-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00 -- (C)opyright 1999-2014 bintec elmeg GmbH -- $RCSfile: mib-cert,v $ -- $Revision: 1.8 $ FEC-CERT-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises, snmpModules, mib-2 FROM SNMPv2-SMI DisplayString, TestAndIncr, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF Date, HexValue FROM BINTEC-MIB ipsec FROM BINTEC-MIB; -- Management Information for the IPSec Subsystem of the BIANCA/BRICK, --------------------------------------------------------------------------- certMIB MODULE-IDENTITY LAST-UPDATED "201405210000Z" ORGANIZATION "bintec elmeg GmbH" CONTACT-INFO "EMail: info@bintec-elmeg.com Web: www.bintec-elmeg.com" DESCRIPTION "Management Information for the Certificate Management Subsystem" ::= { ipsec 251 } --------------------------------------------------------------------------- -- Management Information for the Certificate Management Subsystem of the -- BIANCA/BRICK, belongs to the IPSec Group. cert OBJECT IDENTIFIER ::= { ipsec 33 } -- Global Settings for Certificate Management certGlobals OBJECT IDENTIFIER ::= { cert 1 } --Static table containing global settings for the certificate management certGlobHttpProxy OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the HTTP proxy server which must be used to access the HTTP certificate servers defined. It takes either an IP-address or a fully qualified domain name." DEFVAL { "" } ::= { certGlobals 1 } certGlobSocksServer OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the SOCKS server which must be used to access the HTTP and LDAP certificate servers defined. It takes either an IP-address or a fully qualified domain name." DEFVAL { "" } ::= { certGlobals 2 } certGlobMaxCacheEntries OBJECT-TYPE SYNTAX INTEGER (64..8192) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the maximum number of certificate-cache entries allowed." DEFVAL { 64 } ::= { certGlobals 3 } certGlobMaxPathLength OBJECT-TYPE SYNTAX INTEGER (1..1024) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the maximum number of CA certificates accepted for certificate chains from a trusted root certificate to a peer certificate." DEFVAL { 1024 } ::= { certGlobals 4 } certGlobMaxRestarts OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the maximum number of restarts in one certificate search." DEFVAL { 10 } ::= { certGlobals 5 } certGlobMaxCertValidity OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the maximum validity period of a certificate in seconds. A certificate will not be considered valid for a longer period of time even if its validity field specifies a longer period." DEFVAL { 2592000 } -- ( 30 days ) ::= { certGlobals 6 } certGlobMaxCrlValidity OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the maximum validity period of a certificate revocation list in seconds. A crl will not be considered valid for a longer period of time even if its validity field specifies a longer period." DEFVAL { 86400 } -- ( 1 day ) ::= { certGlobals 7 } certGlobNegCachePeriod OBJECT-TYPE SYNTAX INTEGER (10 .. 16777216) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the period in seconds a certificate or crl search with a negative result will be remembered. Within this time, no new search will be performed for the same item." DEFVAL { 3600 } -- ( 1 hour ) ::= { certGlobals 8 } certGlobPosCachePeriod OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the period in seconds a certificate or crl will be stored in the local certificate cache." DEFVAL { 3600 } -- ( 1 hour ) ::= { certGlobals 9 } certGlobLogLevel OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the log level for certificate cache log events. All messages with a level higher than the value specified here are omitted, zero means no logging at all." DEFVAL { 0 } ::= { certGlobals 10 } -- Table of Certificate Servers certServerTable OBJECT-TYPE SYNTAX SEQUENCE OF CertServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The certServerTable contains the list of certificate servers used for certificate and crl requests." ::= { cert 2 } certServerEntry OBJECT-TYPE SYNTAX CertServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A certificate server entry defines the name of a certificate server together with the protocols used to access it." INDEX { certServerPreference } ::= { certServerTable 1 } CertServerEntry ::= SEQUENCE { certServerName DisplayString, certServerUrl DisplayString, certServerPreference INTEGER, certServerType INTEGER } certServerName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the name of a certificate server." ::= { certServerEntry 1 } certServerUrl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the url used for accessing the certificate server. Syntax: [:][//[[:]@][:]]/[] example: ldap://myname:mypass@ldap.ca.com:389/ ." ::= { certServerEntry 2 } certServerPreference OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the preference of this server with respect to the others. Servers with lower priority are accessed prior to others." ::= { certServerEntry 3 } certServerType OBJECT-TYPE SYNTAX INTEGER { delete(1), -- mark this entry for deletion server(2) -- directory server } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the type of the entry and is used to delete it." DEFVAL { server } ::= { certServerEntry 4 } -- End Table of Certificate Servers -- Table of Certificates certTable OBJECT-TYPE SYNTAX SEQUENCE OF CertEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The certTable contains the list of certificates known to the system. This includes own certificates, peer certificates, root CA certificates and intermediate CA certificates, dynamically loaded as well as manually configured." ::= { cert 3 } certEntry OBJECT-TYPE SYNTAX CertEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A certEntry contains the description of a certificate." INDEX { certIndex } ::= { certTable 1 } CertEntry ::= SEQUENCE { certIndex INTEGER, certDescription DisplayString, certIsCA INTEGER, certForceTrusted INTEGER, certNoCrls INTEGER, certSerialNumber DisplayString, certSubjectName DisplayString, certSubjectAltNames DisplayString, certIssuerName DisplayString, certIssuerAltNames DisplayString, certValidNotBefore Date, certValidNotAfter Date, certUptodate INTEGER, certPubKeyInfo DisplayString, certKeyId OCTET STRING, certKeyUsage HexValue, certPrivateKey INTEGER, certMD5Fingerprint OCTET STRING, certSHA1Fingerprint OCTET STRING, certSource INTEGER } certIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index of this certificate entry. Dynamically loaded certificates are assigned negative indexes." ::= { certEntry 1 } certDescription OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the name of the X.509 Certificate." ::= { certEntry 2 } certIsCA OBJECT-TYPE SYNTAX INTEGER { true(1), -- Globally trusted root certificate false(2) -- not globally trusted root certificate } MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines if the entry specifies a globally trusted root certificate. Possible Values: true(1), -- Globally trusted root certificate false(2) -- not globally trusted root certificate." DEFVAL { false } ::= { certEntry 3 } certForceTrusted OBJECT-TYPE SYNTAX INTEGER { true(1), -- Disable any validity checks false(2) -- Run validity checks as far as configured -- otherwise. } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if the certificate is trusted without any further validity check. Possible Values: true(1), -- Disable any validity checks false(2) -- Run validity checks as far as configured -- otherwise." DEFVAL { false } ::= { certEntry 4 } certNoCrls OBJECT-TYPE SYNTAX INTEGER { true(1), -- do not check for certificate revocation -- lists for this CA (no meaning for non-CA -- certificates) false(2), -- check for certificate revocation -- lists for this CA auto(3), -- check for crls only if there is a -- CRLDistributionPoint in the certificate inherit(4) -- inherit from superior ca in chain } MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines how CRL checking is performed for this certificate. Possible Values: true(1), -- do not check for certificate revocation -- lists for this CA (no meaning for non-CA -- certificates) false(2), -- check for certificate revocation -- lists for this CA (no meaning for non-CA -- certificates) auto(3), -- check for crls only if there is a -- CRLDistributionPoint in the certificate inherit(4), -- inherit from superior ca in chain." DEFVAL { auto } ::= { certEntry 5 } certSerialNumber OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the serial number of the certificate." ::= { certEntry 6 } certSubjectName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the subject name of the certificate." ::= { certEntry 