| _create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly
Sortable |
| _create_user |
ID of the user who created this resource |
string |
Readonly |
| _last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly
Sortable |
| _last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
| _links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
| _protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
| _revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
| _schema |
Schema for this resource |
string |
Readonly |
| _self |
Link to this resource |
SelfResourceLink |
Readonly |
| _system_owned |
Indicates system owned resource |
boolean |
Readonly |
| ca_signed_only |
A flag to indicate whether the server certs are only allowed to be ca-signed.
When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates.
Since this check has now moved to the compliance-report, enabling this check is no longer required if the NDcPP Security alarms have been enabled. |
boolean |
|
| crl_checking_enabled |
A flag to indicate whether the Java trust-managers check certificate revocation
When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not. Setting this property to false results in lower security. It is not advisable to import certificate without CRL info while CRL checking is deactivated, and then re-enable CRL checking. |
boolean |
|
| description |
Description of this resource |
string |
Maximum length: 1024
Sortable |
| display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255
Sortable |
| eku_checking_enabled |
A flag to indicate whether the Extended Key Usage extension in the certificate is checked.
When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk.
Since this check has now moved to the compliance-report, enabling/disabling this flag no longer has any effect when applying certificates. |
boolean |
|
| id |
Unique identifier of this resource |
string |
Sortable |
| resource_type |
Must be set to the value InfraSecurityConfig |
string |
|
| tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |