: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
certname_dsa2048 str: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
certname_ecdsa256 str: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certname_ecdsa384 str: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certname_rsa1024 str: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
certname_rsa2048 str: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
cert_expire_warning int: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
certname_ecdsa521 str: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certname_ed25519 str: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certname_ed448 str: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certname_rsa4096 str: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
check_ca_cert str: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
check_ca_chain str: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
cmp_key_usage_checking str: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
cmp_save_extra_certs str: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
cn_allow_multi str: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
cn_match str: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
crl_verification SettingCrlVerificationArgs: CRL verification options. The structure of crl_verification block is documented below.
get_all_tables str: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
interface str: Specify outgoing interface to reach server.
interface_select_method str: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
ocsp_default_server str: Default OCSP server.
ocsp_option str: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
ocsp_status str: Enable/disable receiving certificates using the OCSP.
proxy str: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
proxy_password str: Proxy server password.
proxy_port int: Proxy server port (1 - 65535, default = 8080).
proxy_username str: Proxy server user name.
source_ip str: Source IP address for dynamic AIA and OCSP queries.
ssl_min_proto_version str: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
ssl_ocsp_source_ip str: Source IP address to use to communicate with the OCSP server.
strict_crl_check str: Enable/disable strict mode CRL checking. Valid values: enable, disable.
strict_ocsp_check str: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
subject_match str: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
subject_set str: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
vdomparam str: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

certnameDsa1024 String: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameDsa2048 String: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa256 String: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa384 String: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa1024 String: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa2048 String: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
certExpireWarning Number: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
certnameEcdsa521 String: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd25519 String: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd448 String: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa4096 String: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
checkCaCert String: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
checkCaChain String: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
cmpKeyUsageChecking String: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
cmpSaveExtraCerts String: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
cnAllowMulti String: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
cnMatch String: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
crlVerification Property Map: CRL verification options. The structure of crl_verification block is documented below.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
interface String: Specify outgoing interface to reach server.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
ocspDefaultServer String: Default OCSP server.
ocspOption String: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
ocspStatus String: Enable/disable receiving certificates using the OCSP.
proxy String: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
proxyPassword String: Proxy server password.
proxyPort Number: Proxy server port (1 - 65535, default = 8080).
proxyUsername String: Proxy server user name.
sourceIp String: Source IP address for dynamic AIA and OCSP queries.
sslMinProtoVersion String: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
sslOcspSourceIp String: Source IP address to use to communicate with the OCSP server.
strictCrlCheck String: Enable/disable strict mode CRL checking. Valid values: enable, disable.
strictOcspCheck String: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
subjectMatch String: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
subjectSet String: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

Outputs

All input properties are implicitly available as output properties. Additionally, the Setting resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Setting Resource

Get an existing Setting resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: SettingState, opts?: CustomResourceOptions): Setting

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cert_expire_warning: Optional[int] = None,
        certname_dsa1024: Optional[str] = None,
        certname_dsa2048: Optional[str] = None,
        certname_ecdsa256: Optional[str] = None,
        certname_ecdsa384: Optional[str] = None,
        certname_ecdsa521: Optional[str] = None,
        certname_ed25519: Optional[str] = None,
        certname_ed448: Optional[str] = None,
        certname_rsa1024: Optional[str] = None,
        certname_rsa2048: Optional[str] = None,
        certname_rsa4096: Optional[str] = None,
        check_ca_cert: Optional[str] = None,
        check_ca_chain: Optional[str] = None,
        cmp_key_usage_checking: Optional[str] = None,
        cmp_save_extra_certs: Optional[str] = None,
        cn_allow_multi: Optional[str] = None,
        cn_match: Optional[str] = None,
        crl_verification: Optional[SettingCrlVerificationArgs] = None,
        get_all_tables: Optional[str] = None,
        interface: Optional[str] = None,
        interface_select_method: Optional[str] = None,
        ocsp_default_server: Optional[str] = None,
        ocsp_option: Optional[str] = None,
        ocsp_status: Optional[str] = None,
        proxy: Optional[str] = None,
        proxy_password: Optional[str] = None,
        proxy_port: Optional[int] = None,
        proxy_username: Optional[str] = None,
        source_ip: Optional[str] = None,
        ssl_min_proto_version: Optional[str] = None,
        ssl_ocsp_source_ip: Optional[str] = None,
        strict_crl_check: Optional[str] = None,
        strict_ocsp_check: Optional[str] = None,
        subject_match: Optional[str] = None,
        subject_set: Optional[str] = None,
        vdomparam: Optional[str] = None) -> Setting

