avi 31.1.1, Apr 14 25

avi 31.1.1 published on Monday, Apr 14, 2025 by vmware

avi.Pkiprofile

Explore with Pulumi AI

avi 31.1.1 published on Monday, Apr 14, 2025 by vmware

<!–

Copyright 2021 VMware, Inc.
SPDX-License-Identifier: Mozilla Public License 2.0

–>

layout: “avi”

page_title: “Avi: avi.Pkiprofile” sidebar_current: “docs-avi-resource-pkiprofile” description: |- Creates and manages Avi PKIProfile.

avi.Pkiprofile

The PKIProfile resource allows the creation and management of Avi PKIProfile

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as avi from "@pulumi/avi";

const foo = new avi.Pkiprofile("foo", {tenantRef: "/api/tenant/?name=admin"});

import pulumi
import pulumi_avi as avi

foo = avi.Pkiprofile("foo", tenant_ref="/api/tenant/?name=admin")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/avi/v31/avi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := avi.NewPkiprofile(ctx, "foo", &avi.PkiprofileArgs{
			TenantRef: pulumi.String("/api/tenant/?name=admin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Avi = Pulumi.Avi;

return await Deployment.RunAsync(() => 
{
    var foo = new Avi.Pkiprofile("foo", new()
    {
        TenantRef = "/api/tenant/?name=admin",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.avi.Pkiprofile;
import com.pulumi.avi.PkiprofileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var foo = new Pkiprofile("foo", PkiprofileArgs.builder()
            .tenantRef("/api/tenant/?name=admin")
            .build());

    }
}

resources:
  foo:
    type: avi:Pkiprofile
    properties:
      tenantRef: /api/tenant/?name=admin

Create Pkiprofile Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Pkiprofile(name: string, args?: PkiprofileArgs, opts?: CustomResourceOptions);

@overload
def Pkiprofile(resource_name: str,
               args: Optional[PkiprofileArgs] = None,
               opts: Optional[ResourceOptions] = None)

@overload
def Pkiprofile(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               allow_pki_errors: Optional[Sequence[str]] = None,
               ca_certs: Optional[Sequence[PkiprofileCaCertArgs]] = None,
               configpb_attributes: Optional[Sequence[PkiprofileConfigpbAttributeArgs]] = None,
               created_by: Optional[str] = None,
               crl_check: Optional[str] = None,
               crl_file_refs: Optional[Sequence[str]] = None,
               ignore_peer_chain: Optional[str] = None,
               is_federated: Optional[str] = None,
               markers: Optional[Sequence[PkiprofileMarkerArgs]] = None,
               name: Optional[str] = None,
               pkiprofile_id: Optional[str] = None,
               tenant_ref: Optional[str] = None,
               uuid: Optional[str] = None,
               validate_only_leaf_crl: Optional[str] = None)

func NewPkiprofile(ctx *Context, name string, args *PkiprofileArgs, opts ...ResourceOption) (*Pkiprofile, error)

public Pkiprofile(string name, PkiprofileArgs? args = null, CustomResourceOptions? opts = null)

public Pkiprofile(String name, PkiprofileArgs args)
public Pkiprofile(String name, PkiprofileArgs args, CustomResourceOptions options)

