ssl

package
v0.0.0-...-011d10c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2024 License: Apache-2.0 Imports: 0 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Sslaction 

type Sslaction struct {
	/**
	* Name for the SSL action. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the action is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my action" or 'my action').
	*/
	Name string `json:"name,omitempty"`
	/**
	* Perform client certificate authentication.
	 */
	Clientauth string `json:"clientauth,omitempty"`
	/**
	* Client certificate verification is mandatory or optional.
	 */
	Clientcertverification string `json:"clientcertverification,omitempty"`
	/**
	* The name of the ssllogprofile.
	 */
	Ssllogprofile string `json:"ssllogprofile,omitempty"`
	/**
	* Insert the entire client certificate into the HTTP header of the request being sent to the web server. The certificate is inserted in ASCII (PEM) format.
	 */
	Clientcert string `json:"clientcert,omitempty"`
	/**
	* Name of the header into which to insert the client certificate.
	 */
	Certheader string `json:"certheader,omitempty"`
	/**
	* Insert the entire client serial number into the HTTP header of the request being sent to the web server.
	 */
	Clientcertserialnumber string `json:"clientcertserialnumber,omitempty"`
	/**
	* Name of the header into which to insert the client serial number.
	 */
	Certserialheader string `json:"certserialheader,omitempty"`
	/**
	* Insert the client certificate subject, also known as the distinguished name (DN), into the HTTP header of the request being sent to the web server.
	 */
	Clientcertsubject string `json:"clientcertsubject,omitempty"`
	/**
	* Name of the header into which to insert the client certificate subject.
	 */
	Certsubjectheader string `json:"certsubjectheader,omitempty"`
	/**
	* Insert the certificate's signature into the HTTP header of the request being sent to the web server. The signature is the value extracted directly from the X.509 certificate signature field. All X.509 certificates contain a signature field.
	 */
	Clientcerthash string `json:"clientcerthash,omitempty"`
	/**
	* Name of the header into which to insert the client certificate signature (hash).
	 */
	Certhashheader string `json:"certhashheader,omitempty"`
	/**
	* Insert the certificate's fingerprint into the HTTP header of the request being sent to the web server. The fingerprint is derived by computing the specified hash value (SHA256, for example) of the DER-encoding of the client certificate.
	 */
	Clientcertfingerprint string `json:"clientcertfingerprint,omitempty"`
	/**
	* Name of the header into which to insert the client certificate fingerprint.
	 */
	Certfingerprintheader string `json:"certfingerprintheader,omitempty"`
	/**
	* Digest algorithm used to compute the fingerprint of the client certificate.
	 */
	Certfingerprintdigest string `json:"certfingerprintdigest,omitempty"`
	/**
	* Insert the certificate issuer details into the HTTP header of the request being sent to the web server.
	 */
	Clientcertissuer string `json:"clientcertissuer,omitempty"`
	/**
	* Name of the header into which to insert the client certificate issuer details.
	 */
	Certissuerheader string `json:"certissuerheader,omitempty"`
	/**
	* Insert the SSL session ID into the HTTP header of the request being sent to the web server. Every SSL connection that the client and the Citrix ADC share has a unique ID that identifies the specific connection.
	 */
	Sessionid string `json:"sessionid,omitempty"`
	/**
	* Name of the header into which to insert the Session ID.
	 */
	Sessionidheader string `json:"sessionidheader,omitempty"`
	/**
	* Insert the cipher suite that the client and the Citrix ADC negotiated for the SSL session into the HTTP header of the request being sent to the web server. The appliance inserts the cipher-suite name, SSL protocol, export or non-export string, and cipher strength bit, depending on the type of browser connecting to the SSL virtual server or service (for example, Cipher-Suite: RC4- MD5 SSLv3 Non-Export 128-bit).
	 */
	Cipher string `json:"cipher,omitempty"`
	/**
	* Name of the header into which to insert the name of the cipher suite.
	 */
	Cipherheader string `json:"cipherheader,omitempty"`
	/**
	* Insert the date from which the certificate is valid into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time from which it is valid.
	 */
	Clientcertnotbefore string `json:"clientcertnotbefore,omitempty"`
	/**
	* Name of the header into which to insert the date and time from which the certificate is valid.
	 */
	Certnotbeforeheader string `json:"certnotbeforeheader,omitempty"`
	/**
	* Insert the date of expiry of the certificate into the HTTP header of the request being sent to the web server. Every certificate is configured with the date and time at which the certificate expires.
	 */
	Clientcertnotafter string `json:"clientcertnotafter,omitempty"`
	/**
	* Name of the header into which to insert the certificate's expiry date.
	 */
	Certnotafterheader string `json:"certnotafterheader,omitempty"`
	/**
	* If the appliance is in front of an Outlook Web Access (OWA) server, insert a special header field, FRONT-END-HTTPS: ON, into the HTTP requests going to the OWA server. This header communicates to the server that the transaction is HTTPS and not HTTP.
	 */
	Owasupport string `json:"owasupport,omitempty"`
	/**
	* This action takes an argument a vserver name, to this vserver one will be able to forward all the packets.
	 */
	Forward string `json:"forward,omitempty"`
	/**
	* This action will allow to pick CA(s) from the specific CA group, to verify the client certificate.
	 */
	Cacertgrpname string `json:"cacertgrpname,omitempty"`

	Hits           string `json:"hits,omitempty"`
	Undefhits      string `json:"undefhits,omitempty"`
	Referencecount string `json:"referencecount,omitempty"`
	Description    string `json:"description,omitempty"`
	Builtin        string `json:"builtin,omitempty"`
	Feature        string `json:"feature,omitempty"`
}

* * Configuration for SSL action resource.

type Sslcacertgroup 

type Sslcacertgroup struct {
	/**
	* Name given to the CA certificate group. The name will be used to add the CA certificates to the group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my file" or 'my file').
	 */
	Cacertgroupname string `json:"cacertgroupname,omitempty"`

	Cacertgroupreferences string `json:"cacertgroupreferences,omitempty"`
	Ocspcheck             string `json:"ocspcheck,omitempty"`
	Crlcheck              string `json:"crlcheck,omitempty"`
}

* * Configuration for Group of CA certificate-key pairs resource.

type Sslcacertgroupbinding 

type Sslcacertgroupbinding struct {
	/**
	* Name of the CA certificate group for which to show detailed information.<br/>Minimum value =
	 */
	Cacertgroupname string `json:"cacertgroupname,omitempty"`
}

* * Binding object which returns the resources bound to sslcacertgroup_binding.

type Sslcacertgroupcertkeybinding 

type Sslcacertgroupcertkeybinding struct {
	/**
	* Name for the certkey added to the Citrix ADC. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the certificate-key pair is created.The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my cert" or 'my cert').
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
	/**
	* The state of the CRL check parameter. (Mandatory/Optional)
	 */
	Crlcheck string `json:"crlcheck,omitempty"`
	/**
	* The state of the OCSP check parameter. (Mandatory/Optional)
	 */
	Ocspcheck string `json:"ocspcheck,omitempty"`
	/**
	* Name given to the CA certificate group. The name will be used to add the CA certificates to the group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my file" or 'my file').
	 */
	Cacertgroupname string `json:"cacertgroupname,omitempty"`
}

* * Binding class showing the certkey that can be bound to sslcacertgroup.

type Sslcacertgroupsslcertkeybinding 

type Sslcacertgroupsslcertkeybinding struct {
	/**
	* Name for the certkey added to the Citrix ADC. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the certificate-key pair is created.The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my cert" or 'my cert').
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
	/**
	* The state of the CRL check parameter. (Mandatory/Optional)
	 */
	Crlcheck string `json:"crlcheck,omitempty"`
	/**
	* The state of the OCSP check parameter. (Mandatory/Optional)
	 */
	Ocspcheck string `json:"ocspcheck,omitempty"`
	/**
	* Name given to the CA certificate group. The name will be used to add the CA certificates to the group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my file" or 'my file').
	 */
	Cacertgroupname string `json:"cacertgroupname,omitempty"`
}

* * Binding class showing the sslcertkey that can be bound to sslcacertgroup.

type Sslcert 

type Sslcert struct {
	/**
	* Name for and, optionally, path to the generated certificate file. /nsconfig/ssl/ is the default path.
	 */
	Certfile string `json:"certfile,omitempty"`
	/**
	* Name for and, optionally, path to the certificate-signing request (CSR). /nsconfig/ssl/ is the default path.
	 */
	Reqfile string `json:"reqfile,omitempty"`
	/**
	* Type of certificate to generate. Specify one of the following:
		* ROOT_CERT - Self-signed Root-CA certificate. You must specify the key file name. The generated Root-CA certificate can be used for signing end-user client or server certificates or to create Intermediate-CA certificates.
		* INTM_CERT - Intermediate-CA certificate.
		* CLNT_CERT - End-user client certificate used for client authentication.
		* SRVR_CERT - SSL server certificate used on SSL servers for end-to-end encryption.
	*/
	Certtype string `json:"certtype,omitempty"`
	/**
	* Name for and, optionally, path to the private key. You can either use an existing RSA or DSA key that you own or create a new private key on the Citrix ADC. This file is required only when creating a self-signed Root-CA certificate. The key file is stored in the /nsconfig/ssl directory by default.
		If the input key specified is an encrypted key, you are prompted to enter the PEM pass phrase that was used for encrypting the key.
	*/
	Keyfile string `json:"keyfile,omitempty"`
	/**
	* Format in which the key is stored on the appliance.
	 */
	Keyform       string `json:"keyform,omitempty"`
	Pempassphrase string `json:"pempassphrase,omitempty"`
	/**
	* Number of days for which the certificate will be valid, beginning with the time and day (system time) of creation.
	 */
	Days int `json:"days,omitempty"`
	/**
	* Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called "Subject Alternative Names" (SAN). Names include:
		1. Email addresses
		2. IP addresses
		3. URIs
		4. DNS names (This is usually also provided as the Common Name RDN within the Subject field of the main certificate.)
		5. directory names (alternative Distinguished Names to that given in the Subject)
	*/
	Subjectaltname string `json:"subjectaltname,omitempty"`
	/**
	* Format in which the certificate is stored on the appliance.
	 */
	Certform string `json:"certform,omitempty"`
	/**
	* Name of the CA certificate file that issues and signs the Intermediate-CA certificate or the end-user client and server certificates.
	 */
	Cacert string `json:"cacert,omitempty"`
	/**
	* Format of the CA certificate.
	 */
	Cacertform string `json:"cacertform,omitempty"`
	/**
	* Private key, associated with the CA certificate that is used to sign the Intermediate-CA certificate or the end-user client and server certificate. If the CA key file is password protected, the user is prompted to enter the pass phrase that was used to encrypt the key.
	 */
	Cakey string `json:"cakey,omitempty"`
	/**
	* Format for the CA certificate.
	 */
	Cakeyform string `json:"cakeyform,omitempty"`
	/**
	* Serial number file maintained for the CA certificate. This file contains the serial number of the next certificate to be issued or signed by the CA. If the specified file does not exist, a new file is created, with /nsconfig/ssl/ as the default path. If you do not specify a proper path for the existing serial file, a new serial file is created. This might change the certificate serial numbers assigned by the CA certificate to each of the certificates it signs.
	 */
	Caserial string `json:"caserial,omitempty"`
}

* * Configuration for cerificate resource.

type Sslcertbundle 

type Sslcertbundle struct {
	/**
	* Name to assign to the imported certificate bundle. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my file" or 'my file').
	 */
	Name string `json:"name,omitempty"`
	/**
	* URL specifying the protocol, host, and path, including file name, to the certificate bundle to be imported or exported. For example, http://www.example.com/cert_bundle_file.
		NOTE: The import fails if the object to be imported is on an HTTPS server that requires client certificate authentication for access.
	*/
	Src string `json:"src,omitempty"`

	Inuse string `json:"inuse,omitempty"`
}

* * Configuration for Imported Certbundle resource.

type Sslcertchain 

type Sslcertchain struct {
	/**
	* Name of the Certificate
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
}

* * Configuration for CERT Chain resource.

type Sslcertchainbinding 

type Sslcertchainbinding struct {
	/**
	* Name of the Certificate.<br/>Minimum value =
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
}

* * Binding object which returns the resources bound to sslcertchain_binding.

type Sslcertchaincertkeybinding 

type Sslcertchaincertkeybinding struct {
	/**
	* Name of the Linked Certificate
	 */
	Linkcertkeyname string `json:"linkcertkeyname,omitempty"`
	/**
	* Used to find if certificate is linked
	 */
	Islinked bool `json:"islinked,omitempty"`
	/**
	* Used to find if certificate is a CA
	 */
	Isca bool `json:"isca,omitempty"`
	/**
	* Used to find if certificate is linked
	 */
	Addsubject bool `json:"addsubject,omitempty"`
	/**
	* Name of the Certificate
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
}

* * Binding class showing the certkey that can be bound to sslcertchain.

type Sslcertchainsslcertkeybinding 

type Sslcertchainsslcertkeybinding struct {
	/**
	* Name of the Linked Certificate
	 */
	Linkcertkeyname string `json:"linkcertkeyname,omitempty"`
	/**
	* Used to find if certificate is linked
	 */
	Islinked bool `json:"islinked,omitempty"`
	/**
	* Used to find if certificate is a CA
	 */
	Isca bool `json:"isca,omitempty"`
	/**
	* Used to find if certificate is linked
	 */
	Addsubject bool `json:"addsubject,omitempty"`
	/**
	* Name of the Certificate
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
}

* * Binding class showing the sslcertkey that can be bound to sslcertchain.

type Sslcertfile 

type Sslcertfile struct {
	/**
	* Name to assign to the imported certificate file. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my file" or 'my file').
	 */
	Name string `json:"name,omitempty"`
	/**
	* URL specifying the protocol, host, and path, including file name, to the certificate file to be imported. For example, http://www.example.com/cert_file.
		NOTE: The import fails if the object to be imported is on an HTTPS server that requires client certificate authentication for access.
	*/
	Src string `json:"src,omitempty"`
}

* * Configuration for Imported Certfile resource.

type Sslcertificatechain 

type Sslcertificatechain struct {
	/**
	* Name of the certificate-key pair.
	 */
	Certkeyname string `json:"certkeyname,omitempty"`

	Chainlinked        string `json:"chainlinked,omitempty"`
	Chainpossiblelinks string `json:"chainpossiblelinks,omitempty"`
	Chainissuer        string `json:"chainissuer,omitempty"`
	Chaincomplete      string `json:"chaincomplete,omitempty"`
}

* * Configuration for linked certificate resource.

type Sslcertkey 

type Sslcertkey struct {
	/**
	* Name for the certificate and private-key pair. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the certificate-key pair is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my cert" or 'my cert').
	*/
	Certkey string `json:"certkey,omitempty"`
	/**
	* Name of and, optionally, path to the X509 certificate file that is used to form the certificate-key pair. The certificate file should be present on the appliance's hard-disk drive or solid-state drive. Storing a certificate in any location other than the default might cause inconsistency in a high availability setup. /nsconfig/ssl/ is the default path.
	 */
	Cert string `json:"cert,omitempty"`
	/**
	* Name of and, optionally, path to the private-key file that is used to form the certificate-key pair. The certificate file should be present on the appliance's hard-disk drive or solid-state drive. Storing a certificate in any location other than the default might cause inconsistency in a high availability setup. /nsconfig/ssl/ is the default path.
	 */
	Key string `json:"key,omitempty"`
	/**
	* Passphrase that was used to encrypt the private-key. Use this option to load encrypted private-keys in PEM format.
	 */
	Password bool `json:"password,omitempty"`
	/**
	* Name of the FIPS key that was created inside the Hardware Security Module (HSM) of a FIPS appliance, or a key that was imported into the HSM.
	 */
	Fipskey string `json:"fipskey,omitempty"`
	/**
	* Name of the HSM key that was created in the External Hardware Security Module (HSM) of a FIPS appliance.
	 */
	Hsmkey string `json:"hsmkey,omitempty"`
	/**
	* Input format of the certificate and the private-key files. The three formats supported by the appliance are:
		PEM - Privacy Enhanced Mail
		DER - Distinguished Encoding Rule
		PFX - Personal Information Exchange
	*/
	Inform string `json:"inform,omitempty"`
	/**
	* Pass phrase used to encrypt the private-key. Required when adding an encrypted private-key in PEM format.
	 */
	Passplain string `json:"passplain,omitempty"`
	/**
	* Issue an alert when the certificate is about to expire.
	 */
	Expirymonitor string `json:"expirymonitor,omitempty"`
	/**
	* Time, in number of days, before certificate expiration, at which to generate an alert that the certificate is about to expire.
	 */
	Notificationperiod int `json:"notificationperiod,omitempty"`
	/**
	* Parse the certificate chain as a single file after linking the server certificate to its issuer's certificate within the file.
	 */
	Bundle string `json:"bundle,omitempty"`
	/**
	* Delete cert/key file from file system.
	 */
	Deletefromdevice bool `json:"deletefromdevice,omitempty"`
	/**
	* Name of the Certificate Authority certificate-key pair to which to link a certificate-key pair.
	 */
	Linkcertkeyname string `json:"linkcertkeyname,omitempty"`
	/**
	* Override the check for matching domain names during a certificate update operation.
	 */
	Nodomaincheck bool `json:"nodomaincheck,omitempty"`
	/**
	* Clear cached ocspStapling response in certkey.
	 */
	Ocspstaplingcache bool `json:"ocspstaplingcache,omitempty"`

	Signaturealg        string `json:"signaturealg,omitempty"`
	Certificatetype     string `json:"certificatetype,omitempty"`
	Serial              string `json:"serial,omitempty"`
	Issuer              string `json:"issuer,omitempty"`
	Clientcertnotbefore string `json:"clientcertnotbefore,omitempty"`
	Clientcertnotafter  string `json:"clientcertnotafter,omitempty"`
	Daystoexpiration    string `json:"daystoexpiration,omitempty"`
	Subject             string `json:"subject,omitempty"`
	Publickey           string `json:"publickey,omitempty"`
	Publickeysize       string `json:"publickeysize,omitempty"`
	Version             string `json:"version,omitempty"`
	Priority            string `json:"priority,omitempty"`
	Status              string `json:"status,omitempty"`
	Passcrypt           string `json:"passcrypt,omitempty"`
	Data                string `json:"data,omitempty"`
	Servicename         string `json:"servicename,omitempty"`
	Sandns              string `json:"sandns,omitempty"`
	Sanipadd            string `json:"sanipadd,omitempty"`
	Ocspresponsestatus  string `json:"ocspresponsestatus,omitempty"`
	Builtin             string `json:"builtin,omitempty"`
	Feature             string `json:"feature,omitempty"`
}

* * Configuration for certificate key resource.

type Sslcertkeybinding 

type Sslcertkeybinding struct {
	/**
	* Name of the certificate-key pair for which to show detailed information.<br/>Minimum value =
	 */
	Certkey string `json:"certkey,omitempty"`
}

* * Binding object which returns the resources bound to sslcertkey_binding.

type Sslcertkeycrldistributionbinding 

type Sslcertkeycrldistributionbinding struct {
	/**
	* Issuer name.
	 */
	Issuer string `json:"issuer,omitempty"`
	/**
	* Name of the certificate-key pair.
	 */
	Certkey string `json:"certkey,omitempty"`
	/**
	* The certificate-key pair being unbound is a Certificate Authority (CA) certificate. If you choose this option, the certificate-key pair is unbound from the list of CA certificates that were bound to the specified SSL virtual server or SSL service.
	 */
	Ca bool `json:"ca,omitempty"`
}

* * Binding class showing the crldistribution that can be bound to sslcertkey.

type Sslcertkeyocspresponderbinding 

type Sslcertkeyocspresponderbinding struct {
	/**
	* OCSP responders bound to this certkey
	 */
	Ocspresponder string `json:"ocspresponder,omitempty"`
	/**
	* ocsp priority
	 */
	Priority uint32 `json:"priority,omitempty"`
	/**
	* Name of the certificate-key pair.
	 */
	Certkey string `json:"certkey,omitempty"`
	/**
	* The certificate-key pair being unbound is a Certificate Authority (CA) certificate. If you choose this option, the certificate-key pair is unbound from the list of CA certificates that were bound to the specified SSL virtual server or SSL service.
	 */
	Ca bool `json:"ca,omitempty"`
}

* * Binding class showing the ocspresponder that can be bound to sslcertkey.

type Sslcertkeyprofilebinding 

type Sslcertkeyprofilebinding struct {
	/**
	* SSL profile name to which the certificate key pair is bound.
	 */
	Sslprofile string `json:"sslprofile,omitempty"`
	/**
	* Name of the certificate-key pair.
	 */
	Certkey string `json:"certkey,omitempty"`
	/**
	* The certificate-key pair being unbound is a Certificate Authority (CA) certificate. If you choose this option, the certificate-key pair is unbound from the list of CA certificates that were bound to the specified SSL virtual server or SSL service.
	 */
	Ca bool `json:"ca,omitempty"`
}

* * Binding class showing the profile that can be bound to sslcertkey.

type Sslcertkeyservicebinding 

type Sslcertkeyservicebinding struct {
	/**
	* Service name to which the certificate key pair is bound.
	 */
	Servicename string `json:"servicename,omitempty"`
	/**
	* Vserver Id
	 */
	Data int `json:"data,omitempty"`
	/**
	* Version.
	 */
	Version int `json:"version,omitempty"`
	/**
	* Name of the certificate-key pair.
	 */
	Certkey string `json:"certkey,omitempty"`
	/**
	* Bind the certificate to the named SSL service or service group.
	 */
	Service bool `json:"service,omitempty"`
	/**
	* The name of the SSL service group to which the certificate-key pair needs to be bound. Use the "add servicegroup" command to create this service.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
	/**
	* The certificate-key pair being unbound is a Certificate Authority (CA) certificate. If you choose this option, the certificate-key pair is unbound from the list of CA certificates that were bound to the specified SSL virtual server or SSL service.
	 */
	Ca bool `json:"ca,omitempty"`
}

* * Binding class showing the service that can be bound to sslcertkey.

type Sslcertkeysslocspresponderbinding 

type Sslcertkeysslocspresponderbinding struct {
	/**
	* OCSP responders bound to this certkey
	 */
	Ocspresponder string `json:"ocspresponder,omitempty"`
	/**
	* ocsp priority
	 */
	Priority int `json:"priority,omitempty"`
	/**
	* Name of the certificate-key pair.
	 */
	Certkey string `json:"certkey,omitempty"`
	/**
	* The certificate-key pair being unbound is a Certificate Authority (CA) certificate. If you choose this option, the certificate-key pair is unbound from the list of CA certificates that were bound to the specified SSL virtual server or SSL service.
	 */
	Ca bool `json:"ca,omitempty"`
}

* * Binding class showing the sslocspresponder that can be bound to sslcertkey.

type Sslcertkeysslprofilebinding 

type Sslcertkeysslprofilebinding struct {
	/**
	* SSL profile name to which the certificate key pair is bound.
	 */
	Sslprofile string `json:"sslprofile,omitempty"`
	/**
	* Name of the certificate-key pair.
	 */
	Certkey string `json:"certkey,omitempty"`
	/**
	* The certificate-key pair being unbound is a Certificate Authority (CA) certificate. If you choose this option, the certificate-key pair is unbound from the list of CA certificates that were bound to the specified SSL virtual server or SSL service.
	 */
	Ca bool `json:"ca,omitempty"`
}

* * Binding class showing the sslprofile that can be bound to sslcertkey.

type Sslcertkeysslvserverbinding 

type Sslcertkeysslvserverbinding struct {
	/**
	* Vserver name to which the certificate key pair is bound.
	 */
	Servername string `json:"servername,omitempty"`
	/**
	* Vserver Id
	 */
	Data int `json:"data,omitempty"`
	/**
	* Version.
	 */
	Version int `json:"version,omitempty"`
	/**
	* Name of the certificate-key pair.
	 */
	Certkey string `json:"certkey,omitempty"`
	/**
	* The name of the SSL virtual server name to which the certificate-key pair needs to be bound.
	 */
	Vservername string `json:"vservername,omitempty"`
	/**
	* Specify this option to bind the certificate to an SSL virtual server.
		Note: The default option is -vServer.
	*/
	Vserver bool `json:"vserver,omitempty"`
	/**
	* The certificate-key pair being unbound is a Certificate Authority (CA) certificate. If you choose this option, the certificate-key pair is unbound from the list of CA certificates that were bound to the specified SSL virtual server or SSL service.
	 */
	Ca bool `json:"ca,omitempty"`
}

* * Binding class showing the sslvserver that can be bound to sslcertkey.

type Sslcertkeyvserverbinding 

type Sslcertkeyvserverbinding struct {
	/**
	* Vserver name to which the certificate key pair is bound.
	 */
	Servername string `json:"servername,omitempty"`
	/**
	* Vserver Id
	 */
	Data uint32 `json:"data,omitempty"`
	/**
	* Version.
	 */
	Version int32 `json:"version,omitempty"`
	/**
	* Name of the certificate-key pair.
	 */
	Certkey string `json:"certkey,omitempty"`
	/**
	* The name of the SSL virtual server name to which the certificate-key pair needs to be bound.
	 */
	Vservername string `json:"vservername,omitempty"`
	/**
	* Specify this option to bind the certificate to an SSL virtual server.
		Note: The default option is -vServer.
	*/
	Vserver bool `json:"vserver,omitempty"`
	/**
	* The certificate-key pair being unbound is a Certificate Authority (CA) certificate. If you choose this option, the certificate-key pair is unbound from the list of CA certificates that were bound to the specified SSL virtual server or SSL service.
	 */
	Ca bool `json:"ca,omitempty"`
}

* * Binding class showing the vserver that can be bound to sslcertkey. 

type Sslcertlink struct {
	Certkeyname     string `json:"certkeyname,omitempty"`
	Linkcertkeyname string `json:"linkcertkeyname,omitempty"`
}

* * Configuration for linked certificate resource.

type Sslcertreq 

type Sslcertreq struct {
	/**
	* Name for and, optionally, path to the certificate signing request (CSR). /nsconfig/ssl/ is the default path.
	 */
	Reqfile string `json:"reqfile,omitempty"`
	/**
	* Name of and, optionally, path to the private key used to create the certificate signing request, which then becomes part of the certificate-key pair. The private key can be either an RSA or a DSA key. The key must be present in the appliance's local storage. /nsconfig/ssl is the default path.
	 */
	Keyfile string `json:"keyfile,omitempty"`
	/**
	* Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. These values are called "Subject Alternative Names" (SAN). Names include:
		1. Email addresses
		2. IP addresses
		3. URIs
		4. DNS names (this is usually also provided as the Common Name RDN within the Subject field of the main certificate.)
		5. Directory names (alternative Distinguished Names to that given in the Subject)
	*/
	Subjectaltname string `json:"subjectaltname,omitempty"`
	/**
	* Name of the FIPS key used to create the certificate signing request. FIPS keys are created inside the Hardware Security Module of the FIPS card.
	 */
	Fipskeyname string `json:"fipskeyname,omitempty"`
	/**
	* Format in which the key is stored on the appliance.
	 */
	Keyform       string `json:"keyform,omitempty"`
	Pempassphrase string `json:"pempassphrase,omitempty"`
	/**
	* Two letter ISO code for your country. For example, US for United States.
	 */
	Countryname string `json:"countryname,omitempty"`
	/**
	* Full name of the state or province where your organization is located.
		Do not abbreviate.
	*/
	Statename string `json:"statename,omitempty"`
	/**
	* Name of the organization that will use this certificate. The organization name (corporation, limited partnership, university, or government agency) must be registered with some authority at the national, state, or city level. Use the legal name under which the organization is registered.
		Do not abbreviate the organization name and do not use the following characters in the name:
		Angle brackets (< >) tilde (~), exclamation mark, at (@), pound (#), zero (0), caret (^), asterisk (*), forward slash (/), square brackets ([ ]), question mark (?).
	*/
	Organizationname string `json:"organizationname,omitempty"`
	/**
	* Name of the division or section in the organization that will use the certificate.
	 */
	Organizationunitname string `json:"organizationunitname,omitempty"`
	/**
	* Name of the city or town in which your organization's head office is located.
	 */
	Localityname string `json:"localityname,omitempty"`
	/**
	* Fully qualified domain name for the company or web site. The common name must match the name used by DNS servers to do a DNS lookup of your server. Most browsers use this information for authenticating the server's certificate during the SSL handshake. If the server name in the URL does not match the common name as given in the server certificate, the browser terminates the SSL handshake or prompts the user with a warning message.
		Do not use wildcard characters, such as asterisk (*) or question mark (?), and do not use an IP address as the common name. The common name must not contain the protocol specifier <http://> or <https://>.
	*/
	Commonname string `json:"commonname,omitempty"`
	/**
	* Contact person's e-mail address. This address is publically displayed as part of the certificate. Provide an e-mail address that is monitored by an administrator who can be contacted about the certificate.
	 */
	Emailaddress string `json:"emailaddress,omitempty"`
	/**
	* Pass phrase, embedded in the certificate signing request that is shared only between the client or server requesting the certificate and the SSL certificate issuer (typically the certificate authority). This pass phrase can be used to authenticate a client or server that is requesting a certificate from the certificate authority.
	 */
	Challengepassword string `json:"challengepassword,omitempty"`
	/**
	* Additional name for the company or web site.
	 */
	Companyname string `json:"companyname,omitempty"`
	/**
	* Digest algorithm used in creating CSR
	 */
	Digestmethod string `json:"digestmethod,omitempty"`
}

* * Configuration for certificate request resource.

type Sslcipher 

type Sslcipher struct {
	/**
	* Name for the user-defined cipher group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the cipher group is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my ciphergroup" or 'my ciphergroup').
	*/
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* The individual cipher name(s), a user-defined cipher group, or a system predefined cipher alias that will be added to the  predefined cipher alias that will be added to the group cipherGroupName.
		If a cipher alias or a cipher group is specified, all the individual ciphers in the cipher alias or group will be added to the user-defined cipher group.
	*/
	Ciphgrpalias string `json:"ciphgrpalias,omitempty"`
	/**
	* Cipher name.
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* This indicates priority assigned to the particular cipher
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
	/**
	* Name of the profile to which cipher is attached.
	 */
	Sslprofile string `json:"sslprofile,omitempty"`
}

* * Configuration for cipher resource.

type Sslcipherbinding 

type Sslcipherbinding struct {
	/**
	* Name of the cipher group for which to show detailed information.<br/>Minimum value =
	 */
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
}

* * Binding object which returns the resources bound to sslcipher_binding.

type Sslcipherciphersuitebinding 

type Sslcipherciphersuitebinding struct {
	/**
	* Cipher name.
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* Name for the user-defined cipher group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the cipher group is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my ciphergroup" or 'my ciphergroup').
	*/
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* Cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* This indicates priority assigned to the particular cipher
	 */
	Cipherpriority uint32 `json:"cipherpriority,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
}

* * Binding class showing the ciphersuite that can be bound to sslcipher.

type Sslcipherindividualcipherbinding 

type Sslcipherindividualcipherbinding struct {
	/**
	* Cipher name.
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* Cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* This indicates priority assigned to the particular cipher
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
	/**
	* Name of the user-defined cipher group.
	 */
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
}

* * Binding class showing the individualcipher that can be bound to sslcipher.

type Sslcipherprofilebinding 

type Sslcipherprofilebinding struct {
	/**
	* Name of the profile to which cipher is attached.
	 */
	Sslprofile string `json:"sslprofile,omitempty"`
	/**
	* Cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the user-defined cipher group.
	 */
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
	/**
	* Priority of the cipher to be added
	 */
	Cipherpriority uint32 `json:"cipherpriority,omitempty"`
}

* * Binding class showing the profile that can be bound to sslcipher.

type Sslcipherservicebinding 

type Sslcipherservicebinding struct {
	/**
	* Name of the user-defined cipher group.
	 */
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* The name of the SSL service name to which the cipher-suite is to be bound.
	 */
	Servicename string `json:"servicename,omitempty"`
	/**
	* Indicates that the cipher operation is to be performed on the named SSL service or service group.
	 */
	Service bool `json:"service,omitempty"`
	/**
	* The name of the SSL service name to which the cipher-suite is to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
	/**
	* Indicates that the cipher operation is to be performed on the named SSL service or service group.
	 */
	Servicegroup bool `json:"servicegroup,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
	/**
	* Priority of the cipher to be added
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
}

* * Binding class showing the service that can be bound to sslcipher.

type Sslcipherservicegroupbinding 

type Sslcipherservicegroupbinding struct {
	/**
	* Name of the user-defined cipher group.
	 */
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* The name of the SSL service name to which the cipher-suite is to be bound.
	 */
	Servicename string `json:"servicename,omitempty"`
	/**
	* Indicates that the cipher operation is to be performed on the named SSL service or service group.
	 */
	Service bool `json:"service,omitempty"`
	/**
	* The name of the SSL service name to which the cipher-suite is to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
	/**
	* Indicates that the cipher operation is to be performed on the named SSL service or service group.
	 */
	Servicegroup bool `json:"servicegroup,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
	/**
	* Priority of the cipher to be added
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
}

* * Binding class showing the servicegroup that can be bound to sslcipher.

type Sslciphersslciphersuitebinding 

type Sslciphersslciphersuitebinding struct {
	/**
	* Cipher name.
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* Name for the user-defined cipher group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the cipher group is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my ciphergroup" or 'my ciphergroup').
	*/
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* Cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* This indicates priority assigned to the particular cipher
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
}

* * Binding class showing the sslciphersuite that can be bound to sslcipher.

type Sslciphersslprofilebinding 

type Sslciphersslprofilebinding struct {
	/**
	* Name of the profile to which cipher is attached.
	 */
	Sslprofile string `json:"sslprofile,omitempty"`
	/**
	* Cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the user-defined cipher group.
	 */
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
	/**
	* Priority of the cipher to be added
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
}

* * Binding class showing the sslprofile that can be bound to sslcipher.

type Sslciphersslvserverbinding 

type Sslciphersslvserverbinding struct {
	/**
	* Name of the user-defined cipher group.
	 */
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* The name of the SSL virtual server to which the cipher-suite is to be bound.
	 */
	Vservername string `json:"vservername,omitempty"`
	/**
	* Select the -vServer flag when the cipher
		operation is performed on an SSL virtual server.
		Note: By default the bind ssl cipher command internally assumes the flag of -vServer argument. Hence, while working with the SSL vserver, you need not specify this flag.
	*/
	Vserver bool `json:"vserver,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
	/**
	* Priority of the cipher to be added
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
}

* * Binding class showing the sslvserver that can be bound to sslcipher.

type Sslciphersuite 

type Sslciphersuite struct {
	/**
	* Name of the cipher suite for which to show detailed information.
	 */
	Ciphername string `json:"ciphername,omitempty"`

	Description string `json:"description,omitempty"`
}

* * Configuration for ciphersuite resource.

type Sslciphervserverbinding 

type Sslciphervserverbinding struct {
	/**
	* Name of the user-defined cipher group.
	 */
	Ciphergroupname string `json:"ciphergroupname,omitempty"`
	/**
	* The name of the SSL virtual server to which the cipher-suite is to be bound.
	 */
	Vservername string `json:"vservername,omitempty"`
	/**
	* Select the -vServer flag when the cipher
		operation is performed on an SSL virtual server.
		Note: By default the bind ssl cipher command internally assumes the flag of -vServer argument. Hence, while working with the SSL vserver, you need not specify this flag.
	*/
	Vserver bool `json:"vserver,omitempty"`
	/**
	* The operation that is performed when adding the cipher-suite.
		Possible cipher operations are:
		ADD - Appends the given cipher-suite to the existing one configured for the virtual server.
		REM - Removes the given cipher-suite from the existing one configured for the virtual server.
		ORD - Overrides the current configured cipher-suite for the virtual server with the given cipher-suite.
	*/
	Cipheroperation string `json:"cipheroperation,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphgrpals string `json:"ciphgrpals,omitempty"`
	/**
	* Priority of the cipher to be added
	 */
	Cipherpriority uint32 `json:"cipherpriority,omitempty"`
}