func GetSetting(ctx *Context, name string, id IDInput, state *SettingState, opts ...ResourceOption) (*Setting, error)

public static Setting Get(string name, Input<string> id, SettingState? state, CustomResourceOptions? opts = null)

public static Setting get(String name, Output<String> id, SettingState state, CustomResourceOptions options)

resources:  _:    type: fortios:vpn/certificate/setting:Setting    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CertExpireWarning int: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
CertnameDsa1024 string: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
CertnameDsa2048 string: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa256 string: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa384 string: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa521 string: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEd25519 string: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEd448 string: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa1024 string: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa2048 string: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa4096 string: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
CheckCaCert string: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
CheckCaChain string: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
CmpKeyUsageChecking string: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
CmpSaveExtraCerts string: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
CnAllowMulti string: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
CnMatch string: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
CrlVerification Pulumiverse.Fortios.Vpn.Certificate.Inputs.SettingCrlVerification: CRL verification options. The structure of crl_verification block is documented below.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
OcspDefaultServer string: Default OCSP server.
OcspOption string: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
OcspStatus string: Enable/disable receiving certificates using the OCSP.
Proxy string: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
ProxyPassword string: Proxy server password.
ProxyPort int: Proxy server port (1 - 65535, default = 8080).
ProxyUsername string: Proxy server user name.
SourceIp string: Source IP address for dynamic AIA and OCSP queries.
SslMinProtoVersion string: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
SslOcspSourceIp string: Source IP address to use to communicate with the OCSP server.
StrictCrlCheck string: Enable/disable strict mode CRL checking. Valid values: enable, disable.
StrictOcspCheck string: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
SubjectMatch string: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
SubjectSet string: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

CertExpireWarning int: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
CertnameDsa1024 string: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
CertnameDsa2048 string: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa256 string: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa384 string: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEcdsa521 string: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEd25519 string: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
CertnameEd448 string: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa1024 string: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa2048 string: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
CertnameRsa4096 string: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
CheckCaCert string: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
CheckCaChain string: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
CmpKeyUsageChecking string: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
CmpSaveExtraCerts string: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
CnAllowMulti string: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
CnMatch string: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
CrlVerification SettingCrlVerificationArgs: CRL verification options. The structure of crl_verification block is documented below.
GetAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
Interface string: Specify outgoing interface to reach server.
InterfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
OcspDefaultServer string: Default OCSP server.
OcspOption string: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
OcspStatus string: Enable/disable receiving certificates using the OCSP.
Proxy string: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
ProxyPassword string: Proxy server password.
ProxyPort int: Proxy server port (1 - 65535, default = 8080).
ProxyUsername string: Proxy server user name.
SourceIp string: Source IP address for dynamic AIA and OCSP queries.
SslMinProtoVersion string: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
SslOcspSourceIp string: Source IP address to use to communicate with the OCSP server.
StrictCrlCheck string: Enable/disable strict mode CRL checking. Valid values: enable, disable.
StrictOcspCheck string: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
SubjectMatch string: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
SubjectSet string: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
Vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

certExpireWarning Integer: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
certnameDsa1024 String: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameDsa2048 String: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa256 String: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa384 String: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa521 String: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd25519 String: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd448 String: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa1024 String: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa2048 String: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa4096 String: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
checkCaCert String: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
checkCaChain String: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
cmpKeyUsageChecking String: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
cmpSaveExtraCerts String: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
cnAllowMulti String: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
cnMatch String: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
crlVerification SettingCrlVerification: CRL verification options. The structure of crl_verification block is documented below.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
interface_ String: Specify outgoing interface to reach server.
ocspDefaultServer String: Default OCSP server.
ocspOption String: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
ocspStatus String: Enable/disable receiving certificates using the OCSP.
proxy String: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
proxyPassword String: Proxy server password.
proxyPort Integer: Proxy server port (1 - 65535, default = 8080).
proxyUsername String: Proxy server user name.
sourceIp String: Source IP address for dynamic AIA and OCSP queries.
sslMinProtoVersion String: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
sslOcspSourceIp String: Source IP address to use to communicate with the OCSP server.
strictCrlCheck String: Enable/disable strict mode CRL checking. Valid values: enable, disable.
strictOcspCheck String: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
subjectMatch String: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
subjectSet String: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

