NSX-T Data Center Global Manager REST API
InfraSecurityConfig (type)
{
  "extends": {
    "$ref": "ManagedResource
  }, 
  "id": "InfraSecurityConfig", 
  "module_id": "Policy", 
  "properties": {
    "_create_time": {
      "$ref": "EpochMsTimestamp, 
      "can_sort": true, 
      "description": "Timestamp of resource creation", 
      "readonly": true
    }, 
    "_create_user": {
      "description": "ID of the user who created this resource", 
      "readonly": true, 
      "type": "string"
    }, 
    "_last_modified_time": {
      "$ref": "EpochMsTimestamp, 
      "can_sort": true, 
      "description": "Timestamp of last modification", 
      "readonly": true
    }, 
    "_last_modified_user": {
      "description": "ID of the user who last modified this resource", 
      "readonly": true, 
      "type": "string"
    }, 
    "_links": {
      "description": "The server will populate this field when returing the resource. Ignored on PUT and POST.", 
      "items": {
        "$ref": "ResourceLink
      }, 
      "readonly": true, 
      "title": "References related to this resource", 
      "type": "array"
    }, 
    "_protection": {
      "description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed             to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed                 to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super                    user and can modify it, but only when providing                    the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this           entity.", 
      "readonly": true, 
      "title": "Indicates protection status of this resource", 
      "type": "string"
    }, 
    "_revision": {
      "computed": true, 
      "description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.", 
      "title": "Generation of this resource config", 
      "type": "int"
    }, 
    "_schema": {
      "readonly": true, 
      "title": "Schema for this resource", 
      "type": "string"
    }, 
    "_self": {
      "$ref": "SelfResourceLink, 
      "readonly": true, 
      "title": "Link to this resource"
    }, 
    "_system_owned": {
      "description": "Indicates system owned resource", 
      "readonly": true, 
      "type": "boolean"
    }, 
    "automatic_appliance_certificate_renewal_enabled": {
      "description": "When this flag is set to true, NSX will periodically check if any of the appliance certificates used for NSX internal communications are about to expire. If any are due to expire, new certificates will be created and installed automatically. If not provided, this defaults to true.", 
      "nsx_feature": "CertificateAutoReplace", 
      "readonly": false, 
      "title": "Renew appliance certificates automatically", 
      "type": "boolean"
    }, 
    "automatic_appliance_certificate_renewal_lead_time": {
      "description": "The number of days before certificate expiration that NSX will automatically renew expiring appliance certificates. By default, this is 31 days.", 
      "minimum": 31, 
      "nsx_feature": "CertificateAutoReplace", 
      "readonly": false, 
      "title": "Lead time for automatic renewal of appliance certificates", 
      "type": "int"
    }, 
    "ca_signed_only": {
      "description": "When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates. Since this check has now moved to the compliance-report, enabling this check is no longer required if the NDcPP Security alarms have been enabled.", 
      "readonly": false, 
      "title": "A flag to indicate whether the server certs are only allowed to be ca-signed.", 
      "type": "boolean"
    }, 
    "crl_checking_enabled": {
      "description": "When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not.  Setting this property to false results in lower security.  It is not advisable to import certificate without CRL info while CRL checking is deactivated, and then re-enable CRL checking.", 
      "readonly": false, 
      "title": "A flag to indicate whether the Java trust-managers check certificate revocation", 
      "type": "boolean"
    }, 
    "description": {
      "can_sort": true, 
      "maxLength": 1024, 
      "title": "Description of this resource", 
      "type": "string"
    }, 
    "display_name": {
      "can_sort": true, 
      "computed": true, 
      "description": "Defaults to ID if not set", 
      "maxLength": 255, 
      "title": "Identifier to use when displaying entity in logs or GUI", 
      "type": "string"
    }, 
    "eku_checking_enabled": {
      "description": "When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk. Since this check has now moved to the compliance-report, enabling/disabling this flag no longer has any effect when applying certificates.", 
      "readonly": false, 
      "title": "A flag to indicate whether the Extended Key Usage extension in the certificate is checked.", 
      "type": "boolean"
    }, 
    "id": {
      "can_sort": true, 
      "title": "Unique identifier of this resource", 
      "type": "string"
    }, 
    "resource_type": {
      "description": "The type of this resource.", 
      "readonly": false, 
      "type": "string"
    }, 
    "tags": {
      "items": {
        "$ref": "Tag
      }, 
      "maxItems": 30, 
      "title": "Opaque identifiers meaningful to the API user", 
      "type": "array"
    }
  }, 
  "title": "NSX global configs for security purposes, like trust store and trust manager.", 
  "type": "object"
}
                    
                    
                