* * Binding class showing the vserver that can be bound to sslcipher.

type Sslcrl 

type Sslcrl struct {
	/**
	* Name for the Certificate Revocation List (CRL). Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the CRL is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my crl" or 'my crl').
	*/
	Crlname string `json:"crlname,omitempty"`
	/**
	* Path to the CRL file. /var/netscaler/ssl/ is the default path.
	 */
	Crlpath string `json:"crlpath,omitempty"`
	/**
	* Input format of the CRL file. The two formats supported on the appliance are:
		PEM - Privacy Enhanced Mail.
		DER - Distinguished Encoding Rule.
	*/
	Inform string `json:"inform,omitempty"`
	/**
	* Set CRL auto refresh.
	 */
	Refresh string `json:"refresh,omitempty"`
	/**
	* CA certificate that has issued the CRL. Required if CRL Auto Refresh is selected. Install the CA certificate on the appliance before adding the CRL.
	 */
	Cacert string `json:"cacert,omitempty"`
	/**
	* Method for CRL refresh. If LDAP is selected, specify the method, CA certificate, base DN, port, and LDAP server name. If HTTP is selected, specify the CA certificate, method, URL, and port. Cannot be changed after a CRL is added.
	 */
	Method string `json:"method,omitempty"`
	/**
	* IP address of the LDAP server from which to fetch the CRLs.
	 */
	Server string `json:"server,omitempty"`
	/**
	* URL of the CRL distribution point.
	 */
	Url string `json:"url,omitempty"`
	/**
	* Port for the LDAP server.
	 */
	Port int `json:"port,omitempty"`
	/**
	* Base distinguished name (DN), which is used in an LDAP search to search for a CRL. Citrix recommends searching for the Base DN instead of the Issuer Name from the CA certificate, because the Issuer Name field might not exactly match the LDAP directory structure's DN.
	 */
	Basedn string `json:"basedn,omitempty"`
	/**
	* Extent of the search operation on the LDAP server. Available settings function as follows:
		One - One level below Base DN.
		Base - Exactly the same level as Base DN.
	*/
	Scope string `json:"scope,omitempty"`
	/**
	* CRL refresh interval. Use the NONE setting to unset this parameter.
	 */
	Interval string `json:"interval,omitempty"`
	/**
	* Day on which to refresh the CRL, or, if the Interval parameter is not set, the number of days after which to refresh the CRL. If Interval is set to MONTHLY, specify the date. If Interval is set to WEEKLY, specify the day of the week (for example, Sun=0 and Sat=6). This parameter is not applicable if the Interval is set to DAILY.
	 */
	Day int `json:"day,omitempty"`
	/**
	* Time, in hours (1-24) and minutes (1-60), at which to refresh the CRL.
	 */
	Time string `json:"time,omitempty"`
	/**
	* Bind distinguished name (DN) to be used to access the CRL object in the LDAP repository if access to the LDAP repository is restricted or anonymous access is not allowed.
	 */
	Binddn string `json:"binddn,omitempty"`
	/**
	* Password to access the CRL in the LDAP repository if access to the LDAP repository is restricted or anonymous access is not allowed.
	 */
	Password string `json:"password,omitempty"`
	/**
	* Set the LDAP-based CRL retrieval mode to binary.
	 */
	Binary string `json:"binary,omitempty"`
	/**
	* Name of and, optionally, path to the CA certificate file.
		/nsconfig/ssl/ is the default path.
	*/
	Cacertfile string `json:"cacertfile,omitempty"`
	/**
	* Name of and, optionally, path to the CA key file. /nsconfig/ssl/ is the default path
	 */
	Cakeyfile string `json:"cakeyfile,omitempty"`
	/**
	* Name of and, optionally, path to the file containing the serial numbers of all the certificates that are revoked. Revoked certificates are appended to the file. /nsconfig/ssl/ is the default path
	 */
	Indexfile string `json:"indexfile,omitempty"`
	/**
	* Name of and, optionally, path to the certificate to be revoked. /nsconfig/ssl/ is the default path.
	 */
	Revoke string `json:"revoke,omitempty"`
	/**
	* Name of and, optionally, path to the CRL file to be generated. The list of certificates that have been revoked is obtained from the index file. /nsconfig/ssl/ is the default path.
	 */
	Gencrl string `json:"gencrl,omitempty"`

	Flags            string `json:"flags,omitempty"`
	Lastupdatetime   string `json:"lastupdatetime,omitempty"`
	Version          string `json:"version,omitempty"`
	Signaturealgo    string `json:"signaturealgo,omitempty"`
	Issuer           string `json:"issuer,omitempty"`
	Lastupdate       string `json:"lastupdate,omitempty"`
	Nextupdate       string `json:"nextupdate,omitempty"`
	Daystoexpiration string `json:"daystoexpiration,omitempty"`
}

* * Configuration for Certificate Revocation List resource.

type Sslcrlbinding 

type Sslcrlbinding struct {
	/**
	* Name of the CRL for which to show detailed information.<br/>Minimum value =
	 */
	Crlname string `json:"crlname,omitempty"`
}

* * Binding object which returns the resources bound to sslcrl_binding.

type Sslcrlfile 

type Sslcrlfile struct {
	/**
	* Name to assign to the imported CRL file. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my file" or 'my file').
	 */
	Name string `json:"name,omitempty"`
	/**
	* URL specifying the protocol, host, and path, including file name to the CRL file to be imported. For example, http://www.example.com/crl_file.
		NOTE: The import fails if the object to be imported is on an HTTPS server that requires client certificate authentication for access.
	*/
	Src string `json:"src,omitempty"`
}

* * Configuration for Imported crl files resource.

type Sslcrlserialnumberbinding 

type Sslcrlserialnumberbinding struct {
	/**
	* Certificate Serial number.
	 */
	Number string `json:"number,omitempty"`
	/**
	* Certificate Revocation date
	 */
	Date string `json:"date,omitempty"`
	/**
	* Name of the CRL for which to show detailed information.
	 */
	Crlname string `json:"crlname,omitempty"`
}

* * Binding class showing the serialnumber that can be bound to sslcrl.

type Ssldhfile 

type Ssldhfile struct {
	/**
	* Name to assign to the imported DH file.  Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my file" or 'my file').
	 */
	Name string `json:"name,omitempty"`
	/**
	* URL specifying the protocol, host, and path, including file name, to the DH file to be imported. For example, http://www.example.com/dh_file.
		NOTE: The import fails if the file is on an HTTPS server that requires client certificate authentication for access.
	*/
	Src string `json:"src,omitempty"`
}

* * Configuration for dh imported file resource.

type Ssldhparam 

type Ssldhparam struct {
	/**
	* Name of and, optionally, path to the DH key file. /nsconfig/ssl/ is the default path.
	 */
	Dhfile string `json:"dhfile,omitempty"`
	/**
	* Size, in bits, of the DH key being generated.
	 */
	Bits int `json:"bits,omitempty"`
	/**
	* Random number required for generating the DH key. Required as part of the DH key generation algorithm.
	 */
	Gen string `json:"gen,omitempty"`
}

* * Configuration for dh Parameter resource.

type Ssldtlsprofile 

type Ssldtlsprofile struct {
	/**
	* Name for the DTLS profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@),equals sign (=), and hyphen (-) characters. Cannot be changed after the profile is created.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Source for the maximum record size value. If ENABLED, the value is taken from the PMTU table. If DISABLED, the value is taken from the profile.
	 */
	Pmtudiscovery string `json:"pmtudiscovery,omitempty"`
	/**
	* Maximum size of records that can be sent if PMTU is disabled.
	 */
	Maxrecordsize int `json:"maxrecordsize,omitempty"`
	/**
	* Wait for the specified time, in seconds, before resending the request.
	 */
	Maxretrytime int `json:"maxretrytime,omitempty"`
	/**
	* Send a Hello Verify request to validate the client.
	 */
	Helloverifyrequest string `json:"helloverifyrequest,omitempty"`
	/**
	* Terminate the session if the message authentication code (MAC) of the client and server do not match.
	 */
	Terminatesession string `json:"terminatesession,omitempty"`
	/**
	* Maximum number of packets to reassemble. This value helps protect against a fragmented packet attack.
	 */
	Maxpacketsize int `json:"maxpacketsize,omitempty"`
	/**
	* Maximum number of datagrams that can be queued at DTLS layer for processing
	 */
	Maxholdqlen int `json:"maxholdqlen,omitempty"`
	/**
	* Maximum number of bad MAC errors to ignore for a connection prior disconnect. Disabling parameter terminateSession terminates session immediately when bad MAC is detected in the connection.
	 */
	Maxbadmacignorecount int `json:"maxbadmacignorecount,omitempty"`

	Builtin string `json:"builtin,omitempty"`
	Feature string `json:"feature,omitempty"`
}

* * Configuration for DTLS profile resource.

type Sslecdsakey 

type Sslecdsakey struct {
	/**
	* Name for and, optionally, path to the ECDSA key file. /nsconfig/ssl/ is the default path.
	 */
	Keyfile string `json:"keyfile,omitempty"`
	/**
	* Curve id to generate ECDSA key. Only P_256 and P_384 are supported
	 */
	Curve string `json:"curve,omitempty"`
	/**
	* Format in which the ECDSA key file is stored on the appliance.
	 */
	Keyform string `json:"keyform,omitempty"`
	/**
	* Encrypt the generated ECDSA key by using the DES algorithm. On the command line, you are prompted to enter the pass phrase (password) that is used to encrypt the key.
	 */
	Des bool `json:"des,omitempty"`
	/**
	* Encrypt the generated ECDSA key by using the Triple-DES algorithm. On the command line, you are prompted to enter the pass phrase (password) that is used to encrypt the key.
	 */
	Des3 bool `json:"des3,omitempty"`
	/**
	* Encrypt the generated ECDSA key by using the AES algorithm.
	 */
	Aes256 bool `json:"aes256,omitempty"`
	/**
	* Pass phrase to use for encryption if DES or DES3 option is selected.
	 */
	Password string `json:"password,omitempty"`
	/**
	* Create the private key in PKCS#8 format.
	 */
	Pkcs8 bool `json:"pkcs8,omitempty"`
}

* * Configuration for ecdsa key resource.

type Sslfips 

type Sslfips struct {
	/**
	* FIPS initialization level. The appliance currently supports Level-2 (FIPS 140-2).
	 */
	Inithsm string `json:"inithsm,omitempty"`
	/**
	* Security officer password that will be in effect after you have configured the HSM.
	 */
	Sopassword string `json:"sopassword,omitempty"`
	/**
	* Old password for the security officer.
	 */
	Oldsopassword string `json:"oldsopassword,omitempty"`
	/**
	* The Hardware Security Module's (HSM) User password.
	 */
	Userpassword string `json:"userpassword,omitempty"`
	/**
	* Label to identify the Hardware Security Module (HSM).
	 */
	Hsmlabel string `json:"hsmlabel,omitempty"`
	/**
	* Path to the FIPS firmware file.
	 */
	Fipsfw string `json:"fipsfw,omitempty"`

	Erasedata           string `json:"erasedata,omitempty"`
	Serial              string `json:"serial,omitempty"`
	Majorversion        string `json:"majorversion,omitempty"`
	Minorversion        string `json:"minorversion,omitempty"`
	Fipshwmajorversion  string `json:"fipshwmajorversion,omitempty"`
	Fipshwminorversion  string `json:"fipshwminorversion,omitempty"`
	Fipshwversionstring string `json:"fipshwversionstring,omitempty"`
	Flashmemorytotal    string `json:"flashmemorytotal,omitempty"`
	Flashmemoryfree     string `json:"flashmemoryfree,omitempty"`
	Sramtotal           string `json:"sramtotal,omitempty"`
	Sramfree            string `json:"sramfree,omitempty"`
	Status              string `json:"status,omitempty"`
	Flag                string `json:"flag,omitempty"`
	Serialno            string `json:"serialno,omitempty"`
	Model               string `json:"model,omitempty"`
	State               string `json:"state,omitempty"`
	Firmwarereleasedate string `json:"firmwarereleasedate,omitempty"`
	Coresmax            string `json:"coresmax,omitempty"`
	Coresenabled        string `json:"coresenabled,omitempty"`
}

* * Configuration for fips resource.

type Sslfipskey 

type Sslfipskey struct {
	/**
	* Name for the FIPS key. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the FIPS key is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my fipskey" or 'my fipskey').
	*/
	Fipskeyname string `json:"fipskeyname,omitempty"`
	/**
	* Only RSA key and ECDSA Key are supported.
	 */
	Keytype string `json:"keytype,omitempty"`
	/**
	* Exponent value for the FIPS key to be created. Available values function as follows:
		3=3 (hexadecimal)
		F4=10001 (hexadecimal)
	*/
	Exponent string `json:"exponent,omitempty"`
	/**
	* Modulus, in multiples of 64, of the FIPS key to be created.
	 */
	Modulus int `json:"modulus,omitempty"`
	/**
	* Only p_256 (prime256v1) and P_384 (secp384r1) are supported.
	 */
	Curve string `json:"curve,omitempty"`
	/**
	* Name of and, optionally, path to the key file to be imported.
		/nsconfig/ssl/ is the default path.
	*/
	Key string `json:"key,omitempty"`
	/**
	* Input format of the key file. Available formats are:
		SIM - Secure Information Management; select when importing a FIPS key. If the external FIPS key is encrypted, first decrypt it, and then import it.
		PEM - Privacy Enhanced Mail; select when importing a non-FIPS key.
	*/
	Inform string `json:"inform,omitempty"`
	/**
	* Name of the wrap key to use for importing the key. Required for importing a non-FIPS key.
	 */
	Wrapkeyname string `json:"wrapkeyname,omitempty"`
	/**
	* Initialization Vector (IV) to use for importing the key. Required for importing a non-FIPS key.
	 */
	Iv string `json:"iv,omitempty"`

	Size string `json:"size,omitempty"`
}

* * Configuration for FIPS key resource.

type Sslfipssimsource 

type Sslfipssimsource struct {
	/**
	* Name of and, optionally, path to the target FIPS appliance's secret data. /nsconfig/ssl/ is the default path.
	 */
	Targetsecret string `json:"targetsecret,omitempty"`
	/**
	* Name for and, optionally, path to the source FIPS appliance's secret data. /nsconfig/ssl/ is the default path.
	 */
	Sourcesecret string `json:"sourcesecret,omitempty"`
	/**
	* Name for and, optionally, path to the source FIPS appliance's certificate file. /nsconfig/ssl/ is the default path.
	 */
	Certfile string `json:"certfile,omitempty"`
}

* * Configuration for FIPsSIM source resource.

type Sslfipssimtarget 

type Sslfipssimtarget struct {
	/**
	* Name of and, optionally, path to the target FIPS appliance's key vector. /nsconfig/ssl/ is the default path.
	 */
	Keyvector string `json:"keyvector,omitempty"`
	/**
	* Name of and, optionally, path to the source FIPS appliance's secret data. /nsconfig/ssl/ is the default path.
	 */
	Sourcesecret string `json:"sourcesecret,omitempty"`
	/**
	* Name of and, optionally, path to the source FIPS appliance's certificate file. /nsconfig/ssl/ is the default path.
	 */
	Certfile string `json:"certfile,omitempty"`
	/**
	* Name for and, optionally, path to the target FIPS appliance's secret data. The default input path for the secret data is /nsconfig/ssl/.
	 */
	Targetsecret string `json:"targetsecret,omitempty"`
}

* * Configuration for FIPS SIM Target resource.

type Sslglobalbinding 

type Sslglobalbinding struct {
}

* * Binding object which returns the resources bound to sslglobal_binding.

type Sslglobalpolicybinding 

type Sslglobalpolicybinding struct {
	/**
	* The name for the SSL policy.
	 */
	Policyname string `json:"policyname,omitempty"`
	/**
	* Global bind point to which the policy is bound.
	 */
	Type string `json:"type,omitempty"`
	/**
	* The priority of the policy binding.
	 */
	Priority       uint32 `json:"priority,omitempty"`
	Globalbindtype string `json:"globalbindtype,omitempty"`
	/**
	* Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE.  Specify one of the following values:
		* NEXT - Evaluate the policy with the next higher priority number.
		* END - End policy evaluation.
		* USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT.
		* An expression that evaluates to a number.
		If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows:
		* If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next.
		* If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next.
		* If the expression evaluates to a number that is larger than the largest numbered priority, policy evaluation ends.
		An UNDEF event is triggered if:
		* The expression is invalid.
		* The expression evaluates to a priority number that is numerically lower than the current policy's priority.
		* The expression evaluates to a priority number that is between the current policy's priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.
	*/
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Invoke policies bound to a virtual server, service, or policy label. After the invoked policies are evaluated, the flow returns to the policy with the next priority.
	 */
	Invoke bool `json:"invoke,omitempty"`
	/**
	* Type of policy label to invoke. Specify virtual server for a policy label associated with a virtual server, or policy label for a user-defined policy label.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the virtual server or user-defined policy label to invoke if the policy evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
}

* * Binding class showing the policy that can be bound to sslglobal.