certExpireWarning number: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
certnameDsa1024 string: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameDsa2048 string: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa256 string: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa384 string: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa521 string: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd25519 string: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd448 string: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa1024 string: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa2048 string: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa4096 string: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
checkCaCert string: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
checkCaChain string: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
cmpKeyUsageChecking string: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
cmpSaveExtraCerts string: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
cnAllowMulti string: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
cnMatch string: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
crlVerification SettingCrlVerification: CRL verification options. The structure of crl_verification block is documented below.
getAllTables string: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
interface string: Specify outgoing interface to reach server.
interfaceSelectMethod string: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
ocspDefaultServer string: Default OCSP server.
ocspOption string: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
ocspStatus string: Enable/disable receiving certificates using the OCSP.
proxy string: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
proxyPassword string: Proxy server password.
proxyPort number: Proxy server port (1 - 65535, default = 8080).
proxyUsername string: Proxy server user name.
sourceIp string: Source IP address for dynamic AIA and OCSP queries.
sslMinProtoVersion string: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
sslOcspSourceIp string: Source IP address to use to communicate with the OCSP server.
strictCrlCheck string: Enable/disable strict mode CRL checking. Valid values: enable, disable.
strictOcspCheck string: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
subjectMatch string: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
subjectSet string: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
vdomparam string: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

cert_expire_warning int: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
certname_dsa1024 str: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
certname_dsa2048 str: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
certname_ecdsa256 str: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certname_ecdsa384 str: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certname_ecdsa521 str: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certname_ed25519 str: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certname_ed448 str: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certname_rsa1024 str: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
certname_rsa2048 str: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
certname_rsa4096 str: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
check_ca_cert str: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
check_ca_chain str: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
cmp_key_usage_checking str: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
cmp_save_extra_certs str: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
cn_allow_multi str: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
cn_match str: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
crl_verification SettingCrlVerificationArgs: CRL verification options. The structure of crl_verification block is documented below.
get_all_tables str: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
interface str: Specify outgoing interface to reach server.
interface_select_method str: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
ocsp_default_server str: Default OCSP server.
ocsp_option str: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
ocsp_status str: Enable/disable receiving certificates using the OCSP.
proxy str: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
proxy_password str: Proxy server password.
proxy_port int: Proxy server port (1 - 65535, default = 8080).
proxy_username str: Proxy server user name.
source_ip str: Source IP address for dynamic AIA and OCSP queries.
ssl_min_proto_version str: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
ssl_ocsp_source_ip str: Source IP address to use to communicate with the OCSP server.
strict_crl_check str: Enable/disable strict mode CRL checking. Valid values: enable, disable.
strict_ocsp_check str: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
subject_match str: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
subject_set str: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
vdomparam str: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

