Scribd
Upload
5 views46 pages

R Access CRLDP Server - HTML

Uploaded by

Saurabh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views46 pages

R Access CRLDP Server - HTML

Uploaded by

Saurabh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

! CloudDocs Home (/) > F5 BIG-IQ API (../../index.html) > CRLDP Server

CRLDP Server¶

Overview¶

This document describes the API to configure AAA CRLDP servers and their properties in
BIG-IQ.

REST Endpoint: /mgmt/cm/access/working-config/apm/aaa/crldp¶

Requests¶

GET /mgmt/cm/access/working-config/apm/aaa/crldp/<id>¶

Request Parameters¶

None

Query Parameters¶

None

Response¶

HTTP/1.1 200 OK

Name Type Description

address string Specify IP addresses of the


CRLDP servers to which APM
can connect for AAA services.

usePool string Specify CRLDP servers for APM


to use to authenticate users.
Use Pool to create a high
availability configuration. Use
Direct to specify one CRLDP
server for APM to authenticate
users.

1 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

pool string For the pool name, first create


the pool and pool members.
The LTM pool must be
configured with the CRLDP
server ip’s as its pool members.
Then, associate in this property.

allowNullcrl string If enabled, a null CRL from the


CRLDP server is considered a
successful authentication.

baseDn string Specifies a CRLDP base


distinguished name for
certificates that specify the CRL
distribution point in directory
name (dirName) format. This is
used when the value of the
X509v3 attribute
crlDistributionPoints is of type
dirName. In this case, Access
Policy Manager attempts to
match the value of the
crlDistributionPoints attribute to
the Base DN value. Note: If the
client certificate includes the
distribution point extension in
LDAP URI format, the IP
address, Base DN, and Reverse
DN settings configured on the
agent are ignored; they are
specific to directory-based
CRLDP. All other settings are
applicable to both LDAP URI
and directory-based CRL DPs.

2 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

cacheExpire number Specifies the number of


seconds a CRL is cached. The
default is 86400 seconds and,
when it is used, the entry is
deleted from the CRL cache
after 24 hours.

connectionTimeout number Specifies the number of


seconds of inactivity the
system allows before the
connection times out. The
default is 15 seconds.

port number Specifies a CRLDP service port.


The default is 389.

reverseDn string Specifies in which order the


system should attempt to
match the Base DN value to the
value of the X509v3 attribute
crlDistributionPoints. Possible
values are Enabled and
Disabled. When set to Enabled,
the system matches the base
DN from left to right, or from
the beginning of the DN string,
to accommodate dirName
strings in certificates such as
c=us,st=wa,l=sea,ou=f5,cn=xxx.

3 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

updateInterval number Specifies the validity (in


seconds) of the CRL file. To
force the retrieval of a CRL file
before the current CRL
becomes obsolete, set this
value to less than the CRL
expiration time. If the value is
zero (default), the CRLDP
action uses the expiration time
specified by the CA’s CRL
publishing parameters (the Next
update parameter).

useIssuer string If enabled, the system extracts


the CRL distribution point from
the certificate of the client
certificate issuer.

verifySig string Specifies, when checked


(enabled), that the signature on
the received CRL is verified. By
default, the check box is
enabled.

name string The name of the object

partition string The BIG-IP partition where the


object should be placed

subPath string The BIG-IP folder where the


object should be placed

lsoDeviceReference reference Reference to the device

id string Id of the device.

name string Device name. Typically it is


device’s hostname.

4 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

kind string Kind of the device.

machineId string Machine ID of the device.

link string URI link of the reference.

isLsoShared boolean Specifies if the location-specific


object instance is shared across
all devices. Use this only during
POST. Warning: Do not flip this
flag during PUT/PATCH
operations.

deviceGroupReference reference Reference to the device group.

name string Name of the resource

kind string The kind of the resource.

link string URI link of the reference.

id string An ID of an application

lastUpdateMicros number The last updated time in


microseconds.

kind string The kind of an application.

selfLink string The selfLink of an application.—


+

Error Response¶

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the
response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions¶

Role Allow

5 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Role Allow

Application_Editor Yes

Service_Catalog_Viewer Yes

Service_Catalog_Editor Yes

Trust_Discovery_Import Yes

Access_View Yes

Access_Edit Yes

Access_Manager Yes

Application_Manager Yes

Application_Viewer Yes

Trust_Discovery_Import Yes

Access_Deploy Yes

Access_Policy_Editor Yes

POST /mgmt/cm/access/working-config/apm/aaa/crldp¶

Request Parameters¶

Name Type Required Description

address string False Specify IP addresses of the


CRLDP servers to which APM
can connect for AAA services.

usePool string True Specify CRLDP servers for APM


to use to authenticate users.
Use Pool to create a high
availability configuration. Use
Direct to specify one CRLDP
server for APM to authenticate
users.