type Sslglobalsslpolicybinding 

type Sslglobalsslpolicybinding struct {
	/**
	* The name for the SSL policy.
	 */
	Policyname string `json:"policyname,omitempty"`
	/**
	* Global bind point to which the policy is bound.
	 */
	Type string `json:"type,omitempty"`
	/**
	* The priority of the policy binding.
	 */
	Priority       int    `json:"priority,omitempty"`
	Globalbindtype string `json:"globalbindtype,omitempty"`
	/**
	* Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE.  Specify one of the following values:
		* NEXT - Evaluate the policy with the next higher priority number.
		* END - End policy evaluation.
		* USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT.
		* An expression that evaluates to a number.
		If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows:
		* If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next.
		* If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next.
		* If the expression evaluates to a number that is larger than the largest numbered priority, policy evaluation ends.
		An UNDEF event is triggered if:
		* The expression is invalid.
		* The expression evaluates to a priority number that is numerically lower than the current policy's priority.
		* The expression evaluates to a priority number that is between the current policy's priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.
	*/
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Invoke policies bound to a virtual server, service, or policy label. After the invoked policies are evaluated, the flow returns to the policy with the next priority.
	 */
	Invoke bool `json:"invoke,omitempty"`
	/**
	* Type of policy label to invoke. Specify virtual server for a policy label associated with a virtual server, or policy label for a user-defined policy label.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the virtual server or user-defined policy label to invoke if the policy evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
}

* * Binding class showing the sslpolicy that can be bound to sslglobal.

type Sslhsmkey 

type Sslhsmkey struct {
	Hsmkeyname string `json:"hsmkeyname,omitempty"`
	/**
	* Type of HSM.
	 */
	Hsmtype string `json:"hsmtype,omitempty"`
	/**
	* Name of the key. optionally, for Thales, path to the HSM key file; /var/opt/nfast/kmdata/local/ is the default path. Applies when HSMTYPE is THALES or KEYVAULT.
	 */
	Key string `json:"key,omitempty"`
	/**
	* Serial number of the partition on which the key is present. Applies only to SafeNet HSM.
	 */
	Serialnum string `json:"serialnum,omitempty"`
	/**
	* Password for a partition. Applies only to SafeNet HSM.
	 */
	Password string `json:"password,omitempty"`
	/**
	* Name of keystore object representing HSM where key is stored. For example, name of keyvault object or azurekeyvault authentication object. Applies only to KEYVAULT type HSM.
	 */
	Keystore string `json:"keystore,omitempty"`

	State string `json:"state,omitempty"`
}

* * Configuration for HSM key resource.

type Sslkeyfile 

type Sslkeyfile struct {
	/**
	* Name to assign to the imported key file. Must begin with an ASCII alphanumeric or underscore(_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@),equals (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my file" or 'my file').
	 */
	Name string `json:"name,omitempty"`
	/**
	* URL specifying the protocol, host, and path, including file name, to the key file to be imported. For example, http://www.example.com/key_file.
		NOTE: The import fails if the object to be imported is on an HTTPS server that requires client certificate authentication for access.
	*/
	Src      string `json:"src,omitempty"`
	Password string `json:"password,omitempty"`
}

* * Configuration for Imported ssl key files resource.

type Ssllogprofile 

type Ssllogprofile struct {
	/**
	* The name of the ssllogprofile.
	 */
	Name string `json:"name,omitempty"`
	/**
	* log all SSL ClAuth events.
	 */
	Ssllogclauth string `json:"ssllogclauth,omitempty"`
	/**
	* log all SSL ClAuth error events.
	 */
	Ssllogclauthfailures string `json:"ssllogclauthfailures,omitempty"`
	/**
	* log all SSL HS events.
	 */
	Sslloghs string `json:"sslloghs,omitempty"`
	/**
	* log all SSL HS error events.
	 */
	Sslloghsfailures string `json:"sslloghsfailures,omitempty"`
}

* * Configuration for SSL logging Profile resource.

type Sslocspresponder 

type Sslocspresponder struct {
	/**
	* Name for the OCSP responder. Cannot begin with a hash (#) or space character and must contain only ASCII alphanumeric, underscore (_), hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the responder is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my responder" or 'my responder').
	*/
	Name string `json:"name,omitempty"`
	/**
	* URL of the OCSP responder.
	 */
	Url string `json:"url,omitempty"`
	/**
	* Enable caching of responses. Caching of responses received from the OCSP responder enables faster responses to the clients and reduces the load on the OCSP responder.
	 */
	Cache string `json:"cache,omitempty"`
	/**
	* Timeout for caching the OCSP response. After the timeout, the Citrix ADC sends a fresh request to the OCSP responder for the certificate status. If a timeout is not specified, the timeout provided in the OCSP response applies.
	 */
	Cachetimeout int `json:"cachetimeout,omitempty"`
	/**
	* Number of client certificates to batch together into one OCSP request. Batching avoids overloading the OCSP responder. A value of 1 signifies that each request is queried independently. For a value greater than 1, specify a timeout (batching delay) to avoid inordinately delaying the processing of a single certificate.
	 */
	Batchingdepth int `json:"batchingdepth,omitempty"`
	/**
	* Maximum time, in milliseconds, to wait to accumulate OCSP requests to batch.  Does not apply if the Batching Depth is 1.
	 */
	Batchingdelay int `json:"batchingdelay,omitempty"`
	/**
	* Time, in milliseconds, to wait for an OCSP response. When this time elapses, an error message appears or the transaction is forwarded, depending on the settings on the virtual server. Includes Batching Delay time.
	 */
	Resptimeout int `json:"resptimeout,omitempty"`
	/**
	* Time, in milliseconds, to wait for an OCSP URL Resolution. When this time elapses, an error message appears or the transaction is forwarded, depending on the settings on the virtual server.
	 */
	Ocspurlresolvetimeout int    `json:"ocspurlresolvetimeout,omitempty"`
	Respondercert         string `json:"respondercert,omitempty"`
	/**
	* A certificate to use to validate OCSP responses.  Alternatively, if -trustResponder is specified, no verification will be done on the reponse.  If both are omitted, only the response times (producedAt, lastUpdate, nextUpdate) will be verified.
	 */
	Trustresponder bool `json:"trustresponder,omitempty"`
	/**
	* Time, in seconds, for which the Citrix ADC waits before considering the response as invalid. The response is considered invalid if the Produced At time stamp in the OCSP response exceeds or precedes the current Citrix ADC clock time by the amount of time specified.
	 */
	Producedattimeskew int `json:"producedattimeskew,omitempty"`
	/**
	* Certificate-key pair that is used to sign OCSP requests. If this parameter is not set, the requests are not signed.
	 */
	Signingcert string `json:"signingcert,omitempty"`
	/**
	* Enable the OCSP nonce extension, which is designed to prevent replay attacks.
	 */
	Usenonce string `json:"usenonce,omitempty"`
	/**
	* Include the complete client certificate in the OCSP request.
	 */
	Insertclientcert string `json:"insertclientcert,omitempty"`
	/**
	* HTTP method used to send ocsp request. POST is the default httpmethod. If request length is > 255, POST wil be used even if GET is set as httpMethod
	 */
	Httpmethod string `json:"httpmethod,omitempty"`

	Ocspaiarefcount string `json:"ocspaiarefcount,omitempty"`
	Ocspipaddrstr   string `json:"ocspipaddrstr,omitempty"`
	Port            string `json:"port,omitempty"`
}

* * Configuration for OCSP responser resource.

type Sslparameter 

type Sslparameter struct {
	/**
	* Amount of data to collect before the data is pushed to the crypto hardware for encryption. For large downloads, a larger quantum size better utilizes the crypto resources.
	 */
	Quantumsize string `json:"quantumsize,omitempty"`
	/**
	* Maximum memory size to use for certificate revocation lists (CRLs). This parameter reserves memory for a CRL but sets a limit to the maximum memory that the CRLs loaded on the appliance can consume.
	 */
	Crlmemorysizemb int `json:"crlmemorysizemb,omitempty"`
	/**
	* Enable strict CA certificate checks on the appliance.
	 */
	Strictcachecks string `json:"strictcachecks,omitempty"`
	/**
	* Time, in milliseconds, after which encryption is triggered for transactions that are not tracked on the Citrix ADC because their length is not known. There can be a delay of up to 10ms from the specified timeout value before the packet is pushed into the queue.
	 */
	Ssltriggertimeout int `json:"ssltriggertimeout,omitempty"`
	/**
	* Send an SSL Close-Notify message to the client at the end of a transaction.
	 */
	Sendclosenotify string `json:"sendclosenotify,omitempty"`
	/**
	* Maximum number of queued packets after which encryption is triggered. Use this setting for SSL transactions that send small packets from server to Citrix ADC.
	 */
	Encrypttriggerpktcount int `json:"encrypttriggerpktcount,omitempty"`
	/**
	* Deny renegotiation in specified circumstances. Available settings function as follows:
		* NO - Allow SSL renegotiation.
		* FRONTEND_CLIENT - Deny secure and nonsecure SSL renegotiation initiated by the client.
		* FRONTEND_CLIENTSERVER - Deny secure and nonsecure SSL renegotiation initiated by the client or the Citrix ADC during policy-based client authentication.
		* ALL - Deny all secure and nonsecure SSL renegotiation.
		* NONSECURE - Deny nonsecure SSL renegotiation. Allows only clients that support RFC 5746.
	*/
	Denysslreneg string `json:"denysslreneg,omitempty"`
	/**
	* Encoding method used to insert the subject or issuer's name in HTTP requests to servers.
	 */
	Insertionencoding string `json:"insertionencoding,omitempty"`
	/**
	* Size, per packet engine, in megabytes, of the OCSP cache. A maximum of 10% of the packet engine memory can be assigned. Because the maximum allowed packet engine memory is 4GB, the maximum value that can be assigned to the OCSP cache is approximately 410 MB.
	 */
	Ocspcachesize int `json:"ocspcachesize,omitempty"`
	/**
	* Insert PUSH flag into decrypted, encrypted, or all records. If the PUSH flag is set to a value other than 0, the buffered records are forwarded on the basis of the value of the PUSH flag. Available settings function as follows:
		0 - Auto (PUSH flag is not set.)
		1 - Insert PUSH flag into every decrypted record.
		2 -Insert PUSH flag into every encrypted record.
		3 - Insert PUSH flag into every decrypted and encrypted record.
	*/
	Pushflag int `json:"pushflag,omitempty"`
	/**
	* Host header check for SNI enabled sessions. If this check is enabled and the HTTP request does not contain the host header for SNI enabled sessions(i.e vserver or profile bound to vserver has SNI enabled and 'Client Hello' arrived with SNI extension), the request is dropped.
	 */
	Dropreqwithnohostheader string `json:"dropreqwithnohostheader,omitempty"`
	/**
	* Controls how the HTTP 'Host' header value is validated. These checks are performed only if the session is SNI enabled (i.e when vserver or profile bound to vserver has SNI enabled and 'Client Hello' arrived with SNI extension) and HTTP request contains 'Host' header.
		Available settings function as follows:
		CERT   - Request is forwarded if the 'Host' value is covered
		by the certificate used to establish this SSL session.
		Note: 'CERT' matching mode cannot be applied in
		TLS 1.3 connections established by resuming from a
		previous TLS 1.3 session. On these connections, 'STRICT'
		matching mode will be used instead.
		STRICT - Request is forwarded only if value of 'Host' header
		in HTTP is identical to the 'Server name' value passed
		in 'Client Hello' of the SSL connection.
		NO     - No validation is performed on the HTTP 'Host'
		header value.
	*/
	Snihttphostmatch string `json:"snihttphostmatch,omitempty"`
	/**
	* PUSH encryption trigger timeout value. The timeout value is applied only if you set the Push Encryption Trigger parameter to Timer in the SSL virtual server settings.
	 */
	Pushenctriggertimeout int `json:"pushenctriggertimeout,omitempty"`
	/**
	* Limit to the number of disabled SSL chips after which the ADC restarts. A value of zero implies that the ADC does not automatically restart.
	 */
	Cryptodevdisablelimit int `json:"cryptodevdisablelimit,omitempty"`
	/**
	* Name of the undefined built-in control action: CLIENTAUTH, NOCLIENTAUTH, NOOP, RESET, or DROP.
	 */
	Undefactioncontrol string `json:"undefactioncontrol,omitempty"`
	/**
	* Name of the undefined built-in data action: NOOP, RESET or DROP.
	 */
	Undefactiondata string `json:"undefactiondata,omitempty"`
	/**
	* Global parameter used to enable default profile feature.
	 */
	Defaultprofile string `json:"defaultprofile,omitempty"`
	/**
	* Citrix ADC CPU utilization threshold (in percentage) beyond which crypto operations are not done in software.
		A value of zero implies that CPU is not utilized for doing crypto in software.
	*/
	Softwarecryptothreshold int `json:"softwarecryptothreshold,omitempty"`
	/**
	* When this mode is enabled, system will use additional crypto hardware to accelerate symmetric crypto operations.
	 */
	Hybridfipsmode string `json:"hybridfipsmode,omitempty"`
	/**
	* Signature Digest Algorithms that are supported by appliance. Default value is "ALL" and it will enable the following algorithms depending on the platform.
		On VPX: ECDSA-SHA1 ECDSA-SHA224 ECDSA-SHA256 ECDSA-SHA384 ECDSA-SHA512 RSA-SHA1 RSA-SHA224 RSA-SHA256 RSA-SHA384 RSA-SHA512 DSA-SHA1 DSA-SHA224 DSA-SHA256 DSA-SHA384 DSA-SHA512
		On MPX with Nitrox-III and coleto cards: RSA-SHA1 RSA-SHA224 RSA-SHA256 RSA-SHA384 RSA-SHA512 ECDSA-SHA1 ECDSA-SHA224 ECDSA-SHA256 ECDSA-SHA384 ECDSA-SHA512
		Others: RSA-SHA1 RSA-SHA224 RSA-SHA256 RSA-SHA384 RSA-SHA512.
		Note:ALL doesnot include RSA-MD5 for any platform.
	*/
	Sigdigesttype []string `json:"sigdigesttype,omitempty"`
	/**
	* Enable or disable dynamically learning and caching the learned information to make the subsequent interception or bypass decision. When enabled, NS does the lookup of this cached data to do early bypass.
	 */
	Sslierrorcache string `json:"sslierrorcache,omitempty"`
	/**
	* Specify the maximum memory that can be used for caching the learned data. This memory is used as a LRU cache so that the old entries gets replaced with new entry once the set memory limit is fully utilised. A value of 0 decides the limit automatically.
	 */
	Sslimaxerrorcachemem int `json:"sslimaxerrorcachemem,omitempty"`
	/**
	* To insert space between lines in the certificate header of request
	 */
	Insertcertspace string `json:"insertcertspace,omitempty"`
	/**
	* Applies when the Citrix ADC appliance acts as a client (back-end connection).
		Settings apply as follows:
		YES - During certificate verification, ignore the common name if SAN is present in the certificate.
		NO - Do not ignore common name.
	*/
	Ndcppcompliancecertcheck string `json:"ndcppcompliancecertcheck,omitempty"`
	/**
	* To support both cavium and coleto based platforms in cluster environment, this mode has to be enabled.
	 */
	Heterogeneoussslhw string `json:"heterogeneoussslhw,omitempty"`
	/**
	* Limit in percentage of capacity of the crypto operations queue beyond which new SSL connections are not accepted until the queue is reduced.
	 */
	Operationqueuelimit int `json:"operationqueuelimit,omitempty"`

	Svctls1112disable string `json:"svctls1112disable,omitempty"`
	Montls1112disable string `json:"montls1112disable,omitempty"`
}

* * Configuration for SSL parameter resource.

type Sslpkcs12 

type Sslpkcs12 struct {
	/**
	* Name for and, optionally, path to, the output file that contains the certificate and the private key after converting from PKCS#12 to PEM format. /nsconfig/ssl/ is the default path.
		If importing, the certificate-key pair is stored in PEM format. If exporting, the certificate-key pair is stored in PKCS#12 format.
	*/
	Outfile string `json:"outfile,omitempty"`
	/**
	* Convert the certificate and private-key from PKCS#12 format to PEM format.
	 */
	Import bool `json:"Import,omitempty"`
	/**
	* Name for and, optionally, path to, the PKCS#12 file. If importing, specify the input file name that contains the certificate and the private key in PKCS#12 format. If exporting, specify the output file name that contains the certificate and the private key after converting from PEM to
		PKCS#12 format. /nsconfig/ssl/ is the default path.
		During the import operation, if the key is encrypted, you are prompted to enter the pass phrase used for encrypting the key.
	*/
	Pkcs12file string `json:"pkcs12file,omitempty"`
	/**
	* Encrypt the private key by using the DES algorithm in CBC mode during the import operation. On the command line, you are prompted to enter the pass phrase.
	 */
	Des bool `json:"des,omitempty"`
	/**
	* Encrypt the private key by using the Triple-DES algorithm in EDE CBC mode (168-bit key) during the import operation. On the command line, you are prompted to enter the pass phrase.
	 */
	Des3 bool `json:"des3,omitempty"`
	/**
	* Encrypt the private key by using the AES algorithm (256-bit key) during the import operation. On the command line, you are prompted to enter the pass phrase.
	 */
	Aes256 bool `json:"aes256,omitempty"`
	/**
	* Convert the certificate and private key from PEM format to PKCS#12 format. On the command line, you are prompted to enter the pass phrase.
	 */
	Export bool `json:"export,omitempty"`
	/**
	* Certificate file to be converted from PEM to PKCS#12 format.
	 */
	Certfile string `json:"certfile,omitempty"`
	/**
	* Name of the private key file to be converted from PEM to PKCS#12 format. If the key file is encrypted, you are prompted to enter the pass phrase used for encrypting the key.
	 */
	Keyfile       string `json:"keyfile,omitempty"`
	Password      string `json:"password,omitempty"`
	Pempassphrase string `json:"pempassphrase,omitempty"`
}

* * Configuration for pkcs12 resource.

