Try SpotterConfiguration for OCSP responser resource.
| "added in version" 2.0.0 of netscaler.adc"
Authors: Sumanth Lingappa (@sumanth-lingappa)
preview | supported by community
Install with ansible-galaxy collection install netscaler.adc:==2.5.1
collections:
- name: netscaler.adc
version: 2.5.1Configuration for OCSP responser resource.
url:
description:
- URL of the OCSP responder.
type: str
name:
description:
- Name for the OCSP responder. Cannot begin with a hash (#) or space character and
must contain only ASCII alphanumeric, underscore (_), hash (#), period (.), space,
colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after
the responder is created.
- ''
- 'The following requirement applies only to the Citrix ADC CLI:'
- If the name includes one or more spaces, enclose the name in double or single quotation
marks (for example, "my responder" or 'my responder').
type: str
nsip:
description:
- The ip address of the NetScaler ADC appliance where the nitro API calls will be
made.
- The port can be specified with the colon (:). E.g. 192.168.1.1:555.
required: true
type: str
cache:
choices:
- ENABLED
- DISABLED
description:
- Enable caching of responses. Caching of responses received from the OCSP responder
enables faster responses to the clients and reduces the load on the OCSP responder.
type: str
state:
choices:
- present
- absent
- unset
default: present
description:
- The state of the resource being configured by the module on the NetScaler ADC node.
- When C(present), the resource will be added/updated configured according to the
module's parameters.
- When C(absent), the resource will be deleted from the NetScaler ADC node.
- When C(unset), the resource will be unset on the NetScaler ADC node.
type: str
api_path:
default: nitro/v1/config
description:
- Base NITRO API path.
- Define only in case of an ADM service proxy call
type: str
usenonce:
choices:
- 'YES'
- 'NO'
description:
- Enable the OCSP nonce extension, which is designed to prevent replay attacks.
type: str
httpmethod:
choices:
- GET
- POST
description:
- HTTP method used to send ocsp request. C(POST) is the default httpmethod. If request
length is > 255, C(POST) wil be used even if C(GET) is set as httpMethod
type: str
nitro_pass:
description:
- The password with which to authenticate to the NetScaler ADC node.
required: false
type: str
nitro_user:
description:
- The username with which to authenticate to the NetScaler ADC node.
required: false
type: str
resptimeout:
description:
- Time, in milliseconds, to wait for an OCSP response. When this time elapses, an
error message appears or the transaction is forwarded, depending on the settings
on the virtual server. Includes Batching Delay time.
type: float
save_config:
default: false
description:
- If C(true) the module will save the configuration on the NetScaler ADC node if it
makes any changes.
- The module will not save the configuration on the NetScaler ADC node if it made
no changes.
type: bool
signingcert:
description:
- Certificate-key pair that is used to sign OCSP requests. If this parameter is not
set, the requests are not signed.
type: str
cachetimeout:
description:
- Timeout for caching the OCSP response. After the timeout, the Citrix ADC sends a
fresh request to the OCSP responder for the certificate status. If a timeout is
not specified, the timeout provided in the OCSP response applies.
type: float
batchingdelay:
description:
- Maximum time, in milliseconds, to wait to accumulate OCSP requests to batch. Does
not apply if the Batching Depth is 1.
type: float
batchingdepth:
description:
- Number of client certificates to batch together into one OCSP request. Batching
avoids overloading the OCSP responder. A value of 1 signifies that each request
is queried independently. For a value greater than 1, specify a timeout (batching
delay) to avoid inordinately delaying the processing of a single certificate.
type: float
respondercert:
description:
- '0'
type: str
nitro_protocol:
choices:
- http
- https
default: https
description:
- Which protocol to use when accessing the nitro API objects.
type: str
trustresponder:
description:
- A certificate to use to validate OCSP responses. Alternatively, if -trustResponder
is specified, no verification will be done on the reponse. If both are omitted,
only the response times (producedAt, lastUpdate, nextUpdate) will be verified.
type: bool
validate_certs:
default: true
description:
- If C(false), SSL certificates will not be validated. This should only be used on
personally controlled sites using self-signed certificates.
required: false
type: bool
insertclientcert:
choices:
- 'YES'
- 'NO'
description:
- Include the complete client certificate in the OCSP request.
type: str
nitro_auth_token:
description:
- The authentication token provided by a login operation.
type: str
version_added: 2.6.0
version_added_collection: netscaler.adc
producedattimeskew:
description:
- Time, in seconds, for which the Citrix ADC waits before considering the response
as invalid. The response is considered invalid if the Produced At time stamp in
the OCSP response exceeds or precedes the current Citrix ADC clock time by the amount
of time specified.
type: float
ocspurlresolvetimeout:
description:
- Time, in milliseconds, to wait for an OCSP URL Resolution. When this time elapses,
an error message appears or the transaction is forwarded, depending on the settings
on the virtual server.
type: float
changed:
description: Indicates if any change is made by the module
returned: always
sample: true
type: bool
diff:
description: Dictionary of before and after changes
returned: always
sample:
after:
key2: pqr
before:
key1: xyz
prepared: changes done
type: dict
diff_list:
description: List of differences between the actual configured object and the configuration
specified in the module
returned: when changed
sample:
- 'Attribute `key1` differs. Desired: (<class ''str''>) XYZ. Existing: (<class ''str''>)
PQR'
type: list
failed:
description: Indicates if the module failed or not
returned: always
sample: false
type: bool
loglines:
description: list of logged messages by the module
returned: always
sample:
- message 1
- message 2
type: list