radware / radware.radware_alteon / 1.1.2 / module / alteon_config_ssl_client_auth_policy Manage SSL Authentication Policy in Radware Alteon | "added in version" 1.0.0 of radware.radware_alteon" Authors: Leon Meguira (@leonmeguira), Nati Fridman (@natifridman) stableinterface | supported by certifiedradware.radware_alteon.alteon_config_ssl_client_auth_policy (1.1.2) — module
Install with ansible-galaxy collection install radware.radware_alteon:==1.1.2
collections: - name: radware.radware_alteon version: 1.1.2
SSL client authentication enables a server to confirm a client's identity as part of the SSL handshake process. Similarly, SSL server authentication enables a client to confirm the identity of the server. Authentication of a client or server requires checking their certificate validity. If the certificate is valid, the handshake process is completed, otherwise the session is terminated.
The same Authentication Policy can be associated with multiple SSL Policies.
- name: alteon configuration command radware.radware_alteon.alteon_config_ssl_client_auth_policy: provider: server: 192.168.1.1 user: admin password: admin validate_certs: false https_port: 443 ssh_port: 22 timeout: 5 state: present parameters: index: ssl_server_auth_pol description: test_auth_policy state: enabled ca_verification: require advertised_ca_chain_type: default cert_validation_method: ocsp ocsp_validation_static_uri: http://uri.ocsp.com ocsp_response_secure: enabled trusted_ca_chain_name: ca_group_1 trusted_ca_chain_type: group pass_cert_info_version_header_name: CCRT-ver pass_cert_info_version_header: enabled
state: choices: - present - absent - read - overwrite - append default: null description: - When C(present), guarantees that the object exists with the provided attributes. - When C(absent), when applicable removes the object. - When C(read), when exists read object from configuration to parameter format. - When C(overwrite), removes the object if exists then recreate it - When C(append), append object configuration with the provided parameters required: true type: str provider: description: - Radware Alteon connection details. required: true suboptions: https_port: default: null description: - Radware Alteon https port. required: true password: default: null description: - Radware Alteon password. required: true server: default: null description: - Radware Alteon IP address. required: true ssh_port: default: null description: - Radware Alteon ssh port. required: true timeout: default: null description: - Timeout for connection. required: true user: default: null description: - Radware Alteon username. required: true validate_certs: default: null description: - If C(false), SSL certificates will not be validated. - This should only set to C(false) used on personally controlled sites using self-signed certificates. required: true type: bool type: dict parameters: description: - Parameters for SSL Authentication Policy configuration. suboptions: advertised_ca_chain_name: default: null description: - Specifies the certificate authority name that should be included in the Certificate Request message, providing greater control over the configuration information shared with unknown clients. required: false type: str advertised_ca_chain_type: choices: - group - cert - default - none default: null description: - Advertised CA type required: false ca_chain_lookup_depth: default: 2 description: - Specifies the maximum number of certificates to be traversed in a certificate chain while attempting to validate the link between the certificate and the configured trusted CA. required: false type: int ca_verification: choices: - enabled - disabled default: null description: - Specifies whether to verify that a client certificate is trusted. required: false cert_validation_method: choices: - none - ocsp default: none description: - Specifies the method for validating whether a certificate, that was already validated as issued by a trusted entity, has not been revoked. required: false description: default: null description: - An optional descriptive name of the policy in addition to the policy ID. required: false type: str failure_redirection_url: default: null description: - Specifies the URL to which a client should be redirected when its authentication fails. required: false type: str index: default: null description: - The authentication policy name (key id) as an index. required: true type: str ocsp_cert_chain_validation: choices: - enabled - disabled default: disabled description: - Specifies whether to enable validation of every certificate in the certificate chain, or only of the authenticated element (client/server) certificate. required: false ocsp_response_cache_time_second: default: null description: - Specifies the length of time for which the OCSP response is cached, in seconds. required: false type: int ocsp_response_deviation_time_second: default: 75 description: - Allows to overlook small deviations, in seconds, between Alteon and OCSP server timestamps when performing OCSP signature verification. required: false type: int ocsp_response_secure: choices: - enabled - disabled default: enabled description: - Specifies whether to verify that the certificate status information