type Sslpkcs8 

type Sslpkcs8 struct {
	/**
	* Name for and, optionally, path to, the output file where the PKCS#8 format key file is stored. /nsconfig/ssl/ is the default path.
	 */
	Pkcs8file string `json:"pkcs8file,omitempty"`
	/**
	* Name of and, optionally, path to the input key file to be converted from PEM or DER format to PKCS#8 format. /nsconfig/ssl/ is the default path.
	 */
	Keyfile string `json:"keyfile,omitempty"`
	/**
	* Format in which the key file is stored on the appliance.
	 */
	Keyform string `json:"keyform,omitempty"`
	/**
	* Password to assign to the file if the key is encrypted. Applies only for PEM format files.
	 */
	Password string `json:"password,omitempty"`
}

* * Configuration for pkcs8 resource.

type Sslpolicy 

type Sslpolicy struct {
	/**
	* Name for the new SSL policy. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters.  Cannot be changed after the policy is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my policy" or 'my policy').
	*/
	Name string `json:"name,omitempty"`
	/**
	* Expression, against which traffic is evaluated.
		The following requirements apply only to the Citrix ADC CLI:
		* If the expression includes one or more spaces, enclose the entire expression in double quotation marks.
		* If the expression itself includes double quotation marks, escape the quotations by using the  character.
		* Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.
	*/
	Rule string `json:"rule,omitempty"`
	/**
	* The name of the action to be performed on the request. Refer to 'add ssl action' command to add a new action. Builtin actions like NOOP, RESET, DROP, CLIENTAUTH and NOCLIENTAUTH are also allowed.
	 */
	Reqaction string `json:"reqaction,omitempty"`
	/**
	* Name of the built-in or user-defined action to perform on the request. Available built-in actions are NOOP, RESET, DROP, CLIENTAUTH, NOCLIENTAUTH, INTERCEPT AND BYPASS.
	 */
	Action string `json:"action,omitempty"`
	/**
	* Name of the action to be performed when the result of rule evaluation is undefined. Possible values for control policies: CLIENTAUTH, NOCLIENTAUTH, NOOP, RESET, DROP. Possible values for data policies: NOOP, RESET, DROP and BYPASS
	 */
	Undefaction string `json:"undefaction,omitempty"`
	/**
	* Any comments associated with this policy.
	 */
	Comment string `json:"comment,omitempty"`

	Hits        string `json:"hits,omitempty"`
	Undefhits   string `json:"undefhits,omitempty"`
	Description string `json:"description,omitempty"`
	Policytype  string `json:"policytype,omitempty"`
	Builtin     string `json:"builtin,omitempty"`
	Feature     string `json:"feature,omitempty"`
}

* * Configuration for SSL policy resource.

type Sslpolicybinding 

type Sslpolicybinding struct {
	/**
	* Name of the SSL policy for which to display detailed information.<br/>Minimum value =
	 */
	Name string `json:"name,omitempty"`
}

* * Binding object which returns the resources bound to sslpolicy_binding.

type Sslpolicycsvserverbinding 

type Sslpolicycsvserverbinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     int    `json:"priority,omitempty"`
	Activepolicy int    `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the csvserver that can be bound to sslpolicy.

type Sslpolicyglobalbinding 

type Sslpolicyglobalbinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     uint32 `json:"priority,omitempty"`
	Activepolicy uint32 `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the global that can be bound to sslpolicy.

type Sslpolicylabel 

type Sslpolicylabel struct {
	/**
	* Name for the SSL policy label.  Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the policy label is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my label" or 'my label').
	*/
	Labelname string `json:"labelname,omitempty"`
	/**
	* Type of policies that the policy label can contain.
	 */
	Type string `json:"type,omitempty"`

	Numpol                 string `json:"numpol,omitempty"`
	Hits                   string `json:"hits,omitempty"`
	Policyname             string `json:"policyname,omitempty"`
	Priority               string `json:"priority,omitempty"`
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	Invoke                 string `json:"invoke,omitempty"`
	Labeltype              string `json:"labeltype,omitempty"`
	Invokelabelname        string `json:"invoke_labelname,omitempty"`
	Flowtype               string `json:"flowtype,omitempty"`
	Description            string `json:"description,omitempty"`
}

* * Configuration for SSL policy label resource.

type Sslpolicylabelbinding 

type Sslpolicylabelbinding struct {
	/**
	* Name of the SSL policy label for which to show detailed information.
	 */
	Labelname string `json:"labelname,omitempty"`
}

* * Binding object which returns the resources bound to sslpolicylabel_binding.

type Sslpolicylabelpolicybinding 

type Sslpolicylabelpolicybinding struct {
	/**
	* Name of the SSL policy to bind to the policy label.
	 */
	Policyname string `json:"policyname,omitempty"`
	/**
	* Specifies the priority of the policy.
	 */
	Priority uint32 `json:"priority,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Invokelabelname string `json:"invoke_labelname,omitempty"`
	/**
	* Name of the SSL policy label to which to bind policies.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Invoke policies bound to a policy label. After the invoked policies are evaluated, the flow returns to the policy with the next priority.
	 */
	Invoke bool `json:"invoke,omitempty"`
}

* * Binding class showing the policy that can be bound to sslpolicylabel.

type Sslpolicylabelsslpolicybinding 

type Sslpolicylabelsslpolicybinding struct {
	/**
	* Name of the SSL policy to bind to the policy label.
	 */
	Policyname string `json:"policyname,omitempty"`
	/**
	* Specifies the priority of the policy.
	 */
	Priority int `json:"priority,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Invokelabelname string `json:"invoke_labelname,omitempty"`
	/**
	* Name of the SSL policy label to which to bind policies.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Invoke policies bound to a policy label. After the invoked policies are evaluated, the flow returns to the policy with the next priority.
	 */
	Invoke bool `json:"invoke,omitempty"`
}

* * Binding class showing the sslpolicy that can be bound to sslpolicylabel.

type Sslpolicylbvserverbinding 

type Sslpolicylbvserverbinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     int    `json:"priority,omitempty"`
	Activepolicy int    `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the lbvserver that can be bound to sslpolicy.

type Sslpolicypolicylabelbinding 

type Sslpolicypolicylabelbinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     uint32 `json:"priority,omitempty"`
	Activepolicy uint32 `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the policylabel that can be bound to sslpolicy.

type Sslpolicyservicebinding 

type Sslpolicyservicebinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     uint32 `json:"priority,omitempty"`
	Activepolicy uint32 `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the service that can be bound to sslpolicy.

type Sslpolicysslglobalbinding 

type Sslpolicysslglobalbinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     int    `json:"priority,omitempty"`
	Activepolicy int    `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the sslglobal that can be bound to sslpolicy.

type Sslpolicysslpolicylabelbinding 

type Sslpolicysslpolicylabelbinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     int    `json:"priority,omitempty"`
	Activepolicy int    `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the sslpolicylabel that can be bound to sslpolicy.

type Sslpolicysslservicebinding 

type Sslpolicysslservicebinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     int    `json:"priority,omitempty"`
	Activepolicy int    `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the sslservice that can be bound to sslpolicy.

type Sslpolicysslvserverbinding 

type Sslpolicysslvserverbinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     int    `json:"priority,omitempty"`
	Activepolicy int    `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the sslvserver that can be bound to sslpolicy.

type Sslpolicyvserverbinding 

type Sslpolicyvserverbinding struct {
	/**
	* The entity name to which policy is bound
	 */
	Boundto      string `json:"boundto,omitempty"`
	Priority     uint32 `json:"priority,omitempty"`
	Activepolicy uint32 `json:"activepolicy,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL policy for which to display detailed information.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the vserver that can be bound to sslpolicy.

type Sslprofile 

type Sslprofile struct {
	/**
	* Name for the SSL profile. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the profile is created.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Type of profile. Front end profiles apply to the entity that receives requests from a client. Backend profiles apply to the entity that sends client requests to a server.
	 */
	Sslprofiletype string `json:"sslprofiletype,omitempty"`
	/**
	* The name of the ssllogprofile.
	 */
	Ssllogprofile string `json:"ssllogprofile,omitempty"`
	/**
	* Number of interactions, between the client and the Citrix ADC, after which the DH private-public pair is regenerated. A value of zero (0) specifies refresh every time.
		This parameter is not applicable when configuring a backend profile. Allowed DH count values are 0 and >= 500.
	*/
	Dhcount int `json:"dhcount,omitempty"`
	/**
	* State of Diffie-Hellman (DH) key exchange.
		This parameter is not applicable when configuring a backend profile.
	*/
	Dh string `json:"dh,omitempty"`
	/**
	* The file name and path for the DH parameter.
	 */
	Dhfile string `json:"dhfile,omitempty"`
	/**
	* State of Ephemeral RSA (eRSA) key exchange. Ephemeral RSA allows clients that support only export ciphers to communicate with the secure server even if the server certificate does not support export clients. The ephemeral RSA key is automatically generated when you bind an export cipher to an SSL or TCP-based SSL virtual server or service. When you remove the export cipher, the eRSA key is not deleted. It is reused at a later date when another export cipher is bound to an SSL or TCP-based SSL virtual server or service. The eRSA key is deleted when the appliance restarts.
		This parameter is not applicable when configuring a backend profile.
	*/
	Ersa string `json:"ersa,omitempty"`
	/**
	* The  refresh  count  for the re-generation of RSA public-key and private-key pair.
	 */
	Ersacount int `json:"ersacount,omitempty"`
	/**
	* State of session reuse. Establishing the initial handshake requires CPU-intensive public key encryption operations. With the ENABLED setting, session key exchange is avoided for session resumption requests received from the client.
	 */
	Sessreuse string `json:"sessreuse,omitempty"`
	/**
	* The Session timeout value in seconds.
	 */
	Sesstimeout int `json:"sesstimeout,omitempty"`
	/**
	* State of Cipher Redirect. If this parameter is set to ENABLED, you can configure an SSL virtual server or service to display meaningful error messages if the SSL handshake fails because of a cipher mismatch between the virtual server or service and the client.
		This parameter is not applicable when configuring a backend profile.
	*/
	Cipherredirect string `json:"cipherredirect,omitempty"`
	/**
	* The redirect URL to be used with the Cipher Redirect feature.
	 */
	Cipherurl string `json:"cipherurl,omitempty"`
	/**
	* State of client authentication. In service-based SSL offload, the service terminates the SSL handshake if the SSL client does not provide a valid certificate.
		This parameter is not applicable when configuring a backend profile.
	*/
	Clientauth string `json:"clientauth,omitempty"`
	/**
	* The rule for client certificate requirement in client authentication.
	 */
	Clientcert string `json:"clientcert,omitempty"`
	/**
	* This option enables the use of NIST recommended (NIST Special Publication 800-56A) bit size for private-key size. For example, for DH params of size 2048bit, the private-key size recommended is 224bits. This is rounded-up to 256bits.
	 */
	Dhkeyexpsizelimit string `json:"dhkeyexpsizelimit,omitempty"`
	/**
	* State of HTTPS redirects for the SSL service.
		For an SSL session, if the client browser receives a redirect message, the browser tries to connect to the new location. However, the secure SSL session breaks if the object has moved from a secure site (https://) to an unsecure site (http://). Typically, a warning message appears on the screen, prompting the user to continue or disconnect.
		If SSL Redirect is ENABLED, the redirect message is automatically converted from http:// to https:// and the SSL session does not break.
		This parameter is not applicable when configuring a backend profile.
	*/
	Sslredirect string `json:"sslredirect,omitempty"`
	/**
	* State of the port rewrite while performing HTTPS redirect. If this parameter is set to ENABLED, and the URL from the server does not contain the standard port, the port is rewritten to the standard.
	 */
	Redirectportrewrite string `json:"redirectportrewrite,omitempty"`
	/**
	* State of SSLv3 protocol support for the SSL profile.
		Note: On platforms with SSL acceleration chips, if the SSL chip does not support SSLv3, this parameter cannot be set to ENABLED.
	*/
	Ssl3 string `json:"ssl3,omitempty"`
	/**
	* State of TLSv1.0 protocol support for the SSL profile.
	 */
	Tls1 string `json:"tls1,omitempty"`
	/**
	* State of TLSv1.1 protocol support for the SSL profile.
	 */
	Tls11 string `json:"tls11,omitempty"`
	/**
	* State of TLSv1.2 protocol support for the SSL profile.
	 */
	Tls12 string `json:"tls12,omitempty"`
	/**
	* State of TLSv1.3 protocol support for the SSL profile.
	 */
	Tls13 string `json:"tls13,omitempty"`
	/**
	* State of the Server Name Indication (SNI) feature on the virtual server and service-based offload. SNI helps to enable SSL encryption on multiple domains on a single virtual server or service if the domains are controlled by the same organization and share the same second-level domain name. For example, *.sports.net can be used to secure domains such as login.sports.net and help.sports.net.
	 */
	Snienable string `json:"snienable,omitempty"`
	/**
	* State of OCSP stapling support on the SSL virtual server. Supported only if the protocol used is higher than SSLv3. Possible values:
		ENABLED: The appliance sends a request to the OCSP responder to check the status of the server certificate and caches the response for the specified time. If the response is valid at the time of SSL handshake with the client, the OCSP-based server certificate status is sent to the client during the handshake.
		DISABLED: The appliance does not check the status of the server certificate.
	*/
	Ocspstapling string `json:"ocspstapling,omitempty"`
	/**
	* State of server authentication support for the SSL Backend profile.
	 */
	Serverauth string `json:"serverauth,omitempty"`
	/**
	* Name to be checked against the CommonName (CN) field in the server certificate bound to the SSL server.
	 */
	Commonname string `json:"commonname,omitempty"`
	/**
	* Trigger encryption on the basis of the PUSH flag value. Available settings function as follows:
		* ALWAYS - Any PUSH packet triggers encryption.
		* IGNORE - Ignore PUSH packet for triggering encryption.
		* MERGE - For a consecutive sequence of PUSH packets, the last PUSH packet triggers encryption.
		* TIMER - PUSH packet triggering encryption is delayed by the time defined in the set ssl parameter command or in the Change Advanced SSL Settings dialog box.
	*/
	Pushenctrigger string `json:"pushenctrigger,omitempty"`
	/**
	* Enable sending SSL Close-Notify at the end of a transaction.
	 */
	Sendclosenotify string `json:"sendclosenotify,omitempty"`
	/**
	* Port on which clear-text data is sent by the appliance to the server. Do not specify this parameter for SSL offloading with end-to-end encryption.
	 */
	Cleartextport int `json:"cleartextport,omitempty"`
	/**
	* Encoding method used to insert the subject or issuer's name in HTTP requests to servers.
	 */
	Insertionencoding string `json:"insertionencoding,omitempty"`
	/**
	* Deny renegotiation in specified circumstances. Available settings function as follows:
		* NO - Allow SSL renegotiation.
		* FRONTEND_CLIENT - Deny secure and nonsecure SSL renegotiation initiated by the client.
		* FRONTEND_CLIENTSERVER - Deny secure and nonsecure SSL renegotiation initiated by the client or the Citrix ADC during policy-based client authentication.
		* ALL - Deny all secure and nonsecure SSL renegotiation.
		* NONSECURE - Deny nonsecure SSL renegotiation. Allows only clients that support RFC 5746.
	*/
	Denysslreneg string `json:"denysslreneg,omitempty"`
	/**
	* Amount of data to collect before the data is pushed to the crypto hardware for encryption. For large downloads, a larger quantum size better utilizes the crypto resources.
	 */
	Quantumsize string `json:"quantumsize,omitempty"`
	/**
	* Enable strict CA certificate checks on the appliance.
	 */
	Strictcachecks string `json:"strictcachecks,omitempty"`
	/**
	* Maximum number of queued packets after which encryption is triggered. Use this setting for SSL transactions that send small packets from server to Citrix ADC.
	 */
	Encrypttriggerpktcount int `json:"encrypttriggerpktcount,omitempty"`
	/**
	* Insert PUSH flag into decrypted, encrypted, or all records. If the PUSH flag is set to a value other than 0, the buffered records are forwarded on the basis of the value of the PUSH flag. Available settings function as follows:
		0 - Auto (PUSH flag is not set.)
		1 - Insert PUSH flag into every decrypted record.
		2 -Insert PUSH flag into every encrypted record.
		3 - Insert PUSH flag into every decrypted and encrypted record.
	*/
	Pushflag int `json:"pushflag,omitempty"`
	/**
	* Host header check for SNI enabled sessions. If this check is enabled and the HTTP request does not contain the host header for SNI enabled sessions(i.e vserver or profile bound to vserver has SNI enabled and 'Client Hello' arrived with SNI extension), the request is dropped.
	 */
	Dropreqwithnohostheader string `json:"dropreqwithnohostheader,omitempty"`
	/**
	* Controls how the HTTP 'Host' header value is validated. These checks are performed only if the session is SNI enabled (i.e when vserver or profile bound to vserver has SNI enabled and 'Client Hello' arrived with SNI extension) and HTTP request contains 'Host' header.
		Available settings function as follows:
		CERT   - Request is forwarded if the 'Host' value is covered
		by the certificate used to establish this SSL session.
		Note: 'CERT' matching mode cannot be applied in
		TLS 1.3 connections established by resuming from a
		previous TLS 1.3 session. On these connections, 'STRICT'
		matching mode will be used instead.
		STRICT - Request is forwarded only if value of 'Host' header
		in HTTP is identical to the 'Server name' value passed
		in 'Client Hello' of the SSL connection.
		NO     - No validation is performed on the HTTP 'Host'
		header value.
	*/
	Snihttphostmatch string `json:"snihttphostmatch,omitempty"`
	/**
	* PUSH encryption trigger timeout value. The timeout value is applied only if you set the Push Encryption Trigger parameter to Timer in the SSL virtual server settings.
	 */
	Pushenctriggertimeout int `json:"pushenctriggertimeout,omitempty"`
	/**
	* Time, in milliseconds, after which encryption is triggered for transactions that are not tracked on the Citrix ADC because their length is not known. There can be a delay of up to 10ms from the specified timeout value before the packet is pushed into the queue.
	 */
	Ssltriggertimeout int `json:"ssltriggertimeout,omitempty"`
	/**
	* Certficates bound on the VIP are used for validating the client cert. Certficates came along with client cert are not used for validating the client cert
	 */
	Clientauthuseboundcachain string `json:"clientauthuseboundcachain,omitempty"`
	/**
	* Enable or disable transparent interception of SSL sessions.
	 */
	Sslinterception string `json:"sslinterception,omitempty"`
	/**
	* Enable or disable triggering the client renegotiation when renegotiation request is received from the origin server.
	 */
	Sslireneg string `json:"sslireneg,omitempty"`
	/**
	* Enable or disable OCSP check for origin server certificate.
	 */
	Ssliocspcheck string `json:"ssliocspcheck,omitempty"`
	/**
	* Maximum ssl session to be cached per dynamic origin server. A unique ssl session is created for each SNI received from the client on ClientHello and the matching session is used for server session reuse.
	 */
	Sslimaxsessperserver int `json:"sslimaxsessperserver,omitempty"`
	/**
	* This option enables the use of session tickets, as per the RFC 5077
	 */
	Sessionticket string `json:"sessionticket,omitempty"`
	/**
	* This option sets the life time of session tickets issued by NS in secs
	 */
	Sessionticketlifetime int `json:"sessionticketlifetime,omitempty"`
	/**
	* This option enables the use of session tickets, as per the RFC 5077
	 */
	Sessionticketkeyrefresh string `json:"sessionticketkeyrefresh,omitempty"`
	/**
	* Session ticket enc/dec key , admin can set it
	 */
	Sessionticketkeydata string `json:"sessionticketkeydata,omitempty"`
	/**
	* This option sets the life time of symm key used to generate session tickets issued by NS in secs
	 */
	Sessionkeylifetime int `json:"sessionkeylifetime,omitempty"`
	/**
	* This option sets the life time of symm key used to generate session tickets issued by NS in secs
	 */
	Prevsessionkeylifetime int `json:"prevsessionkeylifetime,omitempty"`
	/**
	* State of HSTS protocol support for the SSL profile. Using HSTS, a server can enforce the use of an HTTPS connection for all communication with a client
	 */
	Hsts string `json:"hsts,omitempty"`
	/**
	* Set the maximum time, in seconds, in the strict transport security (STS) header during which the client must send only HTTPS requests to the server
	 */
	Maxage int `json:"maxage,omitempty"`
	/**
	* Enable HSTS for subdomains. If set to Yes, a client must send only HTTPS requests for subdomains.
	 */
	Includesubdomains string `json:"includesubdomains,omitempty"`
	/**
	* Flag indicates the consent of the site owner to have their domain preloaded.
	 */
	Preload string `json:"preload,omitempty"`
	/**
	* This flag controls the processing of X509 certificate policies. If this option is Enabled, then the policy check in Client authentication will be skipped. This option can be used only when Client Authentication is Enabled and ClientCert is set to Mandatory
	 */
	Skipclientcertpolicycheck string `json:"skipclientcertpolicycheck,omitempty"`
	/**
	* State of TLS 1.3 0-RTT early data support for the SSL Virtual Server. This setting only has an effect if resumption is enabled, as early data cannot be sent along with an initial handshake.
		Early application data has significantly different security properties - in particular there is no guarantee that the data cannot be replayed.
	*/
	Zerorttearlydata string `json:"zerorttearlydata,omitempty"`
	/**
	* Number of tickets the SSL Virtual Server will issue anytime TLS 1.3 is negotiated, ticket-based resumption is enabled, and either (1) a handshake completes or (2) post-handhsake client auth completes.
		This value can be increased to enable clients to open multiple parallel connections using a fresh ticket for each connection.
		No tickets are sent if resumption is disabled.
	*/
	Tls13sessionticketsperauthcontext int `json:"tls13sessionticketsperauthcontext,omitempty"`
	/**
	* Whether or not the SSL Virtual Server will require a DHE key exchange to occur when a PSK is accepted during a TLS 1.3 resumption handshake.
		A DHE key exchange ensures forward secrecy even in the event that ticket keys are compromised, at the expense of an additional round trip and resources required to carry out the DHE key exchange.
		If disabled, a DHE key exchange will be performed when a PSK is accepted but only if requested by the client.
		If enabled, the server will require a DHE key exchange when a PSK is accepted regardless of whether the client supports combined PSK-DHE key exchange. This setting only has an effect when resumption is enabled.
	*/
	Dhekeyexchangewithpsk string `json:"dhekeyexchangewithpsk,omitempty"`
	/**
	* When set to YES, attempt to use the TLS Extended Master Secret (EMS, as
		described in RFC 7627) when negotiating TLS 1.0, TLS 1.1 and TLS 1.2
		connection parameters. EMS must be supported by both the TLS client and server
		in order to be enabled during a handshake. This setting applies to both
		frontend and backend SSL profiles.
	*/
	Allowextendedmastersecret string `json:"allowextendedmastersecret,omitempty"`
	/**
	* Application protocol supported by the server and used in negotiation of the protocol with the client. Possible values are HTTP1.1, HTTP2 and NONE. Default value is NONE which implies application protocol is not enabled hence remain unknown to the TLS layer. This parameter is relevant only if SSL connection is handled by the virtual server of the type SSL_TCP.
	 */
	Alpnprotocol string `json:"alpnprotocol,omitempty"`
	/**
	* The cipher group/alias/individual cipher configuration
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* cipher priority
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
	/**
	* Parameter indicating to check whether peer entity certificate during TLS1.2 handshake is signed with one of signature-hash combination supported by Citrix ADC.
	 */
	Strictsigdigestcheck string `json:"strictsigdigestcheck,omitempty"`