6 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

pool string False For the pool name, first create


the pool and pool members.
The LTM pool must be
configured with the CRLDP
server ip’s as its pool members.
Then, associate in this property.

allowNullcrl string False If enabled, a null CRL from the


CRLDP server is considered a
successful authentication.

baseDn string True Specifies a CRLDP base


distinguished name for
certificates that specify the CRL
distribution point in directory
name (dirName) format. This is
used when the value of the
X509v3 attribute
crlDistributionPoints is of type
dirName. In this case, Access
Policy Manager attempts to
match the value of the
crlDistributionPoints attribute to
the Base DN value. Note: If the
client certificate includes the
distribution point extension in
LDAP URI format, the IP
address, Base DN, and Reverse
DN settings configured on the
agent are ignored; they are
specific to directory-based
CRLDP. All other settings are
applicable to both LDAP URI
and directory-based CRL DPs.

7 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

cacheExpire number True Specifies the number of


seconds a CRL is cached. The
default is 86400 seconds and,
when it is used, the entry is
deleted from the CRL cache
after 24 hours.

connectionTimeout number True Specifies the number of


seconds of inactivity the
system allows before the
connection times out. The
default is 15 seconds.

port number False Specifies a CRLDP service port.


The default is 389.

reverseDn string False Specifies in which order the


system should attempt to
match the Base DN value to the
value of the X509v3 attribute
crlDistributionPoints. Possible
values are Enabled and
Disabled. When set to Enabled,
the system matches the base
DN from left to right, or from
the beginning of the DN string,
to accommodate dirName
strings in certificates such as
c=us,st=wa,l=sea,ou=f5,cn=xxx.

8 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

updateInterval number True Specifies the validity (in


seconds) of the CRL file. To
force the retrieval of a CRL file
before the current CRL
becomes obsolete, set this
value to less than the CRL
expiration time. If the value is
zero (default), the CRLDP
action uses the expiration time
specified by the CA’s CRL
publishing parameters (the Next
update parameter).

useIssuer string False If enabled, the system extracts


the CRL distribution point from
the certificate of the client
certificate issuer.

verifySig string False Specifies, when checked


(enabled), that the signature on
the received CRL is verified. By
default, the check box is
enabled.

name string True The name of the object

partition string True The BIG-IP partition where the


object should be placed

subPath string False The BIG-IP folder where the


object should be placed

lsoDeviceReference reference False Reference to the device

id string False Id of the device.

link string False URI link of the reference.

9 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

isLsoShared boolean True Specifies if the location-specific


object instance is shared across
all devices. Use this only during
POST. Warning: Do not flip this
flag during PUT/PATCH
operations.

deviceGroupReference reference False Reference to the device group.

link string False URI link of the reference.

Query Parameters¶

None

Response¶

HTTP/1.1 200 OK

Name Type Description

address string Specify IP addresses of the


CRLDP servers to which APM
can connect for AAA services.

usePool string Specify CRLDP servers for APM


to use to authenticate users.
Use Pool to create a high
availability configuration. Use
Direct to specify one CRLDP
server for APM to authenticate
users.

pool string For the pool name, first create


the pool and pool members.
The LTM pool must be
configured with the CRLDP
server ip’s as its pool members.
Then, associate in this property.

