| Parameter | Choices/Defaults | Comments | 
                
                                                            | cache_error_timeout 
                    integer
                                                                 |  | Specifies the lifetime of an error response in the cache, in seconds. | 
                            
                                                            | cache_timeout 
                    string
                                                                 |  | Specifies the lifetime of the OCSP response in the cache, in seconds. | 
                            
                                                            | certificate 
                    string
                                                                 |  | Specifies a certificate used to sign an OCSP request. | 
                            
                                                            | clock_skew 
                    integer
                                                                 |  | Specifies the tolerable absolute difference in the clocks of the responder and the BIG-IP system, in seconds. | 
                            
                                                            | connection_timeout 
                    integer
                                                                 |  | Specifies the time interval that the BIG-IP system waits for before ending the connection to the OCSP responder, in seconds. | 
                            
                                                            | connections_limit 
                    integer
                                                                 |  | Specifies the maximum number of connections per second allowed for the OCSP certificate validator. | 
                            
                                                            | dns_resolver 
                    string
                                                                 |  | Specifies the internal DNS resolver the BIG-IP system uses to fetch the OCSP response. This involves specifying one or more DNS servers in the DNS resolver configuration. Use this option when either there is a DNS server that can do the name-resolution of the OCSP responders or the OCSP responder can be reached on one of BIG-IP system's interfaces. | 
                            
                                                            | hash_algorithm 
                    string
                                                                 |  | Specifies a hash algorithm used to sign an OCSP request. | 
                            
                                                            | key 
                    string
                                                                 |  | Specifies a key used to sign an OCSP request. | 
                            
                                                            | name 
                    string
                                             / required                     |  | Specifies the name of the OCSP certificate validator. | 
                            
                                                            | partition 
                    string
                                                                 added in 2.5 | Default: 
 "Common" | Device partition to manage resources on. | 
                            
                                                            | passphrase 
                    string
                                                                 |  | Specifies a passphrase used to sign an OCSP request. | 
                            
                                                            | provider 
                    dictionary
                                                                 added in 2.5 |  | A dict object containing connection details. | 
                                                        
                                                |  | auth_provider 
                    string
                                                                 |  | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | 
                            
                                                |  | password 
                    string
                                             / required                     |  | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
 | 
                            
                                                |  | server 
                    string
                                             / required                     |  | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | 
                            
                                                |  | server_port 
                    integer
                                                                 | Default: 
 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | 
                            
                                                |  | ssh_keyfile 
                    path
                                                                 |  | Specifies the SSH keyfile to use to authenticate the connection to the remote device.  This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE. | 
                            
                                                |  | timeout 
                    integer
                                                                 |  | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | 
                            
                                                |  | transport 
                    string
                                                                 |  | Configures the transport connection to use when connecting to the remote device. | 
                            
                                                |  | user 
                    string
                                             / required                     |  | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | 
                            
                                                |  | validate_certs 
                    boolean
                                                                 |  | If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | 
                                            
                                                            | proxy_server_pool 
                    string
                                                                 |  | Specifies the proxy server pool the BIG-IP system uses to fetch the OCSP response. This involves creating a pool with proxy-servers. Use this option when either the OCSP responder cannot be reached on any of BIG-IP system's interfaces or one or more servers can proxy an HTTP request to an external server and fetch the response. | 
                            
                                                            | responder_url 
                    string
                                                                 |  | Specifies the absolute URL that overrides the OCSP responder URL obtained from the certificate's AIA extensions. This should be an HTTP-based URL. | 
                            
                                                            | route_domain 
                    string
                                                                 |  | Specifies the route domain for fetching an OCSP response using HTTP forward proxy. | 
                            
                                                            | state 
                    string
                                                                 | Choices:
                                                                                                                                                            present ←absent | When present, ensures that the resource exists. When absent, ensures that the resource does not exist. | 
                            
                                                            | status_age 
                    integer
                                                                 |  | Specifies the maximum allowed lag time that the BIG-IP system accepts for the 'thisUpdate' time in the OCSP response. | 
                            
                                                            | strict_responder_checking 
                    boolean
                                                                 |  | Specifies whether the responder's certificate is checked for an OCSP signing extension. | 
                            
                                                            | trusted_responders 
                    string
                                                                 |  | Specifies the certificates used for validating the OCSP response when the responder's certificate has been omitted from the response. | 
                            
                                                            | update_password 
                    string
                                                                 | Choices:
                                                                                                                                                            always ←on_create | alwayswill allow to update passwords if the user chooses to do so.on_createwill only set the password for newly created OCSP validators.
 |