type: avi:Pkiprofile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PkiprofileArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PkiprofileArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PkiprofileArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PkiprofileArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PkiprofileArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var pkiprofileResource = new Avi.Pkiprofile("pkiprofileResource", new()
{
    AllowPkiErrors = new[]
    {
        "string",
    },
    CaCerts = new[]
    {
        new Avi.Inputs.PkiprofileCaCertArgs
        {
            Certificate = "string",
            CertificateSigningRequest = "string",
            ChainVerified = "string",
            DaysUntilExpire = "string",
            ExpiryStatus = "string",
            Fingerprint = "string",
            Issuers = new[]
            {
                new Avi.Inputs.PkiprofileCaCertIssuerArgs
                {
                    CommonName = "string",
                    Country = "string",
                    DistinguishedName = "string",
                    EmailAddress = "string",
                    Locality = "string",
                    Organization = "string",
                    OrganizationUnit = "string",
                    State = "string",
                },
            },
            KeyParams = new[]
            {
                new Avi.Inputs.PkiprofileCaCertKeyParamArgs
                {
                    Algorithm = "string",
                    EcParams = new[]
                    {
                        new Avi.Inputs.PkiprofileCaCertKeyParamEcParamArgs
                        {
                            Curve = "string",
                        },
                    },
                    RsaParams = new[]
                    {
                        new Avi.Inputs.PkiprofileCaCertKeyParamRsaParamArgs
                        {
                            Exponent = "string",
                            KeySize = "string",
                        },
                    },
                },
            },
            NotAfter = "string",
            NotBefore = "string",
            PublicKey = "string",
            SelfSigned = "string",
            SerialNumber = "string",
            Signature = "string",
            SignatureAlgorithm = "string",
            SubjectAltNames = new[]
            {
                "string",
            },
            Subjects = new[]
            {
                new Avi.Inputs.PkiprofileCaCertSubjectArgs
                {
                    CommonName = "string",
                    Country = "string",
                    DistinguishedName = "string",
                    EmailAddress = "string",
                    Locality = "string",
                    Organization = "string",
                    OrganizationUnit = "string",
                    State = "string",
                },
            },
            Text = "string",
            Version = "string",
        },
    },
    ConfigpbAttributes = new[]
    {
        new Avi.Inputs.PkiprofileConfigpbAttributeArgs
        {
            Version = "string",
        },
    },
    CreatedBy = "string",
    CrlCheck = "string",
    CrlFileRefs = new[]
    {
        "string",
    },
    IgnorePeerChain = "string",
    IsFederated = "string",
    Markers = new[]
    {
        new Avi.Inputs.PkiprofileMarkerArgs
        {
            Key = "string",
            Values = new[]
            {
                "string",
            },
        },
    },
    Name = "string",
    PkiprofileId = "string",
    TenantRef = "string",
    Uuid = "string",
    ValidateOnlyLeafCrl = "string",
});

example, err := avi.NewPkiprofile(ctx, "pkiprofileResource", &avi.PkiprofileArgs{
	AllowPkiErrors: pulumi.StringArray{
		pulumi.String("string"),
	},
	CaCerts: avi.PkiprofileCaCertArray{
		&avi.PkiprofileCaCertArgs{
			Certificate:               pulumi.String("string"),
			CertificateSigningRequest: pulumi.String("string"),
			ChainVerified:             pulumi.String("string"),
			DaysUntilExpire:           pulumi.String("string"),
			ExpiryStatus:              pulumi.String("string"),
			Fingerprint:               pulumi.String("string"),
			Issuers: avi.PkiprofileCaCertIssuerArray{
				&avi.PkiprofileCaCertIssuerArgs{
					CommonName:        pulumi.String("string"),
					Country:           pulumi.String("string"),
					DistinguishedName: pulumi.String("string"),
					EmailAddress:      pulumi.String("string"),
					Locality:          pulumi.String("string"),
					Organization:      pulumi.String("string"),
					OrganizationUnit:  pulumi.String("string"),
					State:             pulumi.String("string"),
				},
			},
			KeyParams: avi.PkiprofileCaCertKeyParamArray{
				&avi.PkiprofileCaCertKeyParamArgs{
					Algorithm: pulumi.String("string"),
					EcParams: avi.PkiprofileCaCertKeyParamEcParamArray{
						&avi.PkiprofileCaCertKeyParamEcParamArgs{
							Curve: pulumi.String("string"),
						},
					},
					RsaParams: avi.PkiprofileCaCertKeyParamRsaParamArray{
						&avi.PkiprofileCaCertKeyParamRsaParamArgs{
							Exponent: pulumi.String("string"),
							KeySize:  pulumi.String("string"),
						},
					},
				},
			},
			NotAfter:           pulumi.String("string"),
			NotBefore:          pulumi.String("string"),
			PublicKey:          pulumi.String("string"),
			SelfSigned:         pulumi.String("string"),
			SerialNumber:       pulumi.String("string"),
			Signature:          pulumi.String("string"),
			SignatureAlgorithm: pulumi.String("string"),
			SubjectAltNames: pulumi.StringArray{
				pulumi.String("string"),
			},
			Subjects: avi.PkiprofileCaCertSubjectArray{
				&avi.PkiprofileCaCertSubjectArgs{
					CommonName:        pulumi.String("string"),
					Country:           pulumi.String("string"),
					DistinguishedName: pulumi.String("string"),
					EmailAddress:      pulumi.String("string"),
					Locality:          pulumi.String("string"),
					Organization:      pulumi.String("string"),
					OrganizationUnit:  pulumi.String("string"),
					State:             pulumi.String("string"),
				},
			},
			Text:    pulumi.String("string"),
			Version: pulumi.String("string"),
		},
	},
	ConfigpbAttributes: avi.PkiprofileConfigpbAttributeArray{
		&avi.PkiprofileConfigpbAttributeArgs{
			Version: pulumi.String("string"),
		},
	},
	CreatedBy: pulumi.String("string"),
	CrlCheck:  pulumi.String("string"),
	CrlFileRefs: pulumi.StringArray{
		pulumi.String("string"),
	},
	IgnorePeerChain: pulumi.String("string"),
	IsFederated:     pulumi.String("string"),
	Markers: avi.PkiprofileMarkerArray{
		&avi.PkiprofileMarkerArgs{
			Key: pulumi.String("string"),
			Values: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	Name:                pulumi.String("string"),
	PkiprofileId:        pulumi.String("string"),
	TenantRef:           pulumi.String("string"),
	Uuid:                pulumi.String("string"),
	ValidateOnlyLeafCrl: pulumi.String("string"),
})

