Forum Discussion
mfreeman451_606
Nimbostratus
NimbostratusMore questions on KeyCertificate
1.) What is certificate_bind for? It says it will "bind" a certificate and a key, in what context, what does this actually mean?
2.) certificate_check_validity - in long[] watermark_days, what is that for? I tried to search for this but couldn't find anything.
3.) certificate_add_file_to_bundle - If I am trying to generate/add/replace new keys/certs/csrs, is it necessary when I'm done to use this method and add my stuff to this "bundle"? What is the importance of this bundle?
1 Reply
- Hi,
Sorry for the latent reply. I came across your post while working on a bit of iControl.
1) certificate_bind is the method that attaches a certificate to a key. If you were to do this in the GUI, you would import a cert, then import a key, thus 'binding' them.
2) The watermark_days parameter in certificate_check_validity method is used to trigger the "VTYPE_CERTIFICATE_WILL_EXPIRE" ValidityType. For instance, I have a certificate that will expire in 42 days. If I set the watermark_days parameter to 30, the returned value will be "VTYPE_CERTIFICATE_VALID". If I change that value to 60 days, meaning "tell me if this certificate will expire in the next 60 days," I get a "VTYPE_CERTIFICATE_WILL_EXPIRE" response. Hope this makes sense.
3) Certificate bundles are used for managing multiple certificates in one chunk rather than managing each of them individually. The 'ca-bundle' bundle is a good example and ships with LTM. That contains the most common trusted signers. Updating the whole bundle periodically proves much less management intensive than updating the 135 individual certificates contained within that bundle.
Hope this helps,
George
