{ "additionalProperties": false, "id": "ClientSslProfileBinding", "module_id": "LoadBalancer", "properties": { "certificate_chain_depth": { "default": 3, "description": "authentication depth is used to set the verification depth in the client certificates chain.", "maximum": 2147483647, "minimum": 1, "required": false, "title": "the maximum traversal depth of client certificate chain", "type": "integer" }, "client_auth": { "$ref": "ClientAuthType, "default": "IGNORE", "required": false, "title": "client authentication mode" }, "client_auth_ca_ids": { "description": "If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified.", "items": { "type": "string" }, "required": false, "title": "CA identifier list to verify client certificate", "type": "array" }, "client_auth_crl_ids": { "description": "A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates.", "items": { "type": "string" }, "required": false, "title": "CRL identifier list to verify client certificate", "type": "array" }, "default_certificate_id": { "description": "A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension.", "required": true, "title": "default service certificate identifier", "type": "string" }, "sni_certificate_ids": { "description": "Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server.", "items": { "type": "string" }, "required": false, "title": "SNI certificate identifier list", "type": "array" }, "ssl_profile_id": { "description": "Client SSL profile defines reusable, application-independent client side SSL properties.", "required": false, "title": "client SSL profile identifier", "type": "string" } }, "type": "object" }