var pkiprofileResource = new Pkiprofile("pkiprofileResource", PkiprofileArgs.builder()
    .allowPkiErrors("string")
    .caCerts(PkiprofileCaCertArgs.builder()
        .certificate("string")
        .certificateSigningRequest("string")
        .chainVerified("string")
        .daysUntilExpire("string")
        .expiryStatus("string")
        .fingerprint("string")
        .issuers(PkiprofileCaCertIssuerArgs.builder()
            .commonName("string")
            .country("string")
            .distinguishedName("string")
            .emailAddress("string")
            .locality("string")
            .organization("string")
            .organizationUnit("string")
            .state("string")
            .build())
        .keyParams(PkiprofileCaCertKeyParamArgs.builder()
            .algorithm("string")
            .ecParams(PkiprofileCaCertKeyParamEcParamArgs.builder()
                .curve("string")
                .build())
            .rsaParams(PkiprofileCaCertKeyParamRsaParamArgs.builder()
                .exponent("string")
                .keySize("string")
                .build())
            .build())
        .notAfter("string")
        .notBefore("string")
        .publicKey("string")
        .selfSigned("string")
        .serialNumber("string")
        .signature("string")
        .signatureAlgorithm("string")
        .subjectAltNames("string")
        .subjects(PkiprofileCaCertSubjectArgs.builder()
            .commonName("string")
            .country("string")
            .distinguishedName("string")
            .emailAddress("string")
            .locality("string")
            .organization("string")
            .organizationUnit("string")
            .state("string")
            .build())
        .text("string")
        .version("string")
        .build())
    .configpbAttributes(PkiprofileConfigpbAttributeArgs.builder()
        .version("string")
        .build())
    .createdBy("string")
    .crlCheck("string")
    .crlFileRefs("string")
    .ignorePeerChain("string")
    .isFederated("string")
    .markers(PkiprofileMarkerArgs.builder()
        .key("string")
        .values("string")
        .build())
    .name("string")
    .pkiprofileId("string")
    .tenantRef("string")
    .uuid("string")
    .validateOnlyLeafCrl("string")
    .build());

