The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.
↳ client_tls_policy
string
Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.
↳ subject_alt_names
array
Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
getAwsV4Authentication
The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.
The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.
Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.
Returns
Type
Description
string
hasClientTlsPolicy
clearClientTlsPolicy
setClientTlsPolicy
Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.
Parameter
Name
Description
var
string
Returns
Type
Description
$this
getSubjectAltNames
Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Compute V1 Client - Class SecuritySettings (1.35.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.35.0 (latest)](/php/docs/reference/cloud-compute/latest/V1.SecuritySettings)\n- [1.34.0](/php/docs/reference/cloud-compute/1.34.0/V1.SecuritySettings)\n- [1.33.0](/php/docs/reference/cloud-compute/1.33.0/V1.SecuritySettings)\n- [1.32.0](/php/docs/reference/cloud-compute/1.32.0/V1.SecuritySettings)\n- [1.31.0](/php/docs/reference/cloud-compute/1.31.0/V1.SecuritySettings)\n- [1.30.0](/php/docs/reference/cloud-compute/1.30.0/V1.SecuritySettings)\n- [1.29.0](/php/docs/reference/cloud-compute/1.29.0/V1.SecuritySettings)\n- [1.28.0](/php/docs/reference/cloud-compute/1.28.0/V1.SecuritySettings)\n- [1.27.0](/php/docs/reference/cloud-compute/1.27.0/V1.SecuritySettings)\n- [1.26.0](/php/docs/reference/cloud-compute/1.26.0/V1.SecuritySettings)\n- [1.25.0](/php/docs/reference/cloud-compute/1.25.0/V1.SecuritySettings)\n- [1.24.0](/php/docs/reference/cloud-compute/1.24.0/V1.SecuritySettings)\n- [1.23.0](/php/docs/reference/cloud-compute/1.23.0/V1.SecuritySettings)\n- [1.22.1](/php/docs/reference/cloud-compute/1.22.1/V1.SecuritySettings)\n- [1.21.0](/php/docs/reference/cloud-compute/1.21.0/V1.SecuritySettings)\n- [1.20.0](/php/docs/reference/cloud-compute/1.20.0/V1.SecuritySettings)\n- [1.19.0](/php/docs/reference/cloud-compute/1.19.0/V1.SecuritySettings)\n- [1.18.1](/php/docs/reference/cloud-compute/1.18.1/V1.SecuritySettings)\n- [1.17.0](/php/docs/reference/cloud-compute/1.17.0/V1.SecuritySettings)\n- [1.16.2](/php/docs/reference/cloud-compute/1.16.2/V1.SecuritySettings)\n- [1.14.0](/php/docs/reference/cloud-compute/1.14.0/V1.SecuritySettings)\n- [1.13.0](/php/docs/reference/cloud-compute/1.13.0/V1.SecuritySettings)\n- [1.12.1](/php/docs/reference/cloud-compute/1.12.1/V1.SecuritySettings)\n- [1.11.1](/php/docs/reference/cloud-compute/1.11.1/V1.SecuritySettings)\n- [1.10.1](/php/docs/reference/cloud-compute/1.10.1/V1.SecuritySettings)\n- [1.9.1](/php/docs/reference/cloud-compute/1.9.1/V1.SecuritySettings)\n- [1.8.3](/php/docs/reference/cloud-compute/1.8.3/V1.SecuritySettings)\n- [1.7.1](/php/docs/reference/cloud-compute/1.7.1/V1.SecuritySettings)\n- [1.6.1](/php/docs/reference/cloud-compute/1.6.1/V1.SecuritySettings)\n- [1.5.0](/php/docs/reference/cloud-compute/1.5.0/V1.SecuritySettings) \nReference documentation and code samples for the Compute V1 Client class SecuritySettings.\n\nThe authentication and authorization settings for a BackendService.\n\nGenerated from protobuf message `google.cloud.compute.v1.SecuritySettings`\n\nNamespace\n---------\n\nGoogle \\\\ Cloud \\\\ Compute \\\\ V1\n\nMethods\n-------\n\n### __construct\n\nConstructor.\n\n### getAwsV4Authentication\n\nThe configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.\n\n### hasAwsV4Authentication\n\n### clearAwsV4Authentication\n\n### setAwsV4Authentication\n\nThe configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends.\n\n### getClientTlsPolicy\n\nOptional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.\n\n### hasClientTlsPolicy\n\n### clearClientTlsPolicy\n\n### setClientTlsPolicy\n\nOptional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.\n\n### getSubjectAltNames\n\nOptional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).\n\n### setSubjectAltNames\n\nOptional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode)."]]