certExpireWarning Number: Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14).
certnameDsa1024 String: 1024 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameDsa2048 String: 2048 bit DSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa256 String: 256 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa384 String: 384 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEcdsa521 String: 521 bit ECDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd25519 String: 253 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameEd448 String: 456 bit EdDSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa1024 String: 1024 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa2048 String: 2048 bit RSA key certificate for re-signing server certificates for SSL inspection.
certnameRsa4096 String: 4096 bit RSA key certificate for re-signing server certificates for SSL inspection.
checkCaCert String: Enable/disable verification of the user certificate and pass authentication if any CA in the chain is trusted (default = enable). Valid values: enable, disable.
checkCaChain String: Enable/disable verification of the entire certificate chain and pass authentication only if the chain is complete and all of the CAs in the chain are trusted (default = disable). Valid values: enable, disable.
cmpKeyUsageChecking String: Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: enable, disable.
cmpSaveExtraCerts String: Enable/disable saving extra certificates in CMP mode (default = disable). Valid values: enable, disable.
cnAllowMulti String: When searching for a matching certificate, allow multiple CN fields in certificate subject name (default = enable). Valid values: disable, enable.
cnMatch String: When searching for a matching certificate, control how to do CN value matching with certificate subject name (default = substring). Valid values: substring, value.
crlVerification Property Map: CRL verification options. The structure of crl_verification block is documented below.
getAllTables String: Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables.
interface String: Specify outgoing interface to reach server.
interfaceSelectMethod String: Specify how to select outgoing interface to reach server. Valid values: auto, sdwan, specify.
ocspDefaultServer String: Default OCSP server.
ocspOption String: Specify whether the OCSP URL is from certificate or configured OCSP server. Valid values: certificate, server.
ocspStatus String: Enable/disable receiving certificates using the OCSP.
proxy String: Proxy server FQDN or IP for OCSP/CA queries during certificate verification.
proxyPassword String: Proxy server password.
proxyPort Number: Proxy server port (1 - 65535, default = 8080).
proxyUsername String: Proxy server user name.
sourceIp String: Source IP address for dynamic AIA and OCSP queries.
sslMinProtoVersion String: Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting).
sslOcspSourceIp String: Source IP address to use to communicate with the OCSP server.
strictCrlCheck String: Enable/disable strict mode CRL checking. Valid values: enable, disable.
strictOcspCheck String: Enable/disable strict mode OCSP checking. Valid values: enable, disable.
subjectMatch String: When searching for a matching certificate, control how to do RDN value matching with certificate subject name (default = substring). Valid values: substring, value.
subjectSet String: When searching for a matching certificate, control how to do RDN set matching with certificate subject name (default = subset). Valid values: subset, superset.
vdomparam String: Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.

Supporting Types

SettingCrlVerification
, SettingCrlVerificationArgs

ChainCrlAbsence string: CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
Expiry string: CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
LeafCrlAbsence string: CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.

ChainCrlAbsence string: CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
Expiry string: CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
LeafCrlAbsence string: CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.

chainCrlAbsence String: CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
expiry String: CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
leafCrlAbsence String: CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.

chainCrlAbsence string: CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
expiry string: CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
leafCrlAbsence string: CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.

chain_crl_absence str: CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
expiry str: CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
leaf_crl_absence str: CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.

chainCrlAbsence String: CRL verification option when CRL of any certificate in chain is absent (default = ignore). Valid values: ignore, revoke.
expiry String: CRL verification option when CRL is expired (default = ignore). Valid values: ignore, revoke.
leafCrlAbsence String: CRL verification option when leaf CRL is absent (default = ignore). Valid values: ignore, revoke.

Import

VpnCertificate Setting can be imported using any of these accepted formats:

$ pulumi import fortios:vpn/certificate/setting:Setting labelname VpnCertificateSetting

If you do not want to import arguments of block:

$ export “FORTIOS_IMPORT_TABLE”=“false”

$ pulumi import fortios:vpn/certificate/setting:Setting labelname VpnCertificateSetting

$ unset “FORTIOS_IMPORT_TABLE”

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: fortios pulumiverse/pulumi-fortios
License: Apache-2.0
Notes: This Pulumi package is based on the fortios Terraform Provider.

Fortios v0.0.6 published on Tuesday, Jul 9, 2024 by pulumiverse

pulumiverse/pulumi-fortios

fortios.vpn/certificate.Setting

On this page

On this page

Example Usage

Create Setting Resource

Constructor syntax

Parameters

Setting Resource Properties

Inputs

Outputs

Look up Existing Setting Resource

Supporting Types

SettingCrlVerification
, SettingCrlVerificationArgs

Import

Package Details

On this page

On this page

fortios.vpn/certificate.Setting

On this page

On this page

Example Usage

Create Setting Resource

Constructor syntax

Parameters

Setting Resource Properties

Inputs

Outputs

Look up Existing Setting Resource

Supporting Types

SettingCrlVerification, SettingCrlVerificationArgs

Import

Package Details

On this page

On this page

SettingCrlVerification
, SettingCrlVerificationArgs