pkiprofile_resource = avi.Pkiprofile("pkiprofileResource",
    allow_pki_errors=["string"],
    ca_certs=[{
        "certificate": "string",
        "certificate_signing_request": "string",
        "chain_verified": "string",
        "days_until_expire": "string",
        "expiry_status": "string",
        "fingerprint": "string",
        "issuers": [{
            "common_name": "string",
            "country": "string",
            "distinguished_name": "string",
            "email_address": "string",
            "locality": "string",
            "organization": "string",
            "organization_unit": "string",
            "state": "string",
        }],
        "key_params": [{
            "algorithm": "string",
            "ec_params": [{
                "curve": "string",
            }],
            "rsa_params": [{
                "exponent": "string",
                "key_size": "string",
            }],
        }],
        "not_after": "string",
        "not_before": "string",
        "public_key": "string",
        "self_signed": "string",
        "serial_number": "string",
        "signature": "string",
        "signature_algorithm": "string",
        "subject_alt_names": ["string"],
        "subjects": [{
            "common_name": "string",
            "country": "string",
            "distinguished_name": "string",
            "email_address": "string",
            "locality": "string",
            "organization": "string",
            "organization_unit": "string",
            "state": "string",
        }],
        "text": "string",
        "version": "string",
    }],
    configpb_attributes=[{
        "version": "string",
    }],
    created_by="string",
    crl_check="string",
    crl_file_refs=["string"],
    ignore_peer_chain="string",
    is_federated="string",
    markers=[{
        "key": "string",
        "values": ["string"],
    }],
    name="string",
    pkiprofile_id="string",
    tenant_ref="string",
    uuid="string",
    validate_only_leaf_crl="string")

const pkiprofileResource = new avi.Pkiprofile("pkiprofileResource", {
    allowPkiErrors: ["string"],
    caCerts: [{
        certificate: "string",
        certificateSigningRequest: "string",
        chainVerified: "string",
        daysUntilExpire: "string",
        expiryStatus: "string",
        fingerprint: "string",
        issuers: [{
            commonName: "string",
            country: "string",
            distinguishedName: "string",
            emailAddress: "string",
            locality: "string",
            organization: "string",
            organizationUnit: "string",
            state: "string",
        }],
        keyParams: [{
            algorithm: "string",
            ecParams: [{
                curve: "string",
            }],
            rsaParams: [{
                exponent: "string",
                keySize: "string",
            }],
        }],
        notAfter: "string",
        notBefore: "string",
        publicKey: "string",
        selfSigned: "string",
        serialNumber: "string",
        signature: "string",
        signatureAlgorithm: "string",
        subjectAltNames: ["string"],
        subjects: [{
            commonName: "string",
            country: "string",
            distinguishedName: "string",
            emailAddress: "string",
            locality: "string",
            organization: "string",
            organizationUnit: "string",
            state: "string",
        }],
        text: "string",
        version: "string",
    }],
    configpbAttributes: [{
        version: "string",
    }],
    createdBy: "string",
    crlCheck: "string",
    crlFileRefs: ["string"],
    ignorePeerChain: "string",
    isFederated: "string",
    markers: [{
        key: "string",
        values: ["string"],
    }],
    name: "string",
    pkiprofileId: "string",
    tenantRef: "string",
    uuid: "string",
    validateOnlyLeafCrl: "string",
});

type: avi:Pkiprofile
properties:
    allowPkiErrors:
        - string
    caCerts:
        - certificate: string
          certificateSigningRequest: string
          chainVerified: string
          daysUntilExpire: string
          expiryStatus: string
          fingerprint: string
          issuers:
            - commonName: string
              country: string
              distinguishedName: string
              emailAddress: string
              locality: string
              organization: string
              organizationUnit: string
              state: string
          keyParams:
            - algorithm: string
              ecParams:
                - curve: string
              rsaParams:
                - exponent: string
                  keySize: string
          notAfter: string
          notBefore: string
          publicKey: string
          selfSigned: string
          serialNumber: string
          signature: string
          signatureAlgorithm: string
          subjectAltNames:
            - string
          subjects:
            - commonName: string
              country: string
              distinguishedName: string
              emailAddress: string
              locality: string
              organization: string
              organizationUnit: string
              state: string
          text: string
          version: string
    configpbAttributes:
        - version: string
    createdBy: string
    crlCheck: string
    crlFileRefs:
        - string
    ignorePeerChain: string
    isFederated: string
    markers:
        - key: string
          values:
            - string
    name: string
    pkiprofileId: string
    tenantRef: string
    uuid: string
    validateOnlyLeafCrl: string