10 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

allowNullcrl string If enabled, a null CRL from the


CRLDP server is considered a
successful authentication.

baseDn string Specifies a CRLDP base


distinguished name for
certificates that specify the CRL
distribution point in directory
name (dirName) format. This is
used when the value of the
X509v3 attribute
crlDistributionPoints is of type
dirName. In this case, Access
Policy Manager attempts to
match the value of the
crlDistributionPoints attribute to
the Base DN value. Note: If the
client certificate includes the
distribution point extension in
LDAP URI format, the IP
address, Base DN, and Reverse
DN settings configured on the
agent are ignored; they are
specific to directory-based
CRLDP. All other settings are
applicable to both LDAP URI
and directory-based CRL DPs.

cacheExpire number Specifies the number of


seconds a CRL is cached. The
default is 86400 seconds and,
when it is used, the entry is
deleted from the CRL cache
after 24 hours.

11 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

connectionTimeout number Specifies the number of


seconds of inactivity the
system allows before the
connection times out. The
default is 15 seconds.

port number Specifies a CRLDP service port.


The default is 389.

reverseDn string Specifies in which order the


system should attempt to
match the Base DN value to the
value of the X509v3 attribute
crlDistributionPoints. Possible
values are Enabled and
Disabled. When set to Enabled,
the system matches the base
DN from left to right, or from
the beginning of the DN string,
to accommodate dirName
strings in certificates such as
c=us,st=wa,l=sea,ou=f5,cn=xxx.

updateInterval number Specifies the validity (in


seconds) of the CRL file. To
force the retrieval of a CRL file
before the current CRL
becomes obsolete, set this
value to less than the CRL
expiration time. If the value is
zero (default), the CRLDP
action uses the expiration time
specified by the CA’s CRL
publishing parameters (the Next
update parameter).

12 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

useIssuer string If enabled, the system extracts


the CRL distribution point from
the certificate of the client
certificate issuer.

verifySig string Specifies, when checked


(enabled), that the signature on
the received CRL is verified. By
default, the check box is
enabled.

name string The name of the object

partition string The BIG-IP partition where the


object should be placed

subPath string The BIG-IP folder where the


object should be placed

lsoDeviceReference reference Reference to the device

id string Id of the device.

name string Device name. Typically it is


device’s hostname.

kind string Kind of the device.

machineId string Machine ID of the device.

link string URI link of the reference.

isLsoShared boolean Specifies if the location-specific


object instance is shared across
all devices. Use this only during
POST. Warning: Do not flip this
flag during PUT/PATCH
operations.

deviceGroupReference reference Reference to the device group.

name string Name of the resource

13 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

kind string The kind of the resource.

link string URI link of the reference.

id string An ID of an application

lastUpdateMicros number The last updated time in


microseconds.

kind string The kind of an application.

selfLink string The selfLink of an application.

Error Response¶

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the
response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions¶

Role Allow

Application_Editor No

Service_Catalog_Viewer No

Service_Catalog_Editor No

Trust_Discovery_Import Yes

Access_View No

Access_Edit Yes

Access_Manager Yes

Application_Manager No

Application_Viewer No

Trust_Discovery_Import No

Access_Deploy No

14 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Role Allow

Access_Policy_Editor No

PUT /mgmt/cm/access/working-config/apm/aaa/crldp/<id>¶

Request Parameters¶

Name Type Required Description

address string False Specify IP addresses of the


CRLDP servers to which APM
can connect for AAA services.

usePool string True Specify CRLDP servers for APM


to use to authenticate users.
Use Pool to create a high
availability configuration. Use
Direct to specify one CRLDP
server for APM to authenticate
users.

pool string False For the pool name, first create


the pool and pool members.
The LTM pool must be
configured with the CRLDP
server ip’s as its pool members.
Then, associate in this property.

allowNullcrl string False If enabled, a null CRL from the


CRLDP server is considered a
successful authentication.

15 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

baseDn string False Specifies a CRLDP base


distinguished name for
certificates that specify the CRL
distribution point in directory
name (dirName) format. This is
used when the value of the
X509v3 attribute
crlDistributionPoints is of type
dirName. In this case, Access
Policy Manager attempts to
match the value of the
crlDistributionPoints attribute to
the Base DN value. Note: If the
client certificate includes the
distribution point extension in
LDAP URI format, the IP
address, Base DN, and Reverse
DN settings configured on the
agent are ignored; they are
specific to directory-based
CRLDP. All other settings are
applicable to both LDAP URI
and directory-based CRL DPs.

cacheExpire number False Specifies the number of


seconds a CRL is cached. The
default is 86400 seconds and,
when it is used, the entry is
deleted from the CRL cache
after 24 hours.

