-- ***************************************************************** -- CISCO-PKI-MIB.my Cisco PKI MIB -- -- Copyright (c) 1994-2000, 2014 by cisco Systems, Inc. -- All rights reserved. -- -- ***************************************************************** CISCO-PKI-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, NOTIFICATION-TYPE, Integer32, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF DisplayString, TimeInterval FROM SNMPv2-TC ciscoMgmt FROM CISCO-SMI; ciscoPkiMIB MODULE-IDENTITY LAST-UPDATED "201410160000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-@cisco.com" DESCRIPTION "description" REVISION "201410150000Z" DESCRIPTION "Latest version of this MIB module." ::= { ciscoMgmt 854 } -- Textual Conventions definition will be defined before this line ciscoPkiMIBNotifs OBJECT IDENTIFIER ::= { ciscoPkiMIB 1 } ciscoPkiMIBObjects OBJECT IDENTIFIER ::= { ciscoPkiMIB 2 } ciscoPkiMIBConform OBJECT IDENTIFIER ::= { ciscoPkiMIB 3 } ciscoPkiConfiguration OBJECT IDENTIFIER ::= { ciscoPkiMIBObjects 1 } ciscoPkiCertificates OBJECT IDENTIFIER ::= { ciscoPkiMIBObjects 2 } ciscoPkiRevocationInfo OBJECT IDENTIFIER ::= { ciscoPkiMIBObjects 3 } ciscoPkiEnrollmentProfile OBJECT IDENTIFIER ::= { ciscoPkiConfiguration 1 } ciscoPkiTrustpoints OBJECT IDENTIFIER ::= { ciscoPkiConfiguration 2 } certChainTable OBJECT-TYPE SYNTAX SEQUENCE OF CertChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Please enter the Table Description here." ::= { ciscoPkiCertificates 1 } certChainEntry OBJECT-TYPE SYNTAX CertChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the xxxTable." INDEX { certChainLabel } ::= { certChainTable 1 } CertChainEntry ::= SEQUENCE { certChainLabel DisplayString, certSerialNum DisplayString, certIssuerName DisplayString, certStartDate DisplayString, certEndDate DisplayString, certRemainingLife DisplayString, certType DisplayString, certTpLabel DisplayString, certSubName DisplayString } certChainLabel OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 1 } certSerialNum OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 2 } certIssuerName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 3 } certStartDate OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 4 } certEndDate OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 5 } certType OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 6 } certRemainingLife OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 7 } certTpLabel OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 8 } certSubName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { certChainEntry 9 } ciscoPkiCRLInfo OBJECT IDENTIFIER ::= { ciscoPkiRevocationInfo 1 } ciscoPkiOSCPInfo OBJECT IDENTIFIER ::= { ciscoPkiRevocationInfo 2 } pkiCRLTable OBJECT-TYPE SYNTAX SEQUENCE OF PkiCRLEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Please enter the Table Description here." ::= { ciscoPkiCRLInfo 1 } pkiCRLEntry OBJECT-TYPE SYNTAX PkiCRLEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the xxxTable." INDEX { crlTpLabel } ::= { pkiCRLTable 1 } PkiCRLEntry ::= SEQUENCE { crlTpLabel DisplayString, issuerName DisplayString, sequenceNumb DisplayString, nextUpdate DisplayString, crlSize Unsigned32, deltaCRLFlag Unsigned32 } crlTpLabel OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "Unique trustpoint Label" ::= { pkiCRLEntry 1 } issuerName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "CRL Issuer name" ::= { pkiCRLEntry 2 } sequenceNumb OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { pkiCRLEntry 3 } nextUpdate OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { pkiCRLEntry 4 } crlSize OBJECT-TYPE SYNTAX Unsigned32 (0..4294967294) MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" DEFVAL { 0 } ::= { pkiCRLEntry 5 } deltaCRLFlag OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the storage type for this conceptual row. The following columnar objects are allowed to be writable when the storageType of this conceptual row is permanent(4): (replace with list of columns)" DEFVAL { 0 } ::= { pkiCRLEntry 6 } pkiOCSPTable OBJECT-TYPE SYNTAX SEQUENCE OF PkiOCSPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Please enter the Table Description here." ::= { ciscoPkiOSCPInfo 1 } pkiOCSPEntry OBJECT-TYPE SYNTAX PkiOCSPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the xxxTable." INDEX { ocspTpLabel } ::= { pkiOCSPTable 1 } PkiOCSPEntry ::= SEQUENCE { ocspTpLabel DisplayString, responderID DisplayString, thisUpdate DisplayString, nexUpdate DisplayString } ocspTpLabel OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Please enter the object description here" ::= { pkiOCSPEntry 1 } responderID OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "An identifier of the responder (DN name or a hash of its key)" ::= { pkiOCSPEntry 2 } thisUpdate OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The issuing time of the revocation