Pkiprofile Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Pkiprofile resource accepts the following input properties:

AllowPkiErrors List<string>: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
CaCerts List<PkiprofileCaCert>: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
ConfigpbAttributes List<PkiprofileConfigpbAttribute>: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CreatedBy string: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CrlCheck string: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CrlFileRefs List<string>: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
IgnorePeerChain string: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
IsFederated string: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Markers List<PkiprofileMarker>: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Name string: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
PkiprofileId string
TenantRef string: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Uuid string: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
ValidateOnlyLeafCrl string: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

AllowPkiErrors []string: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
CaCerts []PkiprofileCaCertArgs: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
ConfigpbAttributes []PkiprofileConfigpbAttributeArgs: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CreatedBy string: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CrlCheck string: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CrlFileRefs []string: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
IgnorePeerChain string: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
IsFederated string: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Markers []PkiprofileMarkerArgs: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Name string: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
PkiprofileId string
TenantRef string: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Uuid string: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
ValidateOnlyLeafCrl string: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

allowPkiErrors List<String>: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
caCerts List<PkiprofileCaCert>: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
configpbAttributes List<PkiprofileConfigpbAttribute>: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
createdBy String: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlCheck String: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlFileRefs List<String>: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
ignorePeerChain String: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
isFederated String: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
markers List<PkiprofileMarker>: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
name String: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
pkiprofileId String
tenantRef String: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
uuid String: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
validateOnlyLeafCrl String: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

allowPkiErrors string[]: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
caCerts PkiprofileCaCert[]: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
configpbAttributes PkiprofileConfigpbAttribute[]: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
createdBy string: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlCheck string: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlFileRefs string[]: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
ignorePeerChain string: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
isFederated string: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
markers PkiprofileMarker[]: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
name string: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
pkiprofileId string
tenantRef string: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
uuid string: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
validateOnlyLeafCrl string: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

allow_pki_errors Sequence[str]: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
ca_certs Sequence[PkiprofileCaCertArgs]: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
configpb_attributes Sequence[PkiprofileConfigpbAttributeArgs]: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
created_by str: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crl_check str: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crl_file_refs Sequence[str]: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
ignore_peer_chain str: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
is_federated str: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
markers Sequence[PkiprofileMarkerArgs]: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
name str: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
pkiprofile_id str
tenant_ref str: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
uuid str: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
validate_only_leaf_crl str: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

allowPkiErrors List<String>: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
caCerts List<Property Map>: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
configpbAttributes List<Property Map>: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
createdBy String: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlCheck String: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlFileRefs List<String>: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
ignorePeerChain String: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
isFederated String: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
markers List<Property Map>: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
name String: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
pkiprofileId String
tenantRef String: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
uuid String: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
validateOnlyLeafCrl String: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

Outputs

All input properties are implicitly available as output properties. Additionally, the Pkiprofile resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Pkiprofile Resource

Get an existing Pkiprofile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PkiprofileState, opts?: CustomResourceOptions): Pkiprofile

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_pki_errors: Optional[Sequence[str]] = None,
        ca_certs: Optional[Sequence[PkiprofileCaCertArgs]] = None,
        configpb_attributes: Optional[Sequence[PkiprofileConfigpbAttributeArgs]] = None,
        created_by: Optional[str] = None,
        crl_check: Optional[str] = None,
        crl_file_refs: Optional[Sequence[str]] = None,
        ignore_peer_chain: Optional[str] = None,
        is_federated: Optional[str] = None,
        markers: Optional[Sequence[PkiprofileMarkerArgs]] = None,
        name: Optional[str] = None,
        pkiprofile_id: Optional[str] = None,
        tenant_ref: Optional[str] = None,
        uuid: Optional[str] = None,
        validate_only_leaf_crl: Optional[str] = None) -> Pkiprofile

func GetPkiprofile(ctx *Context, name string, id IDInput, state *PkiprofileState, opts ...ResourceOption) (*Pkiprofile, error)

public static Pkiprofile Get(string name, Input<string> id, PkiprofileState? state, CustomResourceOptions? opts = null)

public static Pkiprofile get(String name, Output<String> id, PkiprofileState state, CustomResourceOptions options)

resources:  _:    type: avi:Pkiprofile    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowPkiErrors List<string>: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
CaCerts List<PkiprofileCaCert>: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
ConfigpbAttributes List<PkiprofileConfigpbAttribute>: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CreatedBy string: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CrlCheck string: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CrlFileRefs List<string>: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
IgnorePeerChain string: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
IsFederated string: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Markers List<PkiprofileMarker>: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Name string: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
PkiprofileId string
TenantRef string: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Uuid string: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
ValidateOnlyLeafCrl string: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

