NSX-T Data Center REST API

InfraSecurityConfig (schema)

NSX global configs for security purposes, like trust store and trust manager.

Name Description Type Notes
_create_time Timestamp of resource creation EpochMsTimestamp Readonly
Sortable
_create_user ID of the user who created this resource string Readonly
_last_modified_time Timestamp of last modification EpochMsTimestamp Readonly
Sortable
_last_modified_user ID of the user who last modified this resource string Readonly
_links References related to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.
array of ResourceLink Readonly
_protection Indicates protection status of this resource

Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
string Readonly
_revision Generation of this resource config

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.
int
_schema Schema for this resource string Readonly
_self Link to this resource SelfResourceLink Readonly
_system_owned Indicates system owned resource boolean Readonly
automatic_appliance_certificate_renewal_enabled Renew appliance certificates automatically

When this flag is set to true, NSX will periodically check if any of the appliance certificates used for NSX internal communications are about to expire. If any are due to expire, new certificates will be created and installed automatically. If not provided, this defaults to true.
boolean
automatic_appliance_certificate_renewal_lead_time Lead time for automatic renewal of appliance certificates

The number of days before certificate expiration that NSX will automatically renew expiring appliance certificates. By default, this is 31 days.
int Minimum: 31
ca_signed_only A flag to indicate whether the server certs are only allowed to be ca-signed.

When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates.
Since this check has now moved to the compliance-report, enabling this check is no longer required if the NDcPP Security alarms have been enabled.
boolean
crl_checking_enabled A flag to indicate whether the Java trust-managers check certificate revocation

When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not. Setting this property to false results in lower security. It is not advisable to import certificate without CRL info while CRL checking is deactivated, and then re-enable CRL checking.
boolean
description Description of this resource string Maximum length: 1024
Sortable
display_name Identifier to use when displaying entity in logs or GUI

Defaults to ID if not set
string Maximum length: 255
Sortable
eku_checking_enabled A flag to indicate whether the Extended Key Usage extension in the certificate is checked.

When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk.
Since this check has now moved to the compliance-report, enabling/disabling this flag no longer has any effect when applying certificates.
boolean
id Unique identifier of this resource string Sortable
resource_type Must be set to the value InfraSecurityConfig string
tags Opaque identifiers meaningful to the API user array of Tag Maximum items: 30