Resource: ServerTlsPolicy
ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource.
ServerTlsPolicy in the form accepted by Application Load Balancers can be attached only to TargetHttpsProxy with an EXTERNAL
, EXTERNAL_MANAGED
or INTERNAL_MANAGED
load balancing scheme. Traffic Director compatible ServerTlsPolicies can be attached to EndpointPolicy and TargetHttpsProxy with Traffic Director INTERNAL_SELF_MANAGED
load balancing scheme.
JSON representation |
---|
{
"name": string,
"description": string,
"createTime": string,
"updateTime": string,
"labels": {
string: string,
...
},
"mtlsPolicy": {
object ( |
Fields | |
---|---|
name |
Required. Name of the ServerTlsPolicy resource. It matches the pattern |
description |
Free-text description of the resource. |
createTime |
Output only. The timestamp when the resource was created. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
updateTime |
Output only. The timestamp when the resource was updated. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
labels |
Set of label tags associated with the resource. An object containing a list of |
mtlsPolicy |
This field is required if the policy is used with Application Load Balancers. This field can be empty for Traffic Director. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If |
MTLSPolicy
Specification of the MTLSPolicy.
JSON representation |
---|
{
"clientValidationMode": enum ( |
Fields | |
---|---|
clientValidationMode |
When the client presents an invalid certificate or no certificate to the load balancer, the Required if the policy is to be used with the Application Load Balancers. For Traffic Director it must be empty. |
clientValidationTrustConfig |
Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with Application Load Balancers. |
ClientValidationMode
Mutual TLS certificate validation mode.
Enums | |
---|---|
CLIENT_VALIDATION_MODE_UNSPECIFIED |
Not allowed. |
ALLOW_INVALID_OR_MISSING_CLIENT_CERT |
Allow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing. |
REJECT_INVALID |
Require a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in |
Methods |
|
---|---|
|
Creates a new ServerTlsPolicy in a given project and location. |
|
Deletes a single ServerTlsPolicy. |
|
Gets details of a single ServerTlsPolicy. |
|
Lists ServerTlsPolicies in a given project and location. |
|
Updates the parameters of a single ServerTlsPolicy. |