received from the OCSP responder is up-to-date by sending a random nonce (a random sequence of 20 bytes) in the OCSP request. The OCSP responder must use its secret key to sign the response containing this nonce. required: false ocsp_uri_priority: choices: - clientcert - staticuri default: clientcert description: - The OCSP access point can be configured (static URI) or can be provided in the certificate (in the Authority Information Access extension). The OCSP URI priority defines whether to check first if the location is provided in the certificate or not. required: false ocsp_validation_static_uri: default: null description: - Specifies the static URI for OCSP validation requests. required: false type: str pass_cert_info_2424ssl_compliance_header: choices: - enabled - disabled default: disabled description: - Specifies whether to enable 2424SSL Headers Compliance Mode. required: false pass_cert_info_cert_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate information information to the back-end server. required: false pass_cert_info_cert_header_name: default: CCRT-Certificate description: - Specifies the header name pass certificate information to the back-end server. required: false type: str pass_cert_info_issuer_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate issuer information to the back-end server. required: false pass_cert_info_issuer_header_name: default: CCRT-Issuer description: - Specifies the header name pass certificate issuer information to the back-end server. required: false type: str pass_cert_info_md5_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate MD5 hash information information to the back-end server. required: false pass_cert_info_md5_header_name: default: CCRT-MD5Hash description: - Specifies the header name pass certificate MD5 hash information to the back-end server. required: false type: str pass_cert_info_not_after_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate Not After Validity Date to the back-end server. required: false pass_cert_info_not_after_header_name: default: CCRT-NotAfter description: - Specifies the header name pass certificate Not After Validity Date to the back-end server. required: false type: str pass_cert_info_not_before_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate Not Before Validity Date to the back-end server. required: false pass_cert_info_not_before_header_name: default: CCRT-NotBefore description: - Specifies the header name pass certificate Not Before Validity Date to the back-end server. required: false type: str pass_cert_info_public_key_type_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate Public Key Type information to the back-end server. required: false pass_cert_info_public_key_type_header_name: default: CCRT-publicKeyType description: - Specifies the header name pass certificate Public Key Type information to the back-end server. required: false type: str pass_cert_info_serial_number_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate serial number to the back-end server. required: false pass_cert_info_serial_number_header_name: default: CCRT-SN description: - Specifies the header name pass certificate serial number to the back-end server. required: false type: str pass_cert_info_sign_algorithm_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate Signature Algorithm to the back-end server. required: false pass_cert_info_sign_algorithm_header_name: default: CCRT-SignatureAlgo description: - Specifies the header name pass certificate Signature Algorithm to the back-end server. required: false type: str pass_cert_info_subject_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate subject information to the back-end server. required: false pass_cert_info_subject_header_name: default: CCRT-Subject description: - Specifies the header name pass certificate subject information to the back-end server. required: false type: str pass_cert_info_version_header: choices: - enabled - disabled default: disabled description: - Specifies whether to pass certificate version information to the back-end server. required: false pass_cert_info_version_header_name: default: CCRT-Version description: - Specifies the header name pass certificate version information to the back-end server. required: false type: str state: choices: - enabled - disabled default: null description: - Specifies whether to enable/disable the authentication policy. required: false trusted_ca_chain_name: default: null description: - Trusted CA certificate name. required: false type: str trusted_ca_chain_type: choices: - group - cert default: null description: - Specifies one or more (group) Certificate Authority (CA) certificates that are trusted as issuers of regular (client/server) certificates. required: false type: dict revert_on_error: default: false description: - If an error occurs, perform revert on alteon. required: false type: bool write_on_change: default: false description: - Executes Alteon write calls only when an actual change has been evaluated. required: false type: bool
obj: description: parameters object type returned: changed, read type: dict status: description: Message detailing run result returned: success sample: object deployed successfully type: str