	Nonfipsciphers               string `json:"nonfipsciphers,omitempty"`
	Crlcheck                     string `json:"crlcheck,omitempty"`
	Ocspcheck                    string `json:"ocspcheck,omitempty"`
	Snicert                      string `json:"snicert,omitempty"`
	Skipcaname                   string `json:"skipcaname,omitempty"`
	Invoke                       string `json:"invoke,omitempty"`
	Labeltype                    string `json:"labeltype,omitempty"`
	Service                      string `json:"service,omitempty"`
	Builtin                      string `json:"builtin,omitempty"`
	Feature                      string `json:"feature,omitempty"`
	Sslpfobjecttype              string `json:"sslpfobjecttype,omitempty"`
	Ssliverifyservercertforreuse string `json:"ssliverifyservercertforreuse,omitempty"`
}

* * Configuration for SSL profile resource.

type Sslprofilebinding 

type Sslprofilebinding struct {
	/**
	* Name of the SSL profile for which to show detailed information.<br/>Minimum value =
	 */
	Name string `json:"name,omitempty"`
}

* * Binding object which returns the resources bound to sslprofile_binding.

type Sslprofilecertkeybinding 

type Sslprofilecertkeybinding struct {
	/**
	* The certkey (CA certificate + private key) to be used for SSL interception.
	 */
	Sslicacertkey string `json:"sslicacertkey,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Priority of the cipher binding
	 */
	Cipherpriority uint32 `json:"cipherpriority,omitempty"`
}

* * Binding class showing the certkey that can be bound to sslprofile.

type Sslprofilecipherbinding 

type Sslprofilecipherbinding struct {
	/**
	* The name of the cipher group/alias/individual cipheri bindings.
	 */
	Cipheraliasname string `json:"cipheraliasname,omitempty"`
	/**
	* cipher priority
	 */
	Cipherpriority uint32 `json:"cipherpriority,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Name of the cipher.
	 */
	Ciphername string `json:"ciphername,omitempty"`
}

* * Binding class showing the cipher that can be bound to sslprofile.

type Sslprofileciphersuitebinding 

type Sslprofileciphersuitebinding struct {
	/**
	* The cipher group/alias/individual cipher configuration
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* cipher priority
	 */
	Cipherpriority uint32 `json:"cipherpriority,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the ciphersuite that can be bound to sslprofile.

type Sslprofileecccurvebinding 

type Sslprofileecccurvebinding struct {
	/**
	* Named ECC curve bound to vserver/service.
	 */
	Ecccurvename string `json:"ecccurvename,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Priority of the cipher binding
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
}

* * Binding class showing the ecccurve that can be bound to sslprofile.

type Sslprofilesslcertkeybinding 

type Sslprofilesslcertkeybinding struct {
	/**
	* The certkey (CA certificate + private key) to be used for SSL interception.
	 */
	Sslicacertkey string `json:"sslicacertkey,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Priority of the cipher binding
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
}

* * Binding class showing the sslcertkey that can be bound to sslprofile.

type Sslprofilesslcipherbinding 

type Sslprofilesslcipherbinding struct {
	/**
	* The name of the cipher group/alias/individual cipheri bindings.
	 */
	Cipheraliasname string `json:"cipheraliasname,omitempty"`
	/**
	* cipher priority
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Name of the cipher.
	 */
	Ciphername string `json:"ciphername,omitempty"`
}

* * Binding class showing the sslcipher that can be bound to sslprofile.

type Sslprofilesslciphersuitebinding 

type Sslprofilesslciphersuitebinding struct {
	/**
	* The cipher group/alias/individual cipher configuration
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* cipher priority
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
}

* * Binding class showing the sslciphersuite that can be bound to sslprofile.

type Sslprofilesslvserverbinding 

type Sslprofilesslvserverbinding struct {
	/**
	* Service name.
	 */
	Servicename string `json:"servicename,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Priority of the cipher binding
	 */
	Cipherpriority int `json:"cipherpriority,omitempty"`
}

* * Binding class showing the sslvserver that can be bound to sslprofile.

type Sslprofilevserverbinding 

type Sslprofilevserverbinding struct {
	/**
	* Service name.
	 */
	Servicename string `json:"servicename,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL profile.
	 */
	Name string `json:"name,omitempty"`
	/**
	* Priority of the cipher binding
	 */
	Cipherpriority uint32 `json:"cipherpriority,omitempty"`
}

* * Binding class showing the vserver that can be bound to sslprofile.

type Sslrsakey 

type Sslrsakey struct {
	/**
	* Name for and, optionally, path to the RSA key file. /nsconfig/ssl/ is the default path.
	 */
	Keyfile string `json:"keyfile,omitempty"`
	/**
	* Size, in bits, of the RSA key.
	 */
	Bits int `json:"bits,omitempty"`
	/**
	* Public exponent for the RSA key. The exponent is part of the cipher algorithm and is required for creating the RSA key.
	 */
	Exponent string `json:"exponent,omitempty"`
	/**
	* Format in which the RSA key file is stored on the appliance.
	 */
	Keyform string `json:"keyform,omitempty"`
	/**
	* Encrypt the generated RSA key by using the DES algorithm. On the command line, you are prompted to enter the pass phrase (password) that is used to encrypt the key.
	 */
	Des bool `json:"des,omitempty"`
	/**
	* Encrypt the generated RSA key by using the Triple-DES algorithm. On the command line, you are prompted to enter the pass phrase (password) that is used to encrypt the key.
	 */
	Des3 bool `json:"des3,omitempty"`
	/**
	* Encrypt the generated RSA key by using the AES algorithm.
	 */
	Aes256 bool `json:"aes256,omitempty"`
	/**
	* Pass phrase to use for encryption if DES or DES3 option is selected.
	 */
	Password string `json:"password,omitempty"`
	/**
	* Create the private key in PKCS#8 format.
	 */
	Pkcs8 bool `json:"pkcs8,omitempty"`
}

* * Configuration for RSA key resource.

type Sslservice 

type Sslservice struct {
	/**
	* Name of the SSL service.
	 */
	Servicename string `json:"servicename,omitempty"`
	/**
	* State of Diffie-Hellman (DH) key exchange. This parameter is not applicable when configuring a backend service.
	 */
	Dh string `json:"dh,omitempty"`
	/**
	* Name for and, optionally, path to the PEM-format DH parameter file to be installed. /nsconfig/ssl/ is the default path. This parameter is not applicable when configuring a backend service.
	 */
	Dhfile string `json:"dhfile,omitempty"`
	/**
	* Number of interactions, between the client and the Citrix ADC, after which the DH private-public pair is regenerated. A value of zero (0) specifies refresh every time. This parameter is not applicable when configuring a backend service. Allowed DH count values are 0 and >= 500.
	 */
	Dhcount int `json:"dhcount,omitempty"`
	/**
	* This option enables the use of NIST recommended (NIST Special Publication 800-56A) bit size for private-key size. For example, for DH params of size 2048bit, the private-key size recommended is 224bits. This is rounded-up to 256bits.
	 */
	Dhkeyexpsizelimit string `json:"dhkeyexpsizelimit,omitempty"`
	/**
	* State of Ephemeral RSA (eRSA) key exchange. Ephemeral RSA allows clients that support only export ciphers to communicate with the secure server even if the server certificate does not support export clients. The ephemeral RSA key is automatically generated when you bind an export cipher to an SSL or TCP-based SSL virtual server or service. When you remove the export cipher, the eRSA key is not deleted. It is reused at a later date when another export cipher is bound to an SSL or TCP-based SSL virtual server or service. The eRSA key is deleted when the appliance restarts.
		This parameter is not applicable when configuring a backend service.
	*/
	Ersa string `json:"ersa,omitempty"`
	/**
	* Refresh count for regeneration of RSA public-key and private-key pair. Zero (0) specifies infinite usage (no refresh).
		This parameter is not applicable when configuring a backend service.
	*/
	Ersacount int `json:"ersacount,omitempty"`
	/**
	* State of session reuse. Establishing the initial handshake requires CPU-intensive public key encryption operations. With the ENABLED setting, session key exchange is avoided for session resumption requests received from the client.
	 */
	Sessreuse string `json:"sessreuse,omitempty"`
	/**
	* Time, in seconds, for which to keep the session active. Any session resumption request received after the timeout period will require a fresh SSL handshake and establishment of a new SSL session.
	 */
	Sesstimeout int `json:"sesstimeout,omitempty"`
	/**
	* State of Cipher Redirect. If this parameter is set to ENABLED, you can configure an SSL virtual server or service to display meaningful error messages if the SSL handshake fails because of a cipher mismatch between the virtual server or service and the client.
		This parameter is not applicable when configuring a backend service.
	*/
	Cipherredirect string `json:"cipherredirect,omitempty"`
	/**
	* URL of the page to which to redirect the client in case of a cipher mismatch. Typically, this page has a clear explanation of the error or an alternative location that the transaction can continue from.
		This parameter is not applicable when configuring a backend service.
	*/
	Cipherurl string `json:"cipherurl,omitempty"`
	/**
	* State of SSLv2 Redirect. If this parameter is set to ENABLED, you can configure an SSL virtual server or service to display meaningful error messages if the SSL handshake fails because of a protocol version mismatch between the virtual server or service and the client.
		This parameter is not applicable when configuring a backend service.
	*/
	Sslv2redirect string `json:"sslv2redirect,omitempty"`
	/**
	* URL of the page to which to redirect the client in case of a protocol version mismatch. Typically, this page has a clear explanation of the error or an alternative location that the transaction can continue from.
		This parameter is not applicable when configuring a backend service.
	*/
	Sslv2url string `json:"sslv2url,omitempty"`
	/**
	* State of client authentication. In service-based SSL offload, the service terminates the SSL handshake if the SSL client does not provide a valid certificate.
		This parameter is not applicable when configuring a backend service.
	*/
	Clientauth string `json:"clientauth,omitempty"`
	/**
	* Type of client authentication. If this parameter is set to MANDATORY, the appliance terminates the SSL handshake if the SSL client does not provide a valid certificate. With the OPTIONAL setting, the appliance requests a certificate from the SSL clients but proceeds with the SSL transaction even if the client presents an invalid certificate.
		This parameter is not applicable when configuring a backend SSL service.
		Caution: Define proper access control policies before changing this setting to Optional.
	*/
	Clientcert string `json:"clientcert,omitempty"`
	/**
	* State of HTTPS redirects for the SSL service.
		For an SSL session, if the client browser receives a redirect message, the browser tries to connect to the new location. However, the secure SSL session breaks if the object has moved from a secure site (https://) to an unsecure site (http://). Typically, a warning message appears on the screen, prompting the user to continue or disconnect.
		If SSL Redirect is ENABLED, the redirect message is automatically converted from http:// to https:// and the SSL session does not break.
		This parameter is not applicable when configuring a backend service.
	*/
	Sslredirect string `json:"sslredirect,omitempty"`
	/**
	* State of the port rewrite while performing HTTPS redirect. If this parameter is set to ENABLED, and the URL from the server does not contain the standard port, the port is rewritten to the standard.
	 */
	Redirectportrewrite string `json:"redirectportrewrite,omitempty"`
	/**
	* State of SSLv2 protocol support for the SSL service.
		This parameter is not applicable when configuring a backend service.
	*/
	Ssl2 string `json:"ssl2,omitempty"`
	/**
	* State of SSLv3 protocol support for the SSL service.
		Note: On platforms with SSL acceleration chips, if the SSL chip does not support SSLv3, this parameter cannot be set to ENABLED.
	*/
	Ssl3 string `json:"ssl3,omitempty"`
	/**
	* State of TLSv1.0 protocol support for the SSL service.
	 */
	Tls1 string `json:"tls1,omitempty"`
	/**
	* State of TLSv1.1 protocol support for the SSL service.
	 */
	Tls11 string `json:"tls11,omitempty"`
	/**
	* State of TLSv1.2 protocol support for the SSL service.
	 */
	Tls12 string `json:"tls12,omitempty"`
	/**
	* State of TLSv1.3 protocol support for the SSL service.
	 */
	Tls13 string `json:"tls13,omitempty"`
	/**
	* State of DTLSv1.0 protocol support for the SSL service.
	 */
	Dtls1 string `json:"dtls1,omitempty"`
	/**
	* State of DTLSv1.2 protocol support for the SSL service.
	 */
	Dtls12 string `json:"dtls12,omitempty"`
	/**
	* State of the Server Name Indication (SNI) feature on the virtual server and service-based offload. SNI helps to enable SSL encryption on multiple domains on a single virtual server or service if the domains are controlled by the same organization and share the same second-level domain name. For example, *.sports.net can be used to secure domains such as login.sports.net and help.sports.net.
	 */
	Snienable string `json:"snienable,omitempty"`
	/**
	* State of OCSP stapling support on the SSL virtual server. Supported only if the protocol used is higher than SSLv3. Possible values:
		ENABLED: The appliance sends a request to the OCSP responder to check the status of the server certificate and caches the response for the specified time. If the response is valid at the time of SSL handshake with the client, the OCSP-based server certificate status is sent to the client during the handshake.
		DISABLED: The appliance does not check the status of the server certificate.
	*/
	Ocspstapling string `json:"ocspstapling,omitempty"`
	/**
	* State of server authentication support for the SSL service.
	 */
	Serverauth string `json:"serverauth,omitempty"`
	/**
	* Name to be checked against the CommonName (CN) field in the server certificate bound to the SSL server
	 */
	Commonname string `json:"commonname,omitempty"`
	/**
	* Trigger encryption on the basis of the PUSH flag value. Available settings function as follows:
		* ALWAYS - Any PUSH packet triggers encryption.
		* IGNORE - Ignore PUSH packet for triggering encryption.
		* MERGE - For a consecutive sequence of PUSH packets, the last PUSH packet triggers encryption.
		* TIMER - PUSH packet triggering encryption is delayed by the time defined in the set ssl parameter command or in the Change Advanced SSL Settings dialog box.
	*/
	Pushenctrigger string `json:"pushenctrigger,omitempty"`
	/**
	* Enable sending SSL Close-Notify at the end of a transaction
	 */
	Sendclosenotify string `json:"sendclosenotify,omitempty"`
	/**
	* Name of the DTLS profile that contains DTLS settings for the service.
	 */
	Dtlsprofilename string `json:"dtlsprofilename,omitempty"`
	/**
	* Name of the SSL profile that contains SSL settings for the service.
	 */
	Sslprofile string `json:"sslprofile,omitempty"`
	/**
	* Parameter indicating to check whether peer's certificate during TLS1.2 handshake is signed with one of signature-hash combination supported by Citrix ADC
	 */
	Strictsigdigestcheck string `json:"strictsigdigestcheck,omitempty"`