AllowPkiErrors []string: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
CaCerts []PkiprofileCaCertArgs: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
ConfigpbAttributes []PkiprofileConfigpbAttributeArgs: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CreatedBy string: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CrlCheck string: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
CrlFileRefs []string: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
IgnorePeerChain string: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
IsFederated string: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Markers []PkiprofileMarkerArgs: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Name string: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
PkiprofileId string
TenantRef string: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
Uuid string: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
ValidateOnlyLeafCrl string: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

allowPkiErrors List<String>: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
caCerts List<PkiprofileCaCert>: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
configpbAttributes List<PkiprofileConfigpbAttribute>: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
createdBy String: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlCheck String: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlFileRefs List<String>: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
ignorePeerChain String: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
isFederated String: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
markers List<PkiprofileMarker>: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
name String: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
pkiprofileId String
tenantRef String: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
uuid String: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
validateOnlyLeafCrl String: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

allowPkiErrors string[]: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
caCerts PkiprofileCaCert[]: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
configpbAttributes PkiprofileConfigpbAttribute[]: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
createdBy string: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlCheck string: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlFileRefs string[]: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
ignorePeerChain string: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
isFederated string: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
markers PkiprofileMarker[]: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
name string: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
pkiprofileId string
tenantRef string: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
uuid string: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
validateOnlyLeafCrl string: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

allow_pki_errors Sequence[str]: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
ca_certs Sequence[PkiprofileCaCertArgs]: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
configpb_attributes Sequence[PkiprofileConfigpbAttributeArgs]: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
created_by str: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crl_check str: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crl_file_refs Sequence[str]: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
ignore_peer_chain str: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
is_federated str: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
markers Sequence[PkiprofileMarkerArgs]: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
name str: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
pkiprofile_id str
tenant_ref str: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
uuid str: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
validate_only_leaf_crl str: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.

allowPkiErrors List<String>: Exempt errors during certificate verification. Enum options - ALLOW_EXPIRED_CRL, ALLOW_ALL_ERRORS. Field introduced in 30.1.1. Maximum of 1 items allowed. Allowed with any value in enterprise, enterprise with cloud services edition.
caCerts List<Property Map>: List of certificate authorities (root and intermediate) trusted that is used for certificate validation. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
configpbAttributes List<Property Map>: Protobuf versioning for config pbs. Field introduced in 21.1.1. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
createdBy String: Creator name. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlCheck String: When enabled, avi will verify via crl checks that certificates in the trust chain have not been revoked. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
crlFileRefs List<String>: Refers to fileobject containing crl body. It is a reference to an object of type fileobject. Field introduced in 30.2.1. Allowed with any value in enterprise, enterprise with cloud services edition.
ignorePeerChain String: When enabled, avi will not trust intermediate and root certs presented by a client. Instead, only the chain certs configured in the certificate authority section will be used to verify trust of the client's cert. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition. Special default for essentials edition is true, basic edition is true, enterprise edition is false.
isFederated String: This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Field introduced in 17.1.3. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
markers List<Property Map>: List of labels to be used for granular rbac. Field introduced in 20.1.5. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
name String: Name of the pki profile. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
pkiprofileId String
tenantRef String: It is a reference to an object of type tenant. Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
uuid String: Allowed with any value in enterprise, essentials, basic, enterprise with cloud services edition.
validateOnlyLeafCrl String: When enabled, avi will only validate the revocation status of the leaf certificate using crl. To enable validation for the entire chain, disable this option and provide all the relevant crls. Allowed with any value in enterprise, enterprise with cloud services edition. Allowed in essentials (allowed values- true), basic (allowed values- true) edition.