7 } certSubjectAltNames OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the subject alternative names of the certificate." ::= { certEntry 8 } certIssuerName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the name of the certificate authority which issued the certificate." ::= { certEntry 9 } certIssuerAltNames OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the alternative names of the certificate authority which issued the certificate." ::= { certEntry 10 } certValidNotBefore OBJECT-TYPE SYNTAX Date MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the beginning of the validity period of the certificate (GMT)." ::= { certEntry 15 } certValidNotAfter OBJECT-TYPE SYNTAX Date MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the end of the validity period of the certificate (GMT)." ::= { certEntry 16 } certUptodate OBJECT-TYPE SYNTAX INTEGER (0..100) MAX-ACCESS read-only STATUS current DESCRIPTION "The remaining up-to-dateness of the certificate in percent. 0 means certificate is no more valid. 100 means certificate is not yet valid, but will be valid in future. This variable is updated every 24 hours." ::= { certEntry 27 } certPubKeyInfo OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the properties of the public key certified in this certificate. These are the algorithm for which the key is used and its length." ::= { certEntry 12 } certKeyId OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the key id as contained in the extensions of the certificate, if any." ::= { certEntry 13 } certKeyUsage OBJECT-TYPE SYNTAX HexValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the key usage flags contained in the extensions of the certificate, if any. The flags are: EncipherOnly 0x00000001 CrlSign 0x00000002 KeyCertSign 0x00000004 KeyAgreement 0x00000008 DataEncipherment 0x00000010 KeyEncipherment 0x00000020 NonRepudiation 0x00000040 DigitalSignature 0x00000080 DecipherOnly 0x00010000" ::= { certEntry 17 } certPrivateKey OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the index of the private key from the ipsecPublicKeyTable corresponding to the public key contained in this certificate. If this object is zero, there is no private key available for this certificate." ::= { certEntry 14 } certMD5Fingerprint OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the fingerprint of the certificate computed as an MD5 hash of the DER encoded binary certificate. Compare this object against an externally retrieved MD5 fingerprint (e.g. published on a CA's web site) to assure the authenticity of the certificate." ::= { certEntry 24 } certSHA1Fingerprint OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the fingerprint of the certificate computed as an SHA1 hash of the DER encoded binary certificate. Compare this object against an externally retrieved SHA1 fingerprint (e.g. published on a CA's web site) to assure the authenticity of the certificate." ::= { certEntry 25 } certSource OBJECT-TYPE SYNTAX INTEGER { config(1), -- statically configured ike(2), -- received inline with IKE negotiation ldap(3), -- retrieved via LDAP http(4) -- retrieved via HTTP } MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the instance which created the certificate." DEFVAL { config } ::= { certEntry 26 } -- End Table of Certificates -- Table of Certificate Revocation Lists certRevListTable OBJECT-TYPE SYNTAX SEQUENCE OF CertRevListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The certRevListTable contains the dynamic list of certificate revocation lists currently cached by the system." ::= { cert 6 } certRevListEntry OBJECT-TYPE SYNTAX CertRevListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object describes a certificate revocation list (CRL) currently in the systems dynamic CRL cache." INDEX { certRevListIndex } ::= { certRevListTable 1 } CertRevListEntry ::= SEQUENCE { certRevListIndex INTEGER, certRevListDescription DisplayString, certRevListIssuerName DisplayString, certRevListIssuerAltNames DisplayString, certRevListSerialNumber DisplayString, certRevListThisUpdate Date, certRevListNextUpdate Date, certRevListNumCerts INTEGER, certRevListSource INTEGER } certRevListIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index of this CRL." ::= { certRevListEntry 1 } certRevListDescription OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the