	Nonfipsciphers string `json:"nonfipsciphers,omitempty"`
	Service        string `json:"service,omitempty"`
	Skipcaname     string `json:"skipcaname,omitempty"`
	Dtlsflag       string `json:"dtlsflag,omitempty"`
}

* * Configuration for SSL service resource.

type Sslservicebinding 

type Sslservicebinding struct {
	/**
	* Name of the SSL service for which to show detailed information.<br/>Minimum value =
	 */
	Servicename string `json:"servicename,omitempty"`
}

* * Binding object which returns the resources bound to sslservice_binding.

type Sslservicecertkeybinding 

type Sslservicecertkeybinding struct {
	/**
	* The certificate key pair binding.
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
	/**
	* The clearTextPort settings.
	 */
	Cleartextport int32 `json:"cleartextport,omitempty"`
	/**
	* The state of the CRL check parameter. (Mandatory/Optional)
	 */
	Crlcheck string `json:"crlcheck,omitempty"`
	/**
	* Rule to use for the OCSP responder associated with the CA certificate during client authentication. If MANDATORY is specified, deny all SSL clients if the OCSP check fails because of connectivity issues with the remote OCSP server, or any other reason that prevents the OCSP check. With the OPTIONAL setting, allow SSL clients even if the OCSP check fails except when the client certificate is revoked.
	 */
	Ocspcheck string `json:"ocspcheck,omitempty"`
	/**
	* CA certificate.
	 */
	Ca bool `json:"ca,omitempty"`
	/**
	* The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing.
	 */
	Snicert bool `json:"snicert,omitempty"`
	/**
	* The flag is used to indicate whether this particular CA certificate's CA_Name needs to be sent to the SSL client while requesting      for client certificate in a SSL handshake
	 */
	Skipcaname bool `json:"skipcaname,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
}

* * Binding class showing the certkey that can be bound to sslservice.

type Sslservicecipherbinding 

type Sslservicecipherbinding struct {
	/**
	* The cipher group/alias/individual cipher configuration.
	 */
	Cipheraliasname string `json:"cipheraliasname,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
	/**
	* Name of the individual cipher, user-defined cipher group, or predefined (built-in) cipher alias.
	 */
	Ciphername string `json:"ciphername,omitempty"`
}

* * Binding class showing the cipher that can be bound to sslservice.

type Sslserviceciphersuitebinding 

type Sslserviceciphersuitebinding struct {
	/**
	* The cipher group/alias/individual cipher configuration
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
}

* * Binding class showing the ciphersuite that can be bound to sslservice.

type Sslserviceecccurvebinding 

type Sslserviceecccurvebinding struct {
	/**
	* Named ECC curve bound to service/vserver.
	 */
	Ecccurvename string `json:"ecccurvename,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
}

* * Binding class showing the ecccurve that can be bound to sslservice.

type Sslservicegroup 

type Sslservicegroup struct {
	/**
	* Name of the SSL service group for which to set advanced configuration.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
	/**
	* Name of the SSL profile that contains SSL settings for the Service Group.
	 */
	Sslprofile string `json:"sslprofile,omitempty"`
	/**
	* State of session reuse. Establishing the initial handshake requires CPU-intensive public key encryption operations. With the ENABLED setting, session key exchange is avoided for session resumption requests received from the client.
	 */
	Sessreuse string `json:"sessreuse,omitempty"`
	/**
	* Time, in seconds, for which to keep the session active. Any session resumption request received after the timeout period will require a fresh SSL handshake and establishment of a new SSL session.
	 */
	Sesstimeout int `json:"sesstimeout,omitempty"`
	/**
	* State of SSLv3 protocol support for the SSL service group.
		Note: On platforms with SSL acceleration chips, if the SSL chip does not support SSLv3, this parameter cannot be set to ENABLED.
	*/
	Ssl3 string `json:"ssl3,omitempty"`
	/**
	* State of TLSv1.0 protocol support for the SSL service group.
	 */
	Tls1 string `json:"tls1,omitempty"`
	/**
	* State of TLSv1.1 protocol support for the SSL service group.
	 */
	Tls11 string `json:"tls11,omitempty"`
	/**
	* State of TLSv1.2 protocol support for the SSL service group.
	 */
	Tls12 string `json:"tls12,omitempty"`
	/**
	* State of TLSv1.3 protocol support for the SSL service group.
	 */
	Tls13 string `json:"tls13,omitempty"`
	/**
	* State of the Server Name Indication (SNI) feature on the service. SNI helps to enable SSL encryption on multiple domains on a single virtual server or service if the domains are controlled by the same organization and share the same second-level domain name. For example, *.sports.net can be used to secure domains such as login.sports.net and help.sports.net.
	 */
	Snienable string `json:"snienable,omitempty"`
	/**
	* State of OCSP stapling support on the SSL virtual server. Supported only if the protocol used is higher than SSLv3. Possible values:
		ENABLED: The appliance sends a request to the OCSP responder to check the status of the server certificate and caches the response for the specified time. If the response is valid at the time of SSL handshake with the client, the OCSP-based server certificate status is sent to the client during the handshake.
		DISABLED: The appliance does not check the status of the server certificate.
	*/
	Ocspstapling string `json:"ocspstapling,omitempty"`
	/**
	* State of server authentication support for the SSL service group.
	 */
	Serverauth string `json:"serverauth,omitempty"`
	/**
	* Name to be checked against the CommonName (CN) field in the server certificate bound to the SSL server
	 */
	Commonname string `json:"commonname,omitempty"`
	/**
	* Enable sending SSL Close-Notify at the end of a transaction
	 */
	Sendclosenotify string `json:"sendclosenotify,omitempty"`
	/**
	* Parameter indicating to check whether peer's certificate is signed with one of signature-hash combination supported by Citrix ADC
	 */
	Strictsigdigestcheck string `json:"strictsigdigestcheck,omitempty"`

	Dh                  string `json:"dh,omitempty"`
	Dhfile              string `json:"dhfile,omitempty"`
	Dhcount             string `json:"dhcount,omitempty"`
	Dhkeyexpsizelimit   string `json:"dhkeyexpsizelimit,omitempty"`
	Ersa                string `json:"ersa,omitempty"`
	Ersacount           string `json:"ersacount,omitempty"`
	Cipherredirect      string `json:"cipherredirect,omitempty"`
	Cipherurl           string `json:"cipherurl,omitempty"`
	Sslv2redirect       string `json:"sslv2redirect,omitempty"`
	Sslv2url            string `json:"sslv2url,omitempty"`
	Clientauth          string `json:"clientauth,omitempty"`
	Clientcert          string `json:"clientcert,omitempty"`
	Sslredirect         string `json:"sslredirect,omitempty"`
	Redirectportrewrite string `json:"redirectportrewrite,omitempty"`
	Nonfipsciphers      string `json:"nonfipsciphers,omitempty"`
	Ssl2                string `json:"ssl2,omitempty"`
	Ocspcheck           string `json:"ocspcheck,omitempty"`
	Crlcheck            string `json:"crlcheck,omitempty"`
	Cleartextport       string `json:"cleartextport,omitempty"`
	Servicename         string `json:"servicename,omitempty"`
	Ca                  string `json:"ca,omitempty"`
	Snicert             string `json:"snicert,omitempty"`
}

* * Configuration for SSL service group resource.

type Sslservicegroupbinding 

type Sslservicegroupbinding struct {
	/**
	* Name of the SSL service group for which to show detailed information.<br/>Minimum value =
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
}

* * Binding object which returns the resources bound to sslservicegroup_binding.

type Sslservicegroupcertkeybinding 

type Sslservicegroupcertkeybinding struct {
	/**
	* The name of the certificate bound to the SSL service group.
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
	/**
	* The state of the CRL check parameter. (Mandatory/Optional)
	 */
	Crlcheck string `json:"crlcheck,omitempty"`
	/**
	* The state of the OCSP check parameter. (Mandatory/Optional)
	 */
	Ocspcheck string `json:"ocspcheck,omitempty"`
	/**
	* CA certificate.
	 */
	Ca bool `json:"ca,omitempty"`
	/**
	* The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing.
	 */
	Snicert bool `json:"snicert,omitempty"`
	/**
	* The name of the SSL service to which the SSL policy needs to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
}

* * Binding class showing the certkey that can be bound to sslservicegroup.

type Sslservicegroupcipherbinding 

type Sslservicegroupcipherbinding struct {
	/**
	* The name of the cipher group/alias/name configured for the SSL service group.
	 */
	Cipheraliasname string `json:"cipheraliasname,omitempty"`
	/**
	* The description of the cipher.
	 */
	Description string `json:"description,omitempty"`
	/**
	* The name of the SSL service to which the SSL policy needs to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphername string `json:"ciphername,omitempty"`
}

* * Binding class showing the cipher that can be bound to sslservicegroup.

type Sslservicegroupciphersuitebinding 

type Sslservicegroupciphersuitebinding struct {
	/**
	* The name of the cipher group/alias/name configured for the SSL service group.
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* The description of the cipher.
	 */
	Description string `json:"description,omitempty"`
	/**
	* The name of the SSL service to which the SSL policy needs to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
}

* * Binding class showing the ciphersuite that can be bound to sslservicegroup.

type Sslservicegroupecccurvebinding 

type Sslservicegroupecccurvebinding struct {
	/**
	* Named ECC curve bound to servicegroup.
	 */
	Ecccurvename string `json:"ecccurvename,omitempty"`
	/**
	* The name of the SSL service to which the SSL policy needs to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
}

* * Binding class showing the ecccurve that can be bound to sslservicegroup.

type Sslservicegroupsslcertkeybinding 

type Sslservicegroupsslcertkeybinding struct {
	/**
	* The name of the certificate bound to the SSL service group.
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
	/**
	* The state of the CRL check parameter. (Mandatory/Optional)
	 */
	Crlcheck string `json:"crlcheck,omitempty"`
	/**
	* The state of the OCSP check parameter. (Mandatory/Optional)
	 */
	Ocspcheck string `json:"ocspcheck,omitempty"`
	/**
	* CA certificate.
	 */
	Ca bool `json:"ca,omitempty"`
	/**
	* The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing.
	 */
	Snicert bool `json:"snicert,omitempty"`
	/**
	* The name of the SSL service to which the SSL policy needs to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
}

* * Binding class showing the sslcertkey that can be bound to sslservicegroup.

type Sslservicegroupsslcipherbinding 

type Sslservicegroupsslcipherbinding struct {
	/**
	* The name of the cipher group/alias/name configured for the SSL service group.
	 */
	Cipheraliasname string `json:"cipheraliasname,omitempty"`
	/**
	* The description of the cipher.
	 */
	Description string `json:"description,omitempty"`
	/**
	* The name of the SSL service to which the SSL policy needs to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
	/**
	* A cipher-suite can consist of an individual cipher name, the system predefined cipher-alias name, or user defined cipher-group name.
	 */
	Ciphername string `json:"ciphername,omitempty"`
}

* * Binding class showing the sslcipher that can be bound to sslservicegroup.

type Sslservicegroupsslciphersuitebinding 

type Sslservicegroupsslciphersuitebinding struct {
	/**
	* The name of the cipher group/alias/name configured for the SSL service group.
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* The description of the cipher.
	 */
	Description string `json:"description,omitempty"`
	/**
	* The name of the SSL service to which the SSL policy needs to be bound.
	 */
	Servicegroupname string `json:"servicegroupname,omitempty"`
}

* * Binding class showing the sslciphersuite that can be bound to sslservicegroup.

type Sslservicepolicybinding 

type Sslservicepolicybinding struct {
	/**
	* The SSL policy binding.
	 */
	Policyname string `json:"policyname,omitempty"`
	/**
	* The priority of the policies bound to this SSL service
	 */
	Priority uint32 `json:"priority,omitempty"`
	/**
	* Whether the bound policy is a inherited policy or not
	 */
	Polinherit uint32 `json:"polinherit,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Invoke flag. This attribute is relevant only for ADVANCED policies
	 */
	Invoke bool `json:"invoke,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
}

* * Binding class showing the policy that can be bound to sslservice.

type Sslservicesslcertkeybinding 

type Sslservicesslcertkeybinding struct {
	/**
	* The certificate key pair binding.
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
	/**
	* The clearTextPort settings.
	 */
	Cleartextport int `json:"cleartextport,omitempty"`
	/**
	* The state of the CRL check parameter. (Mandatory/Optional)
	 */
	Crlcheck string `json:"crlcheck,omitempty"`
	/**
	* Rule to use for the OCSP responder associated with the CA certificate during client authentication. If MANDATORY is specified, deny all SSL clients if the OCSP check fails because of connectivity issues with the remote OCSP server, or any other reason that prevents the OCSP check. With the OPTIONAL setting, allow SSL clients even if the OCSP check fails except when the client certificate is revoked.
	 */
	Ocspcheck string `json:"ocspcheck,omitempty"`
	/**
	* CA certificate.
	 */
	Ca bool `json:"ca,omitempty"`
	/**
	* The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing.
	 */
	Snicert bool `json:"snicert,omitempty"`
	/**
	* The flag is used to indicate whether this particular CA certificate's CA_Name needs to be sent to the SSL client while requesting      for client certificate in a SSL handshake
	 */
	Skipcaname bool `json:"skipcaname,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
}

* * Binding class showing the sslcertkey that can be bound to sslservice.

type Sslservicesslcipherbinding 

type Sslservicesslcipherbinding struct {
	/**
	* The cipher group/alias/individual cipher configuration.
	 */
	Cipheraliasname string `json:"cipheraliasname,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
	/**
	* Name of the individual cipher, user-defined cipher group, or predefined (built-in) cipher alias.
	 */
	Ciphername string `json:"ciphername,omitempty"`
}

* * Binding class showing the sslcipher that can be bound to sslservice.

type Sslservicesslciphersuitebinding 

type Sslservicesslciphersuitebinding struct {
	/**
	* The cipher group/alias/individual cipher configuration
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
}

* * Binding class showing the sslciphersuite that can be bound to sslservice.

type Sslservicesslpolicybinding 

type Sslservicesslpolicybinding struct {
	/**
	* The SSL policy binding.
	 */
	Policyname string `json:"policyname,omitempty"`
	/**
	* The priority of the policies bound to this SSL service
	 */
	Priority int `json:"priority,omitempty"`
	/**
	* Whether the bound policy is a inherited policy or not
	 */
	Polinherit int `json:"polinherit,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Invoke flag. This attribute is relevant only for ADVANCED policies
	 */
	Invoke bool `json:"invoke,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL service for which to set advanced configuration.
	 */
	Servicename string `json:"servicename,omitempty"`
}

* * Binding class showing the sslpolicy that can be bound to sslservice.

