radware / radware.radware_modules / 0.6.12 / module / alteon_config_ssl_server_auth_policy Manage SSL server Authentication Policy in Radware Alteon | "added in version" 2.9 of radware.radware_modules" Authors: Leon Meguira (@leonmeguira), Nati Fridman (@natifridman) stableinterface | supported by certifiedradware.radware_modules.alteon_config_ssl_server_auth_policy (0.6.12) — module
Install with ansible-galaxy collection install radware.radware_modules:==0.6.12
collections: - name: radware.radware_modules version: 0.6.12
SSL client authentication enables a server to confirm a client's identity as part of the SSL handshake process.
Similarly, SSL server authentication enables a client to confirm the identity of the server.
Authentication of a client or server requires checking their certificate validity.
If the certificate is valid, the handshake process is completed, otherwise the session is terminated.
The same Authentication Policy can be associated with multiple SSL Policies.
- name: alteon configuration command radware.radware_modules.alteon_config_ssl_server_auth_policy: provider: server: 192.168.1.1 user: admin password: admin validate_certs: no https_port: 443 ssh_port: 22 timeout: 5 state: present parameters: index: ssl_server_auth_pol description: test_auth_policy state: enabled cert_validation_method: ocsp ocsp_validation_static_uri: http://uri.ocsp.com ocsp_response_secure: enabled trusted_ca_chain_name: ca_group_1 trusted_ca_chain_type: group server_host_mismatch_action: reject
state: choices: - present - absent - read - overwrite - append default: null description: - When C(present), guarantees that the object exists with the provided attributes. - When C(absent), when applicable removes the object. - When C(read), when exists read object from configuration to parameter format. - When C(overwrite), removes the object if exists then recreate it - When C(append), append object configuration with the provided parameters required: true provider: description: - Radware Alteon connection details. required: true suboptions: https_port: default: null description: - Radware Alteon https port. required: true password: default: null description: - Radware Alteon password. required: true server: default: null description: - Radware Alteon IP address. required: true ssh_port: default: null description: - Radware Alteon ssh port. required: true timeout: default: null description: - Timeout for connection. required: true user: default: null description: - Radware Alteon username. required: true validate_certs: default: null description: - If C(no), SSL certificates will not be validated. - This should only set to C(no) used on personally controlled sites using self-signed certificates. required: true type: bool parameters: description: - Parameters for SSL server Authentication Policy configuration. suboptions: ca_chain_lookup_depth: default: 2 description: - Specifies the maximum number of certificates to be traversed in a certificate chain while attempting to validate the link between - the certificate and the configured trusted CA. required: false type: int cert_validation_method: choices: - none - ocsp default: none description: - Specifies the method for validating whether a certificate, that was already validated as issued by a trusted entity, has not been revoked. required: false description: default: null description: - An optional descriptive name of the policy in addition to the policy ID. required: false type: str index: default: null description: - The authentication policy name (key id) as an index. required: true type: str ocsp_cert_chain_validation: choices: - enabled - disabled default: disabled description: - Specifies whether to enable validation of every certificate in the certificate chain, or only of the authenticated element - (client/server) certificate. required: false ocsp_response_cache_time_second: default: null description: - Specifies the length of time for which the OCSP response is cached, in seconds. required: false type: int ocsp_response_deviation_time_second: default: 75 description: - Allows to overlook small deviations, in seconds, between Alteon and OCSP server timestamps when performing OCSP signature verification. required: false type: int ocsp_response_secure: choices: - enabled - disabled default: enabled description: - Specifies whether to verify that the certificate status information received from the OCSP responder is up-to-date by sending a random nonce - (a random sequence of 20 bytes) in the OCSP request. The OCSP responder must use its secret key to sign the response containing this nonce. required: false ocsp_uri_priority: choices: - clientcert - staticuri default: clientcert description: - The OCSP access point can be configured (static URI) or can be provided in the certificate (in the Authority Information Access extension). - The OCSP URI priority defines whether to check first if the location is provided in the certificate or not. required: false ocsp_validation_static_uri: default: null description: - Specifies the static URI for OCSP validation requests. required: false type: str server_expired_cert_action: choices: - ignore - reject default: ignore description: - Specifies the action performed on receiving an expired certificate from the server. required: false server_host_mismatch_action: choices: - ignore - reject default: ignore description: - Specifies the action performed when a host mismatch is detected between the certificate Common Name and SNI value. required: false server_untrusted_cert_action: choices: - ignore - reject default: reject description: - Specifies the action performed on receiving a server certificate signed by an untrusted issuer. required: false state: choices: - enabled - disabled default: null description: - Specifies whether to enable/disable the authentication policy. required: false trusted_ca_chain_name: default: null description: - Specifies one or more (group) Certificate Authority (CA) certificates that are trusted as issuers of regular (client/server) certificates. required: false type: str trusted_ca_chain_type: choices: - group - cert default: null description: - Specifies one or more (group) Certificate Authority (CA) certificates that are trusted as issuers of regular (client/server) certificates. required: false revert_on_error: default: false description: - If an error occurs, perform revert on alteon. required: false type: bool write_on_change: default: false description: - Executes Alteon write calls only when an actual change has been evaluated. required: false type: bool
obj: description: parameters object type returned: changed, read type: dictionary status: description: Message detailing run result returned: success sample: object deployed successfully type: str