name of the certificate revocation list." ::= { certRevListEntry 2 } certRevListIssuerName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the certificate authority which issued this CRL." ::= { certRevListEntry 3 } certRevListIssuerAltNames OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The alternative names of the certificate authority which issued this CRL." ::= { certRevListEntry 4 } certRevListSerialNumber OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The serial number of the CRL." ::= { certRevListEntry 5 } certRevListThisUpdate OBJECT-TYPE SYNTAX Date MAX-ACCESS read-only STATUS current DESCRIPTION "The beginning of the validity period of CRL (GMT)." ::= { certRevListEntry 9 } certRevListNextUpdate OBJECT-TYPE SYNTAX Date MAX-ACCESS read-only STATUS current DESCRIPTION "The end of the validity period of the CRL (GMT)." ::= { certRevListEntry 10 } certRevListNumCerts OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of certificates contained in the CRL defined by this entry." ::= { certRevListEntry 7 } certRevListSource OBJECT-TYPE SYNTAX INTEGER { config(1), -- statically configured ike(2), -- received inline with IKE negotiation ldap(3), -- retrieved via LDAP http(4) -- retrieved via HTTP } MAX-ACCESS read-only STATUS current DESCRIPTION "The instance which created this crl." DEFVAL { config } ::= { certRevListEntry 8 } -- End Table of Certificate Revocation Lists -- Certificate Management Table certMgmtTable OBJECT-TYPE SYNTAX SEQUENCE OF CertMgmtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The certMgmtTable provides MIB access to the machines certificate management functions. These are certificate download/upload, creation ofd certificate requests and automatic certificate enrollment." ::= { cert 7 } certMgmtEntry OBJECT-TYPE SYNTAX CertMgmtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies a task in the systems certMgmtTable. The system automatically deletes all tasks which have been finished except the most recent one." INDEX { certMgmtCommand } ::= { certMgmtTable 1 } CertMgmtEntry ::= SEQUENCE { certMgmtIndex INTEGER, certMgmtCommand INTEGER, certMgmtUrl DisplayString, certMgmtCertName DisplayString, certMgmtSubjectName DisplayString, certMgmtSubjectAltName DisplayString, certMgmtSubjectAltName2 DisplayString, certMgmtSubjectAltName3 DisplayString, certMgmtKeyIndex INTEGER, certMgmtCaCertIndex INTEGER, certMgmtCaDomain DisplayString, certMgmtPassword DisplayString, certMgmtAutoSave INTEGER, certMgmtPollInterval INTEGER, certMgmtMaxPolls INTEGER, certMgmtNumPolls INTEGER, certMgmtState INTEGER, certMgmtRaSignCertIndex INTEGER, certMgmtRaEncryptCertIndex INTEGER, certMgmtKeyLength INTEGER, certMgmtCaFingerprint OCTET STRING, certMgmtNoCrls INTEGER, certMgmtAction INTEGER } certMgmtIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index for this entry." ::= { certMgmtEntry 1 } certMgmtCommand OBJECT-TYPE SYNTAX INTEGER { getca-scep(1), -- Retrieve CA certificate via SCEP enroll-scep(2), -- Enroll using SCEP enroll-manual(3), -- Do a manual enrollment delete(8) -- Cancel the task and delete this entry } MAX-ACCESS read-write STATUS current DESCRIPTION "The task to perform for this entry. Possible values: getca-scep(1), -- Retrieve CA certificate via SCEP enroll-scep(2), -- Enroll using SCEP enroll-manual(3), -- Do a manual enrollment delete(8) -- Cancel the task and delete this entry " DEFVAL { enroll-scep } ::= { certMgmtEntry 2 } certMgmtUrl OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The url to access for the task." ::= { certMgmtEntry 3 } certMgmtCertName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The name of the resulting certificate (for certificate retrieval tasks) or the name of the certificate to use (for certificate export tasks." ::= { certMgmtEntry 4 } certMgmtSubjectName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The subject name to include into the certificate request." ::= { certMgmtEntry 5 } certMgmtSubjectAltName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The subject alternative name to include into the certificate request (optional)." ::= { certMgmtEntry 6 } certMgmtSubjectAltName2 OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "A second subject alternative name (optional)." ::= { certMgmtEntry 7 } certMgmtSubjectAltName3 OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "A third subject alternative name (optional)." ::= { certMgmtEntry 8 } certMgmtKeyIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The index of the key in the ipsecPublicKeyTable to use for certificate enrollment." ::= { certMgmtEntry 9 } certMgmtCaCertIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The index of the CA certificate to use (from the certTable)." ::= { certMgmtEntry 10 } certMgmtCaDomain OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The domain for which the CA certificate is to be received (getca_scep command only)." ::= { certMgmtEntry 11 } certMgmtPassword OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "The password (SCEP: challenge password, CMP: :." ::= { certMgmtEntry 12 } certMgmtAutoSave OBJECT-TYPE SYNTAX INTEGER { true(1), -- save pending tasks permanently false(2) -- do notsave tasks permanently } MAX-ACCESS read-write STATUS current DESCRIPTION "Determines if pending requests should be saved permanently after each try and results should be saved permanently after finish." DEFVAL { true } ::= { certMgmtEntry 13 } certMgmtPollInterval OBJECT-TYPE SYNTAX INTEGER (5..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "The interval (in seconds) between polls." DEFVAL { 300 } ::= { certMgmtEntry 14 } certMgmtMaxPolls OBJECT-TYPE SYNTAX INTEGER (-1..32767) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of polls performed. A value of -1 means forever, a value of 0 disables polling, i.e. the task is cancelled if the initial result is delayed." DEFVAL { 12 } ::= { certMgmtEntry 15 } certMgmtNumPolls OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of polls already performed." ::= { certMgmtEntry 16 } certMgmtState OBJECT-TYPE SYNTAX INTEGER { done(1), -- Task finished successfully error(2), -- Task finished with an error running(3), -- Task is currently performed delayed(4), -- Task has been initiated but not yet finished -- (nothing is currently done for this task) polling(5), -- A delayed Task is currently continued polling -- for the result notreached(6) -- Task will be retried later because target -- host was not reachable yet } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the task specified by this entry." DEFVAL { running } ::= { certMgmtEntry 17 } certMgmtRaSignCertIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The index of the Registration Authority's (RA) certificate to use for signing purposes (from the certTable)." ::= { certMgmtEntry 18 } certMgmtRaEncryptCertIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The index of the Registration Authority's (RA) certificate to use for encryption purposes (from the certTable)." ::= { certMgmtEntry 19 } certMgmtKeyLength OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The key length in bits used in requests for certificate enrollment." DEFVAL { 1024 } ::= { certMgmtEntry 20 } certMgmtCaFingerprint OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-write STATUS current DESCRIPTION "This object holds the fingerprint of the CA certificate computed as an SHA1 or MD5 hash. This object is compared against an externally retrieved SHA1 / MD5 fingerprint (e.g. published on a CA's web site) to assure the authenticity of the certificate." ::= { certMgmtEntry 21 } certMgmtNoCrls OBJECT-TYPE SYNTAX INTEGER { true(1), -- do not check for certificate revocation -- lists for this CA (no meaning for non-CA -- certificates) false(2), -- check for certificate revocation -- lists for this CA auto(3), -- check for crls only if there is a -- CRLDistributionPoint in the certificate inherit(4) -- inherit from superior ca in chain } MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines how CRL checking is set for certificates retrieved during certificate enrollment. Possible Values: true(1), -- do not check for certificate revocation -- lists for this CA (no meaning for non-CA -- certificates) false(2), -- check for certificate revocation -- lists for this CA (no meaning for non-CA -- certificates) auto(3), -- check for crls only if there is a -- CRLDistributionPoint in the certificate inherit(4), -- inherit from superior ca in chain." DEFVAL { auto } ::= { certMgmtEntry 22 } certMgmtAction OBJECT-TYPE SYNTAX INTEGER { wait(1), -- Certificate management task is waiting go(2) -- Certificate management task starts now } MAX-ACCESS read-write STATUS mandatory DESCRIPTION "Flag