16 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

connectionTimeout number False Specifies the number of


seconds of inactivity the
system allows before the
connection times out. The
default is 15 seconds.

port number False Specifies a CRLDP service port.


The default is 389.

reverseDn string False Specifies in which order the


system should attempt to
match the Base DN value to the
value of the X509v3 attribute
crlDistributionPoints. Possible
values are Enabled and
Disabled. When set to Enabled,
the system matches the base
DN from left to right, or from
the beginning of the DN string,
to accommodate dirName
strings in certificates such as
c=us,st=wa,l=sea,ou=f5,cn=xxx.

updateInterval number False Specifies the validity (in


seconds) of the CRL file. To
force the retrieval of a CRL file
before the current CRL
becomes obsolete, set this
value to less than the CRL
expiration time. If the value is
zero (default), the CRLDP
action uses the expiration time
specified by the CA’s CRL
publishing parameters (the Next
update parameter).

17 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

useIssuer string False If enabled, the system extracts


the CRL distribution point from
the certificate of the client
certificate issuer.

verifySig string False Specifies, when checked


(enabled), that the signature on
the received CRL is verified. By
default, the check box is
enabled.

name string False The name of the object

partition string False The BIG-IP partition where the


object should be placed

subPath string False The BIG-IP folder where the


object should be placed

lsoDeviceReference reference False Reference to the device

id string False Id of the device.

name string False Device name. Typically it is


device’s hostname.

kind string False Kind of the device.

machineId string False Machine ID of the device.

link string False URI link of the reference.

isLsoShared boolean False Specifies if the location-specific


object instance is shared across
all devices. Use this only during
POST. Warning: Do not flip this
flag during PUT/PATCH
operations.

deviceGroupReference reference False Reference to the device group.

name string False Name of the resource

18 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

kind string False The kind of the resource.

link string False URI link of the reference.

id string False An ID of an application

lastUpdateMicros number False The last updated time in


microseconds.

kind string False The kind of an application.

selfLink string False The selfLink of an application.

Query Parameters¶

None

Response¶

HTTP/1.1 200 OK

Name Type Description

address string Specify IP addresses of the


CRLDP servers to which APM
can connect for AAA services.

usePool string Specify CRLDP servers for APM


to use to authenticate users.
Use Pool to create a high
availability configuration. Use
Direct to specify one CRLDP
server for APM to authenticate
users.

pool string For the pool name, first create


the pool and pool members.
The LTM pool must be
configured with the CRLDP
server ip’s as its pool members.
Then, associate in this property.

19 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

allowNullcrl string If enabled, a null CRL from the


CRLDP server is considered a
successful authentication.

baseDn string Specifies a CRLDP base


distinguished name for
certificates that specify the CRL
distribution point in directory
name (dirName) format. This is
used when the value of the
X509v3 attribute
crlDistributionPoints is of type
dirName. In this case, Access
Policy Manager attempts to
match the value of the
crlDistributionPoints attribute to
the Base DN value. Note: If the
client certificate includes the
distribution point extension in
LDAP URI format, the IP
address, Base DN, and Reverse
DN settings configured on the
agent are ignored; they are
specific to directory-based
CRLDP. All other settings are
applicable to both LDAP URI
and directory-based CRL DPs.

cacheExpire number Specifies the number of


seconds a CRL is cached. The
default is 86400 seconds and,
when it is used, the entry is
deleted from the CRL cache
after 24 hours.

20 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

connectionTimeout number Specifies the number of


seconds of inactivity the
system allows before the
connection times out. The
default is 15 seconds.

port number Specifies a CRLDP service port.


The default is 389.

reverseDn string Specifies in which order the


system should attempt to
match the Base DN value to the
value of the X509v3 attribute
crlDistributionPoints. Possible
values are Enabled and
Disabled. When set to Enabled,
the system matches the base
DN from left to right, or from
the beginning of the DN string,
to accommodate dirName
strings in certificates such as
c=us,st=wa,l=sea,ou=f5,cn=xxx.

updateInterval number Specifies the validity (in


seconds) of the CRL file. To
force the retrieval of a CRL file
before the current CRL
becomes obsolete, set this
value to less than the CRL
expiration time. If the value is
zero (default), the CRLDP
action uses the expiration time
specified by the CA’s CRL
publishing parameters (the Next
update parameter).