type Sslvserver 

type Sslvserver struct {
	/**
	* Name of the SSL virtual server for which to set advanced configuration.
	 */
	Vservername string `json:"vservername,omitempty"`
	/**
	* Port on which clear-text data is sent by the appliance to the server. Do not specify this parameter for SSL offloading with end-to-end encryption.
	 */
	Cleartextport int `json:"cleartextport,omitempty"`
	/**
	* State of Diffie-Hellman (DH) key exchange.
	 */
	Dh string `json:"dh,omitempty"`
	/**
	* Name of and, optionally, path to the DH parameter file, in PEM format, to be installed. /nsconfig/ssl/ is the default path.
	 */
	Dhfile string `json:"dhfile,omitempty"`
	/**
	* Number of interactions, between the client and the Citrix ADC, after which the DH private-public pair is regenerated. A value of zero (0) specifies refresh every time.
	 */
	Dhcount int `json:"dhcount,omitempty"`
	/**
	* This option enables the use of NIST recommended (NIST Special Publication 800-56A) bit size for private-key size. For example, for DH params of size 2048bit, the private-key size recommended is 224bits. This is rounded-up to 256bits.
	 */
	Dhkeyexpsizelimit string `json:"dhkeyexpsizelimit,omitempty"`
	/**
	* State of Ephemeral RSA (eRSA) key exchange. Ephemeral RSA allows clients that support only export ciphers to communicate with the secure server even if the server certificate does not support export clients. The ephemeral RSA key is automatically generated when you bind an export cipher to an SSL or TCP-based SSL virtual server or service. When you remove the export cipher, the eRSA key is not deleted. It is reused at a later date when another export cipher is bound to an SSL or TCP-based SSL virtual server or service. The eRSA key is deleted when the appliance restarts.
	 */
	Ersa string `json:"ersa,omitempty"`
	/**
	* Refresh count for regeneration of the RSA public-key and private-key pair. Zero (0) specifies infinite usage (no refresh).
	 */
	Ersacount int `json:"ersacount,omitempty"`
	/**
	* State of session reuse. Establishing the initial handshake requires CPU-intensive public key encryption operations. With the ENABLED setting, session key exchange is avoided for session resumption requests received from the client.
	 */
	Sessreuse string `json:"sessreuse,omitempty"`
	/**
	* Time, in seconds, for which to keep the session active. Any session resumption request received after the timeout period will require a fresh SSL handshake and establishment of a new SSL session.
	 */
	Sesstimeout int `json:"sesstimeout,omitempty"`
	/**
	* State of Cipher Redirect. If cipher redirect is enabled, you can configure an SSL virtual server or service to display meaningful error messages if the SSL handshake fails because of a cipher mismatch between the virtual server or service and the client.
	 */
	Cipherredirect string `json:"cipherredirect,omitempty"`
	/**
	* The redirect URL to be used with the Cipher Redirect feature.
	 */
	Cipherurl string `json:"cipherurl,omitempty"`
	/**
	* State of SSLv2 Redirect. If SSLv2 redirect is enabled, you can configure an SSL virtual server or service to display meaningful error messages if the SSL handshake fails because of a protocol version mismatch between the virtual server or service and the client.
	 */
	Sslv2redirect string `json:"sslv2redirect,omitempty"`
	/**
	* URL of the page to which to redirect the client in case of a protocol version mismatch. Typically, this page has a clear explanation of the error or an alternative location that the transaction can continue from.
	 */
	Sslv2url string `json:"sslv2url,omitempty"`
	/**
	* State of client authentication. If client authentication is enabled, the virtual server terminates the SSL handshake if the SSL client does not provide a valid certificate.
	 */
	Clientauth string `json:"clientauth,omitempty"`
	/**
	* Type of client authentication. If this parameter is set to MANDATORY, the appliance terminates the SSL handshake if the SSL client does not provide a valid certificate. With the OPTIONAL setting, the appliance requests a certificate from the SSL clients but proceeds with the SSL transaction even if the client presents an invalid certificate.
		Caution: Define proper access control policies before changing this setting to Optional.
	*/
	Clientcert string `json:"clientcert,omitempty"`
	/**
	* State of HTTPS redirects for the SSL virtual server.
		For an SSL session, if the client browser receives a redirect message, the browser tries to connect to the new location. However, the secure SSL session breaks if the object has moved from a secure site (https://) to an unsecure site (http://). Typically, a warning message appears on the screen, prompting the user to continue or disconnect.
		If SSL Redirect is ENABLED, the redirect message is automatically converted from http:// to https:// and the SSL session does not break.
	*/
	Sslredirect string `json:"sslredirect,omitempty"`
	/**
	* State of the port rewrite while performing HTTPS redirect. If this parameter is ENABLED and the URL from the server does not contain the standard port, the port is rewritten to the standard.
	 */
	Redirectportrewrite string `json:"redirectportrewrite,omitempty"`
	/**
	* State of SSLv2 protocol support for the SSL Virtual Server.
	 */
	Ssl2 string `json:"ssl2,omitempty"`
	/**
	* State of SSLv3 protocol support for the SSL Virtual Server.
		Note: On platforms with SSL acceleration chips, if the SSL chip does not support SSLv3, this parameter cannot be set to ENABLED.
	*/
	Ssl3 string `json:"ssl3,omitempty"`
	/**
	* State of TLSv1.0 protocol support for the SSL Virtual Server.
	 */
	Tls1 string `json:"tls1,omitempty"`
	/**
	* State of TLSv1.1 protocol support for the SSL Virtual Server.
	 */
	Tls11 string `json:"tls11,omitempty"`
	/**
	* State of TLSv1.2 protocol support for the SSL Virtual Server.
	 */
	Tls12 string `json:"tls12,omitempty"`
	/**
	* State of TLSv1.3 protocol support for the SSL Virtual Server.
	 */
	Tls13 string `json:"tls13,omitempty"`
	/**
	* State of DTLSv1.0 protocol support for the SSL Virtual Server.
	 */
	Dtls1 string `json:"dtls1,omitempty"`
	/**
	* State of DTLSv1.2 protocol support for the SSL Virtual Server.
	 */
	Dtls12 string `json:"dtls12,omitempty"`
	/**
	* State of the Server Name Indication (SNI) feature on the virtual server and service-based offload. SNI helps to enable SSL encryption on multiple domains on a single virtual server or service if the domains are controlled by the same organization and share the same second-level domain name. For example, *.sports.net can be used to secure domains such as login.sports.net and help.sports.net.
	 */
	Snienable string `json:"snienable,omitempty"`
	/**
	* State of OCSP stapling support on the SSL virtual server. Supported only if the protocol used is higher than SSLv3. Possible values:
		ENABLED: The appliance sends a request to the OCSP responder to check the status of the server certificate and caches the response for the specified time. If the response is valid at the time of SSL handshake with the client, the OCSP-based server certificate status is sent to the client during the handshake.
		DISABLED: The appliance does not check the status of the server certificate.
	*/
	Ocspstapling string `json:"ocspstapling,omitempty"`
	/**
	* Trigger encryption on the basis of the PUSH flag value. Available settings function as follows:
		* ALWAYS - Any PUSH packet triggers encryption.
		* IGNORE - Ignore PUSH packet for triggering encryption.
		* MERGE - For a consecutive sequence of PUSH packets, the last PUSH packet triggers encryption.
		* TIMER - PUSH packet triggering encryption is delayed by the time defined in the set ssl parameter command or in the Change Advanced SSL Settings dialog box.
	*/
	Pushenctrigger string `json:"pushenctrigger,omitempty"`
	/**
	* Enable sending SSL Close-Notify at the end of a transaction
	 */
	Sendclosenotify string `json:"sendclosenotify,omitempty"`
	/**
	* Name of the DTLS profile whose settings are to be applied to the virtual server.
	 */
	Dtlsprofilename string `json:"dtlsprofilename,omitempty"`
	/**
	* Name of the SSL profile that contains SSL settings for the virtual server.
	 */
	Sslprofile string `json:"sslprofile,omitempty"`
	/**
	* State of HSTS protocol support for the SSL Virtual Server. Using HSTS, a server can enforce the use of an HTTPS connection for all communication with a client
	 */
	Hsts string `json:"hsts,omitempty"`
	/**
	* Set the maximum time, in seconds, in the strict transport security (STS) header during which the client must send only HTTPS requests to the server
	 */
	Maxage int `json:"maxage,omitempty"`
	/**
	* Enable HSTS for subdomains. If set to Yes, a client must send only HTTPS requests for subdomains.
	 */
	Includesubdomains string `json:"includesubdomains,omitempty"`
	/**
	* Flag indicates the consent of the site owner to have their domain preloaded.
	 */
	Preload string `json:"preload,omitempty"`
	/**
	* Parameter indicating to check whether peer entity certificate during TLS1.2 handshake is signed with one of signature-hash combination supported by Citrix ADC.
	 */
	Strictsigdigestcheck string `json:"strictsigdigestcheck,omitempty"`
	/**
	* State of TLS 1.3 0-RTT early data support for the SSL Virtual Server. This setting only has an effect if resumption is enabled, as early data cannot be sent along with an initial handshake.
		Early application data has significantly different security properties - in particular there is no guarantee that the data cannot be replayed.
	*/
	Zerorttearlydata string `json:"zerorttearlydata,omitempty"`
	/**
	* Number of tickets the SSL Virtual Server will issue anytime TLS 1.3 is negotiated, ticket-based resumption is enabled, and either (1) a handshake completes or (2) post-handhsake client auth completes.
		This value can be increased to enable clients to open multiple parallel connections using a fresh ticket for each connection.
		No tickets are sent if resumption is disabled.
	*/
	Tls13sessionticketsperauthcontext int `json:"tls13sessionticketsperauthcontext,omitempty"`
	/**
	* Whether or not the SSL Virtual Server will require a DHE key exchange to occur when a PSK is accepted during a TLS 1.3 resumption handshake.
		A DHE key exchange ensures forward secrecy even in the event that ticket keys are compromised, at the expense of an additional round trip and resources required to carry out the DHE key exchange.
		If disabled, a DHE key exchange will be performed when a PSK is accepted but only if requested by the client.
		If enabled, the server will require a DHE key exchange when a PSK is accepted regardless of whether the client supports combined PSK-DHE key exchange. This setting only has an effect when resumption is enabled.
	*/
	Dhekeyexchangewithpsk string `json:"dhekeyexchangewithpsk,omitempty"`

	Crlcheck       string `json:"crlcheck,omitempty"`
	Nonfipsciphers string `json:"nonfipsciphers,omitempty"`
	Service        string `json:"service,omitempty"`
	Ocspcheck      string `json:"ocspcheck,omitempty"`
	Ca             string `json:"ca,omitempty"`
	Snicert        string `json:"snicert,omitempty"`
	Skipcaname     string `json:"skipcaname,omitempty"`
	Dtlsflag       string `json:"dtlsflag,omitempty"`
}

* * Configuration for SSL virtual server resource.

type Sslvserverbinding 

type Sslvserverbinding struct {
	/**
	* Name of the SSL virtual server for which to show detailed information.<br/>Minimum value =
	 */
	Vservername string `json:"vservername,omitempty"`
}

* * Binding object which returns the resources bound to sslvserver_binding.

type Sslvservercertkeybinding 

type Sslvservercertkeybinding struct {
	/**
	* The name of the certificate key pair binding.
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
	/**
	* The state of the CRL check parameter. (Mandatory/Optional)
	 */
	Crlcheck string `json:"crlcheck,omitempty"`
	/**
	* The state of the OCSP check parameter. (Mandatory/Optional)
	 */
	Ocspcheck string `json:"ocspcheck,omitempty"`
	/**
	* Port on which clear-text data is sent by the appliance to the server. Do not specify this parameter for SSL offloading with end-to-end encryption.
	 */
	Cleartextport int32 `json:"cleartextport,omitempty"`
	/**
	* CA certificate.
	 */
	Ca bool `json:"ca,omitempty"`
	/**
	* The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing.
	 */
	Snicert bool `json:"snicert,omitempty"`
	/**
	* The flag is used to indicate whether this particular CA certificate's CA_Name needs to be sent to the SSL client while requesting for client certificate in a SSL handshake
	 */
	Skipcaname bool `json:"skipcaname,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
}

* * Binding class showing the certkey that can be bound to sslvserver.

type Sslvservercipherbinding 

type Sslvservercipherbinding struct {
	/**
	* The name of the cipher group/alias/individual cipheri bindings.
	 */
	Cipheraliasname string `json:"cipheraliasname,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
	/**
	* Name of the individual cipher, user-defined cipher group, or predefined (built-in) cipher alias.
	 */
	Ciphername string `json:"ciphername,omitempty"`
}

* * Binding class showing the cipher that can be bound to sslvserver.

type Sslvserverciphersuitebinding 

type Sslvserverciphersuitebinding struct {
	/**
	* The cipher group/alias/individual cipher configuration
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
}

* * Binding class showing the ciphersuite that can be bound to sslvserver.

type Sslvserverecccurvebinding 

type Sslvserverecccurvebinding struct {
	/**
	* Named ECC curve bound to vserver/service.
	 */
	Ecccurvename string `json:"ecccurvename,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
}

* * Binding class showing the ecccurve that can be bound to sslvserver.

type Sslvserverpolicybinding 

type Sslvserverpolicybinding struct {
	/**
	* The name of the SSL policy binding.
	 */
	Policyname string `json:"policyname,omitempty"`
	/**
	* The priority of the policies bound to this SSL service
	 */
	Priority uint32 `json:"priority,omitempty"`
	/**
	* Bind point to which to bind the policy. Possible Values: REQUEST, INTERCEPT_REQ and CLIENTHELLO_REQ. These bindpoints mean:
		1. REQUEST: Policy evaluation will be done at appplication above SSL. This bindpoint is default and is used for actions based on clientauth and client cert.
		2. INTERCEPT_REQ: Policy evaluation will be done during SSL handshake to decide whether to intercept or not. Actions allowed with this type are: INTERCEPT, BYPASS and RESET.
		3. CLIENTHELLO_REQ: Policy evaluation will be done during handling of Client Hello Request. Action allowed with this type is: RESET, FORWARD and PICKCACERTGRP.
	*/
	Type string `json:"type,omitempty"`
	/**
	* Whether the bound policy is a inherited policy or not
	 */
	Polinherit uint32 `json:"polinherit,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Invoke flag. This attribute is relevant only for ADVANCED policies
	 */
	Invoke bool `json:"invoke,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
}

* * Binding class showing the policy that can be bound to sslvserver.

type Sslvserversslcertkeybinding 

type Sslvserversslcertkeybinding struct {
	/**
	* The name of the certificate key pair binding.
	 */
	Certkeyname string `json:"certkeyname,omitempty"`
	/**
	* The state of the CRL check parameter. (Mandatory/Optional)
	 */
	Crlcheck string `json:"crlcheck,omitempty"`
	/**
	* The state of the OCSP check parameter. (Mandatory/Optional)
	 */
	Ocspcheck string `json:"ocspcheck,omitempty"`
	/**
	* Port on which clear-text data is sent by the appliance to the server. Do not specify this parameter for SSL offloading with end-to-end encryption.
	 */
	Cleartextport int `json:"cleartextport,omitempty"`
	/**
	* CA certificate.
	 */
	Ca bool `json:"ca,omitempty"`
	/**
	* The name of the CertKey. Use this option to bind Certkey(s) which will be used in SNI processing.
	 */
	Snicert bool `json:"snicert,omitempty"`
	/**
	* The flag is used to indicate whether this particular CA certificate's CA_Name needs to be sent to the SSL client while requesting for client certificate in a SSL handshake
	 */
	Skipcaname bool `json:"skipcaname,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
}

* * Binding class showing the sslcertkey that can be bound to sslvserver.

type Sslvserversslcipherbinding 

type Sslvserversslcipherbinding struct {
	/**
	* The name of the cipher group/alias/individual cipheri bindings.
	 */
	Cipheraliasname string `json:"cipheraliasname,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
	/**
	* Name of the individual cipher, user-defined cipher group, or predefined (built-in) cipher alias.
	 */
	Ciphername string `json:"ciphername,omitempty"`
}

* * Binding class showing the sslcipher that can be bound to sslvserver.

type Sslvserversslciphersuitebinding 

type Sslvserversslciphersuitebinding struct {
	/**
	* The cipher group/alias/individual cipher configuration
	 */
	Ciphername string `json:"ciphername,omitempty"`
	/**
	* The cipher suite description.
	 */
	Description string `json:"description,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
}

* * Binding class showing the sslciphersuite that can be bound to sslvserver.

type Sslvserversslpolicybinding 

type Sslvserversslpolicybinding struct {
	/**
	* The name of the SSL policy binding.
	 */
	Policyname string `json:"policyname,omitempty"`
	/**
	* The priority of the policies bound to this SSL service
	 */
	Priority int `json:"priority,omitempty"`
	/**
	* Bind point to which to bind the policy. Possible Values: REQUEST, INTERCEPT_REQ and CLIENTHELLO_REQ. These bindpoints mean:
		1. REQUEST: Policy evaluation will be done at appplication above SSL. This bindpoint is default and is used for actions based on clientauth and client cert.
		2. INTERCEPT_REQ: Policy evaluation will be done during SSL handshake to decide whether to intercept or not. Actions allowed with this type are: INTERCEPT, BYPASS and RESET.
		3. CLIENTHELLO_REQ: Policy evaluation will be done during handling of Client Hello Request. Action allowed with this type is: RESET, FORWARD and PICKCACERTGRP.
	*/
	Type string `json:"type,omitempty"`
	/**
	* Whether the bound policy is a inherited policy or not
	 */
	Polinherit int `json:"polinherit,omitempty"`
	/**
	* Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
	 */
	Gotopriorityexpression string `json:"gotopriorityexpression,omitempty"`
	/**
	* Invoke flag. This attribute is relevant only for ADVANCED policies
	 */
	Invoke bool `json:"invoke,omitempty"`
	/**
	* Type of policy label invocation.
	 */
	Labeltype string `json:"labeltype,omitempty"`
	/**
	* Name of the label to invoke if the current policy rule evaluates to TRUE.
	 */
	Labelname string `json:"labelname,omitempty"`
	/**
	* Name of the SSL virtual server.
	 */
	Vservername string `json:"vservername,omitempty"`
}

* * Binding class showing the sslpolicy that can be bound to sslvserver.

type Sslwrapkey 

type Sslwrapkey struct {
	/**
	* Name for the wrap key. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the wrap key is created.
		The following requirement applies only to the Citrix ADC CLI:
		If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my key" or 'my key').
	*/
	Wrapkeyname string `json:"wrapkeyname,omitempty"`
	/**
	* Password string for the wrap key.
	 */
	Password string `json:"password,omitempty"`
	/**
	* Salt string for the wrap key.
	 */
	Salt string `json:"salt,omitempty"`
}

* * Configuration for WRAP key resource.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.