information." ::= { pkiOCSPEntry 3 } nexUpdate OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The issuing time of the revocation information that will update that one." ::= { pkiOCSPEntry 4 } ciscoPkiEnrollmentTable OBJECT-TYPE SYNTAX SEQUENCE OF EnrollProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Please enter the Table Description here." ::= { ciscoPkiEnrollmentProfile 1 } enrollProfEntry OBJECT-TYPE SYNTAX EnrollProfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the xxxTable." INDEX { enrollProfLabel } ::= { ciscoPkiEnrollmentTable 1 } EnrollProfEntry ::= SEQUENCE { enrollProfLabel DisplayString, enrolCredentials DisplayString, authLocation DisplayString, authMethod DisplayString, authVrf DisplayString, authSourceInter DisplayString, enrolMethod DisplayString, enrolLocation DisplayString, enrolVrf DisplayString, enrolSourceInter DisplayString, reenrolMethod DisplayString, reenrolLocation DisplayString, reenrolVrf DisplayString, reenrolSourceInter DisplayString } enrollProfLabel OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Unique value to display Enrollment Label. If enrollment profiles are not present, string size of 0 will show nothing." ::= { enrollProfEntry 3 } enrolCredentials OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 4 } authLocation OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 5 } authMethod OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 6 } authVrf OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 7 } authSourceInter OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 8 } enrolMethod OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Enrollment method will be displayed which will be used to authenticate and enroll. If enrollment method is configured as terminal, this parameter gives enrollment terminal If enrollment method is configured with url, this parameter returns enrollment url ip_addresss If vrf is configured as part of enrollment url, it will be shown as part of enrollment url ip_address vrf interface" ::= { enrollProfEntry 9 } enrolLocation OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 10 } enrolVrf OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 11 } enrolSourceInter OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 12 } reenrolMethod OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 13 } reenrolLocation OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 14 } reenrolVrf OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 15 } reenrolSourceInter OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Please enter the object description here" ::= { enrollProfEntry 16 } pkiTPTable OBJECT-TYPE SYNTAX SEQUENCE OF PkiTPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Please enter the Table Description here." ::= { ciscoPkiTrustpoints 1 } pkiTPEntry OBJECT-TYPE SYNTAX PkiTPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) in the xxxTable." INDEX { tpLabel } ::= { pkiTPTable 1 } PkiTPEntry ::= SEQUENCE { tpLabel DisplayString, subjectName DisplayString, subjectAltName DisplayString, aaaListInfo DisplayString, enrollmentConfig DisplayString, vrfConfig DisplayString, sourceInter DisplayString, autoEnroll DisplayString, keyPairLabel DisplayString, revocationMethod DisplayString, hashAlgo DisplayString, trustpointState DisplayString } tpLabel OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Unique name of Trustpoint Label. When there is no trustpoint configured, size 0 shows no trustpoint configured." ::= { pkiTPEntry 1 } subjectName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Subject name configured under the trustpoint will be returned" ::= { pkiTPEntry 2 } subjectAltName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..50)) MAX-ACCESS read-only STATUS current DESCRIPTION "subject alternate name configured under the trustpoint which can be used while generating the csr." ::= { pkiTPEntry 3 } aaaListInfo OBJECT-TYPE SYNTAX DisplayString (SIZE (0..50)) MAX-ACCESS read-only STATUS current DESCRIPTION "Returns AAA authorization list to be used configured under trustpoint. AAA authorization list will be used during peer certificate validations etc. In order to access information on AAA list, please check AAA MIB corresponding to this AAA label." ::= { pkiTPEntry 4 } enrollmentConfig OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Enrollment configuration which is configured under the trustpoint will be returned." ::= { pkiTPEntry 5 } vrfConfig OBJECT-TYPE SYNTAX DisplayString (SIZE (0..50)) MAX-ACCESS read-only STATUS current DESCRIPTION "VRF interface configured under trustpoint which can be used for enrollment and obtaining CRL's" ::= { pkiTPEntry 6 } sourceInter OBJECT-TYPE SYNTAX DisplayString (SIZE (0..50)) MAX-ACCESS read-only STATUS current DESCRIPTION "source Interface configured under trustpoint." ::= { pkiTPEntry 7 } autoEnroll OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "If autoEnroll is configured under the trustpoint, autoEnroll returns with the percentage configured. If the percentage is not configured, but auto-enroll is configured under trustpoint, this parameter return auto-enroll. If percentage is configured, parameter returns auto-enroll " ::= { pkiTPEntry 8 } keyPairLabel OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Displays keypairLabel associated to this trustpoint if it is enrolled. During authentication, we wont generate the keypair Label." ::= { pkiTPEntry 10 } revocationMethod OBJECT-TYPE SYNTAX DisplayString (SIZE (0..50)) MAX-ACCESS read-only STATUS current DESCRIPTION "This object displays revocation check configured on the device. If nothing is configured under the trustpoint, by default revocation-check crl will be updated." ::= { pkiTPEntry 11 } hashAlgo OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Hash algorithm configured under the trustpoint. This will be used while selecting the HASH algorithm when CA server responded with GetCACapabilities list. Default value is sha1" ::= { pkiTPEntry 12 } trustpointState OBJECT-TYPE SYNTAX DisplayString (SIZE (0..20)) MAX-ACCESS read-only STATUS current DESCRIPTION "Trustpoint state displays following 1) Authenticated - Trustpoint is in Authenticated state. 2) Enrolled - Trustpoint is authenticated and enrolled. Certificate state is granted. 3) Pending - Trustpoint is authenticated but enrollment is in pending state. This means CA server returned PENDING for the router certificate. 4) None - Trustpoint is neither authenticated nor enrolled." DEFVAL { "0" } ::= { pkiTPEntry 13 } ciscoPkiCertInstallAlert NOTIFICATION-TYPE OBJECTS { certSerialNum, certIssuerName, certStartDate, certEndDate, certType, certTpLabel, certSubName } STATUS current DESCRIPTION "When a certificate is installed on the device, notification will be sent with following information. a) Certificates Serial number b) Certificate Issuer-name c) Certificate Subject name d) Trustpoint name e) Type of certificate. (i.e. CA/ID) certificate f) Certificate Start Date g) Certificate End Date Alert will not be sent for RA certificates, trustpool certificates and self-signed non-persistent certificates." ::= { ciscoPkiMIBNotifs 1 } ciscoPkiCertExpiryAlert NOTIFICATION-TYPE OBJECTS { certSerialNum, certSubName, certIssuerName, certType, certTpLabel, certRemainingLife } STATUS current DESCRIPTION "Certificate Expiry alert consists of following a) Certificate Serial number b) Certificate Issuer-name c) Trustpoint name d) Type of certificate (i.e. CA/ID/SUBCA/RA) e) Certificate remaining lifetime in seconds. f) Certificate subject-name When a certificate is reaching its expiry on the router, a trap will be sent to SNMP server at regular intervals starting from 60days to till 1week. From 1week onwards daily one trap will be sent with following information a) Certificate Serial number b) Certificate Issuer-name c) Trustpoint name d) Type of certificate (i.e. CA/ID) e) Certificate remaining lifetime. Alert will not be sent if trustpoint is configured with auto-enroll and corresponding shadow certificate/rollover certificate is present provided, shadow/rollover certificates start time is same/behind certificate end time. If shadow/rollover certificate start time is ahead of certificate end time, alerts will be continued to send because shadow certificate wont be valid from certificates expiry time. Expiry alerts will not be sent for trustpool certificates." ::= { ciscoPkiMIBNotifs 2 } ciscoPkiMIBCompliances OBJECT IDENTIFIER ::= { ciscoPkiMIBConform 1 } ciscoPkiMIBGroups OBJECT IDENTIFIER ::= { ciscoPkiMIBConform 2 } ciscoPkiMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "This is a default module-compliance containing default object groups." MODULE -- this module MANDATORY-GROUPS { ciscoPkiMIBMainObjectGroup, ciscoPkiMIBNotificationGroup } ::= { ciscoPkiMIBCompliances 1 } -- Units of Conformance ciscoPkiMIBMainObjectGroup OBJECT-GROUP OBJECTS { enrolMethod, trustpointState, revocationMethod, enrollmentConfig, subjectName, subjectAltName, aaaListInfo, vrfConfig, sourceInter, autoEnroll, keyPairLabel, issuerName, sequenceNumb, nextUpdate, crlSize, deltaCRLFlag, responderID, thisUpdate, nexUpdate, certRemainingLife, certSerialNum, certIssuerName, certStartDate, certEndDate, certType, certTpLabel, certSubName, hashAlgo, enrolCredentials, authLocation, authMethod, authVrf, authSourceInter, enrolLocation, enrolVrf, enrolSourceInter, reenrolMethod, reenrolLocation, reenrolVrf, reenrolSourceInter } STATUS current DESCRIPTION "The is a test group." ::= { ciscoPkiMIBGroups 1 } ciscoPkiMIBNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { ciscoPkiCertInstallAlert, ciscoPkiCertExpiryAlert } STATUS current DESCRIPTION "Notification alert group consists of both installation and expiry notifications." ::= { ciscoPkiMIBGroups 2 } END