21 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

useIssuer string If enabled, the system extracts


the CRL distribution point from
the certificate of the client
certificate issuer.

verifySig string Specifies, when checked


(enabled), that the signature on
the received CRL is verified. By
default, the check box is
enabled.

name string The name of the object

partition string The BIG-IP partition where the


object should be placed

subPath string The BIG-IP folder where the


object should be placed

lsoDeviceReference reference Reference to the device

id string Id of the device.

name string Device name. Typically it is


device’s hostname.

kind string Kind of the device.

machineId string Machine ID of the device.

link string URI link of the reference.

isLsoShared boolean Specifies if the location-specific


object instance is shared across
all devices. Use this only during
POST. Warning: Do not flip this
flag during PUT/PATCH
operations.

deviceGroupReference reference Reference to the device group.

name string Name of the resource

22 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

kind string The kind of the resource.

link string URI link of the reference.

id string An ID of an application

lastUpdateMicros number The last updated time in


microseconds.

kind string The kind of an application.

selfLink string The selfLink of an application.

Error Response¶

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the
response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions¶

Role Allow

Application_Editor No

Service_Catalog_Viewer No

Service_Catalog_Editor No

Trust_Discovery_Import Yes

Access_View No

Access_Edit Yes

Access_Manager Yes

Application_Manager No

Application_Viewer No

Trust_Discovery_Import No

Access_Deploy No

23 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Role Allow

Access_Policy_Editor No

PATCH /mgmt/cm/access/working-config/apm/aaa/crldp/<id>¶

Request Parameters¶

Name Type Required Description

address string False Specify IP addresses of the


CRLDP servers to which APM
can connect for AAA services.

usePool string True For the pool name, first create


the pool and pool members.
The LTM pool must be
configured with the CRLDP
server ip’s as its pool members.
Then, associate in this property.

allowNullcrl string False If enabled, a null CRL from the


CRLDP server is considered a
successful authentication.

24 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

baseDn string False Specifies a CRLDP base


distinguished name for
certificates that specify the CRL
distribution point in directory
name (dirName) format. This is
used when the value of the
X509v3 attribute
crlDistributionPoints is of type
dirName. In this case, Access
Policy Manager attempts to
match the value of the
crlDistributionPoints attribute to
the Base DN value. Note: If the
client certificate includes the
distribution point extension in
LDAP URI format, the IP
address, Base DN, and Reverse
DN settings configured on the
agent are ignored; they are
specific to directory-based
CRLDP. All other settings are
applicable to both LDAP URI
and directory-based CRL DPs.

cacheExpire number False Specifies the number of


seconds a CRL is cached. The
default is 86400 seconds and,
when it is used, the entry is
deleted from the CRL cache
after 24 hours.

25 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

connectionTimeout number False Specifies the number of


seconds of inactivity the
system allows before the
connection times out. The
default is 15 seconds.

port number False Specifies a CRLDP service port.


The default is 389.

reverseDn string False Specifies in which order the


system should attempt to
match the Base DN value to the
value of the X509v3 attribute
crlDistributionPoints. Possible
values are Enabled and
Disabled. When set to Enabled,
the system matches the base
DN from left to right, or from
the beginning of the DN string,
to accommodate dirName
strings in certificates such as
c=us,st=wa,l=sea,ou=f5,cn=xxx.

updateInterval number False Specifies the validity (in


seconds) of the CRL file. To
force the retrieval of a CRL file
before the current CRL
becomes obsolete, set this
value to less than the CRL
expiration time. If the value is
zero (default), the CRLDP
action uses the expiration time
specified by the CA’s CRL
publishing parameters (the Next
update parameter).

26 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Required Description

useIssuer string False If enabled, the system extracts


the CRL distribution point from
the certificate of the client
certificate issuer.

verifySig string False Specifies, when checked


(enabled), that the signature on
the received CRL is verified. By
default, the check box is
enabled.

isLsoShared boolean False Specifies if the location-specific


object instance is shared across
all devices. Use this only during
POST. Warning: Do not flip this
flag during PUT/PATCH
operations.