whether certificate management task is waiting or starts immediately. Use this flag to create complex tasks in multiple steps: First create task with certMgmtAction set to 'wait'. After task is completely build, set this flag to 'go' and the certificate management task starts automatically. After certificate management task has started, certMgmtAction is automatically set to 'wait'. Possible values: wait -- Certificate management task is waiting go -- Certificate management task starts now " DEFVAL { wait } ::= { certMgmtEntry 23 } -- End Certificate Management Table -- Global Certificate Statistics certStats OBJECT IDENTIFIER ::= { cert 8 } --Statistics for the certificate management certStatCertsConfigured OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Number of configured certificate entries (opposed to those dynamically learnt by any means during system run)." ::= { certStats 1 } -- Global Certificate Cache Statistics certCacheStats OBJECT IDENTIFIER ::= { certStats 64 } --Statistics table for the certificate management certCacheStatMemoryUsage OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Allocated memory by the certificate cache." ::= { certCacheStats 1 } certCacheStatNumEntries OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Number of entries used in the certificate cache." ::= { certCacheStats 2 } certCacheStatNumCertCacheHit OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Number of successful certificate requests from cache." ::= { certCacheStats 3 } certCacheStatNumCertCacheMiss OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Number of failed certificate requests from cache." ::= { certCacheStats 4 } certCacheStatNumCrlCacheHit OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Number of successful crl requests from cache." ::= { certCacheStats 5 } certCacheStatNumCrlCacheMiss OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Number of failed crl requests from cache." ::= { certCacheStats 6 } -- End Global Certificate Cache Statistics -- End Global Certificate Statistics -- Public Key Table ipsecPublicKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF IpsecPubKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the list of public key pairs and ID's used with IPSec." ::= { ipsec 2 } ipsecPubKeyEntry OBJECT-TYPE SYNTAX IpsecPubKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains a key pair for a certain public key algorithm and the ids used together with this key." INDEX { ipsecPubKeyAlgorithm, ipsecPubKeyKeyLength } ::= { ipsecPublicKeyTable 1 } IpsecPubKeyEntry ::= SEQUENCE { ipsecPubKeyIndex INTEGER, ipsecPubKeyDescription DisplayString, ipsecPubKeyAlgorithm INTEGER, ipsecPubKeyKeyLength INTEGER, ipsecPubKeyPublicExponent INTEGER, ipsecPubKeyState INTEGER } ipsecPubKeyIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "A unique index for this entry." ::= { ipsecPubKeyEntry 1 } ipsecPubKeyDescription OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "An optional description for this key." ::= { ipsecPubKeyEntry 2 } ipsecPubKeyAlgorithm OBJECT-TYPE SYNTAX INTEGER { rsa(2), -- The RSA encryption algorithm dsa(3), -- The digital signature algorithm delete(15) -- Mark this entry for deletion } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the algorithm for which the key is used. Possible values: rsa(2), -- The RSA encryption algorithm dsa(3), -- The digital signature algorithm delete(15) -- Mark this entry for deletion." DEFVAL { rsa } ::= { ipsecPubKeyEntry 3 } ipsecPubKeyKeyLength OBJECT-TYPE SYNTAX INTEGER UNITS "bits" MAX-ACCESS read-write STATUS current DESCRIPTION "The size of the public and private keys in bits." DEFVAL { 768 } ::= { ipsecPubKeyEntry 4 } ipsecPubKeyPublicExponent OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The RSA public exponent of the key. (undefined for DSA)" ::= { ipsecPubKeyEntry 5 } ipsecPubKeyState OBJECT-TYPE SYNTAX INTEGER { generating(1), -- Key generation is in progress complete(2), -- Key generation is complete error(3) -- Key generation terminated with an error } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the state of the Key. Possible values: generating(1), -- Key generation is in progress complete(2), -- Key generation is complete error(3) -- Key generation terminated with an error." DEFVAL { generating } ::= { ipsecPubKeyEntry 6 } -- End Public Key Table END