Query Parameters¶

None

Response¶

HTTP/1.1 200 OK

Name Type Description

address string Specify IP addresses of the


CRLDP servers to which APM
can connect for AAA services.

usePool string Specify CRLDP servers for APM


to use to authenticate users.
Use Pool to create a high
availability configuration. Use
Direct to specify one CRLDP
server for APM to authenticate
users.

27 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

pool string For the pool name, first create


the pool and pool members.
The LTM pool must be
configured with the CRLDP
server ip’s as its pool members.
Then, associate in this property.

allowNullcrl string If enabled, a null CRL from the


CRLDP server is considered a
successful authentication.

baseDn string Specifies a CRLDP base


distinguished name for
certificates that specify the CRL
distribution point in directory
name (dirName) format. This is
used when the value of the
X509v3 attribute
crlDistributionPoints is of type
dirName. In this case, Access
Policy Manager attempts to
match the value of the
crlDistributionPoints attribute to
the Base DN value. Note: If the
client certificate includes the
distribution point extension in
LDAP URI format, the IP
address, Base DN, and Reverse
DN settings configured on the
agent are ignored; they are
specific to directory-based
CRLDP. All other settings are
applicable to both LDAP URI
and directory-based CRL DPs.

28 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

cacheExpire number Specifies the number of


seconds a CRL is cached. The
default is 86400 seconds and,
when it is used, the entry is
deleted from the CRL cache
after 24 hours.

connectionTimeout number Specifies the number of


seconds of inactivity the
system allows before the
connection times out. The
default is 15 seconds.

port number Specifies a CRLDP service port.


The default is 389.

reverseDn string Specifies in which order the


system should attempt to
match the Base DN value to the
value of the X509v3 attribute
crlDistributionPoints. Possible
values are Enabled and
Disabled. When set to Enabled,
the system matches the base
DN from left to right, or from
the beginning of the DN string,
to accommodate dirName
strings in certificates such as
c=us,st=wa,l=sea,ou=f5,cn=xxx.

29 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

updateInterval number Specifies the validity (in


seconds) of the CRL file. To
force the retrieval of a CRL file
before the current CRL
becomes obsolete, set this
value to less than the CRL
expiration time. If the value is
zero (default), the CRLDP
action uses the expiration time
specified by the CA’s CRL
publishing parameters (the Next
update parameter).

useIssuer string If enabled, the system extracts


the CRL distribution point from
the certificate of the client
certificate issuer.

verifySig string Specifies, when checked


(enabled), that the signature on
the received CRL is verified. By
default, the check box is
enabled.

name string The name of the object

partition string The BIG-IP partition where the


object should be placed

subPath string The BIG-IP folder where the


object should be placed

lsoDeviceReference reference Reference to the device

id string Id of the device.

name string Device name. Typically it is


device’s hostname.

30 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

kind string Kind of the device.

machineId string Machine ID of the device.

link string URI link of the reference.

isLsoShared boolean Specifies if the location-specific


object instance is shared across
all devices. Use this only during
POST. Warning: Do not flip this
flag during PUT/PATCH
operations.

deviceGroupReference reference Reference to the device group.

name string Name of the resource

kind string The kind of the resource.

link string URI link of the reference.

id string An ID of an application

lastUpdateMicros number The last updated time in


microseconds.

kind string The kind of an application.

selfLink string The selfLink of an application.

Error Response¶

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the
response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions¶

Role Allow

Application_Editor No

31 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Role Allow

Service_Catalog_Viewer No

Service_Catalog_Editor No

Trust_Discovery_Import Yes

Access_View No

Access_Edit Yes

Access_Manager Yes

Application_Manager No

Application_Viewer No

Trust_Discovery_Import No

Access_Deploy No

Access_Policy_Editor No

DELETE /mgmt/cm/access/working-config/apm/aaa/crldp/<id>¶

Request Parameters¶

None

Query Parameters¶

None

Response¶

HTTP/1.1 200 OK

Name Type Description

address string Specify IP addresses of the


CRLDP servers to which APM
can connect for AAA services.

32 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

usePool string Specify CRLDP servers for APM


to use to authenticate users.
Use Pool to create a high
availability configuration. Use
Direct to specify one CRLDP
server for APM to authenticate
users.

pool string For the pool name, first create


the pool and pool members.
The LTM pool must be
configured with the CRLDP
server ip’s as its pool members.
Then, associate in this property.

allowNullcrl string If enabled, a null CRL from the


CRLDP server is considered a
successful authentication.

33 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

baseDn string Specifies a CRLDP base


distinguished name for
certificates that specify the CRL
distribution point in directory
name (dirName) format. This is
used when the value of the
X509v3 attribute
crlDistributionPoints is of type
dirName. In this case, Access
Policy Manager attempts to
match the value of the
crlDistributionPoints attribute to
the Base DN value. Note: If the
client certificate includes the
distribution point extension in
LDAP URI format, the IP
address, Base DN, and Reverse
DN settings configured on the
agent are ignored; they are
specific to directory-based
CRLDP. All other settings are
applicable to both LDAP URI
and directory-based CRL DPs.

cacheExpire number Specifies the number of


seconds a CRL is cached. The
default is 86400 seconds and,
when it is used, the entry is
deleted from the CRL cache
after 24 hours.

34 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

connectionTimeout number Specifies the number of


seconds of inactivity the
system allows before the
connection times out. The
default is 15 seconds.

port number Specifies a CRLDP service port.


The default is 389.

reverseDn string Specifies in which order the


system should attempt to
match the Base DN value to the
value of the X509v3 attribute
crlDistributionPoints. Possible
values are Enabled and
Disabled. When set to Enabled,
the system matches the base
DN from left to right, or from
the beginning of the DN string,
to accommodate dirName
strings in certificates such as
c=us,st=wa,l=sea,ou=f5,cn=xxx.

updateInterval number Specifies the validity (in


seconds) of the CRL file. To
force the retrieval of a CRL file
before the current CRL
becomes obsolete, set this
value to less than the CRL
expiration time. If the value is
zero (default), the CRLDP
action uses the expiration time
specified by the CA’s CRL
publishing parameters (the Next
update parameter).

35 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

useIssuer string If enabled, the system extracts


the CRL distribution point from
the certificate of the client
certificate issuer.

verifySig string Specifies, when checked


(enabled), that the signature on
the received CRL is verified. By
default, the check box is
enabled.

name string The name of the object

partition string The BIG-IP partition where the


object should be placed

subPath string The BIG-IP folder where the


object should be placed

lsoDeviceReference reference Reference to the device

id string Id of the device.

name string Device name. Typically it is


device’s hostname.

kind string Kind of the device.

machineId string Machine ID of the device.

link string URI link of the reference.

isLsoShared boolean Specifies if the location-specific


object instance is shared across
all devices. Use this only during
POST. Warning: Do not flip this
flag during PUT/PATCH
operations.

deviceGroupReference reference Reference to the device group.

name string Name of the resource

36 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Name Type Description

kind string The kind of the resource.

link string URI link of the reference.

id string An ID of an application

lastUpdateMicros number The last updated time in


microseconds.

kind string The kind of an application.

selfLink string The selfLink of an application.

Error Response¶

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the
response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials(no Permission).

Permissions¶

Role Allow

Application_Editor No

Service_Catalog_Viewer No

Service_Catalog_Editor No

Trust_Discovery_Import Yes

Access_View No

Access_Edit Yes

Access_Manager Yes

Application_Manager No

Application_Viewer No

Trust_Discovery_Import No

Access_Deploy No

37 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

Role Allow

Access_Policy_Editor No

Examples¶

Get AAA CRLDP Server¶

GET /mgmt/cm/access/working-config/apm/aaa/crldp/<id>

Response¶

38 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

HTTP/1.1 200 OK
{
"address": "1.1.1.18",
"usePool": "enabled",
"pool": "true",
"allowNullcrl": "false",
"baseDn": "CN=lxxx,DC=f5,DC=com",
"cacheExpire": 86400,
"connectionTimeout": 15,
"port": 389,
"reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
"updateInterval": 0,
"useIssuer": "false",
"verifySig": "true",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate"
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystat
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectory
}

Create New AAA CRLDP Server¶

39 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

POST /mgmt/cm/access/working-config/apm/aaa/crldp
{
"address": "1.1.1.18",
"usePool": "enabled",
"pool": "true",
"allowNullcrl": "false",
"baseDn": "CN=lxxx,DC=f5,DC=com",
"cacheExpire": 86400,
"connectionTimeout": 15,
"port": 389,
"reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
"updateInterval": 0,
"useIssuer": "false",
"verifySig": "true",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"isLsoShared": false,
"deviceGroupReference": {
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
}

Response¶

40 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

HTTP/1.1 200 OK
{
"address": "1.1.1.18",
"usePool": "enabled",
"pool": "true",
"allowNullcrl": "false",
"baseDn": "CN=lxxx,DC=f5,DC=com",
"cacheExpire": 86400,
"connectionTimeout": 15,
"port": 389,
"reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
"updateInterval": 0,
"useIssuer": "false",
"verifySig": "true",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate"
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystat
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectory
}

Edit AAA CRLDP Server¶

41 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

PUT /mgmt/cm/access/working-config/apm/aaa/crldp/<id>
{
"address": "1.1.1.18",
"usePool": "enabled",
"pool": "true",
"allowNullcrl": "false",
"baseDn": "CN=lxxx,DC=f5,DC=com",
"cacheExpire": 86400,
"connectionTimeout": 15,
"port": 389,
"reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
"updateInterval": 0,
"useIssuer": "false",
"verifySig": "true",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate"
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystat
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectory
}

Response¶

42 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

HTTP/1.1 200 OK
{
"address": "1.1.1.18",
"usePool": "enabled",
"pool": "true",
"allowNullcrl": "false",
"baseDn": "CN=lxxx,DC=f5,DC=com",
"cacheExpire": 86400,
"connectionTimeout": 15,
"port": 389,
"reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
"updateInterval": 0,
"useIssuer": "false",
"verifySig": "true",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate"
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystat
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectory
}

Edit AAA CRLDP Server¶

43 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

PATCH /mgmt/cm/access/working-config/apm/aaa/crldp/<id>
{
"address": "1.1.1.18",
"usePool": "enabled",
"pool": "true",
"allowNullcrl": "false",
"baseDn": "CN=lxxx,DC=f5,DC=com",
"cacheExpire": 86400,
"connectionTimeout": 15,
"port": 389,
"reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
"updateInterval": 0,
"useIssuer": "false",
"verifySig": "true",
"isLsoShared": false,
}

Response¶

44 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

HTTP/1.1 200 OK
{
"address": "1.1.1.18",
"usePool": "enabled",
"pool": "true",
"allowNullcrl": "false",
"baseDn": "CN=lxxx,DC=f5,DC=com",
"cacheExpire": 86400,
"connectionTimeout": 15,
"port": 389,
"reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
"updateInterval": 0,
"useIssuer": "false",
"verifySig": "true",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate"
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystat
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectory
}

Delete AAA CRLDP Server¶

DELETE /mgmt/cm/access/working-config/apm/aaa/crldp/<id>

Response¶

45 of 46 8/17/25, 1:32 PM
Firefox https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReference...

HTTP/1.1 200 OK
{
"address": "1.1.1.18",
"usePool": "enabled",
"pool": "true",
"allowNullcrl": "false",
"baseDn": "CN=lxxx,DC=f5,DC=com",
"cacheExpire": 86400,
"connectionTimeout": 15,
"port": 389,
"reverseDn": "c=us,st=wa,l=sea,ou=f5,cn=xxx.",
"updateInterval": 0,
"useIssuer": "false",
"verifySig": "true",
"name": "foo",
"partition": "Common",
"subPath": "/folder",
"lsoDeviceReference": {
"id": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"name": "bigip.foo.com",
"kind": "shared:resolver:device-groups:restdeviceresolverdevicestate"
"machineId": "866cfd8a-4d03-48e9-ba94-bb21a4bc2346",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"isLsoShared": false,
"deviceGroupReference": {
"name": "resourceName",
"kind": "shared:resolver:device-groups:devicegroupstate",
"link": "https://localhost/mgmt/shared/foo/bar/866cfd8a-4d03-48e9-ba94-bb2
},
"id": "8f1fcb69-1f3c-3c0d-812e-af4fdde0ac11",
"generation": 1,
"lastUpdateMicros": 1518743088884807,
"kind": "cm:access:working-config:apm:aaa:active-directory:activedirectorystat
"selfLink": "cm:access:working-config:apm:aaa:active-directory:activedirectory
}

46 of 46 8/17/25, 1:32 PM

You might also like