814 lines
24 KiB
Plaintext
814 lines
24 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-PKI-MIB.my Cisco PKI MIB
|
|
--
|
|
-- Copyright (c) 1994-2000, 2014 by cisco Systems, Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
|
|
CISCO-PKI-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Counter32,
|
|
NOTIFICATION-TYPE,
|
|
Integer32,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
NOTIFICATION-GROUP,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
DisplayString,
|
|
TimeInterval
|
|
FROM SNMPv2-TC
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoPkiMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201410160000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-<list>@cisco.com"
|
|
DESCRIPTION
|
|
"description"
|
|
REVISION "201410150000Z"
|
|
DESCRIPTION
|
|
"Latest version of this MIB module."
|
|
::= { ciscoMgmt 854 }
|
|
|
|
|
|
-- Textual Conventions definition will be defined before this line
|
|
|
|
ciscoPkiMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoPkiMIB 1 }
|
|
|
|
ciscoPkiMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoPkiMIB 2 }
|
|
|
|
ciscoPkiMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoPkiMIB 3 }
|
|
|
|
|
|
ciscoPkiConfiguration OBJECT IDENTIFIER
|
|
::= { ciscoPkiMIBObjects 1 }
|
|
|
|
ciscoPkiCertificates OBJECT IDENTIFIER
|
|
::= { ciscoPkiMIBObjects 2 }
|
|
|
|
ciscoPkiRevocationInfo OBJECT IDENTIFIER
|
|
::= { ciscoPkiMIBObjects 3 }
|
|
|
|
ciscoPkiEnrollmentProfile OBJECT IDENTIFIER
|
|
::= { ciscoPkiConfiguration 1 }
|
|
|
|
ciscoPkiTrustpoints OBJECT IDENTIFIER
|
|
::= { ciscoPkiConfiguration 2 }
|
|
|
|
|
|
certChainTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CertChainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the Table Description here."
|
|
::= { ciscoPkiCertificates 1 }
|
|
|
|
certChainEntry OBJECT-TYPE
|
|
SYNTAX CertChainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the xxxTable."
|
|
INDEX { certChainLabel }
|
|
::= { certChainTable 1 }
|
|
|
|
CertChainEntry ::= SEQUENCE {
|
|
certChainLabel DisplayString,
|
|
certSerialNum DisplayString,
|
|
certIssuerName DisplayString,
|
|
certStartDate DisplayString,
|
|
certEndDate DisplayString,
|
|
certRemainingLife DisplayString,
|
|
certType DisplayString,
|
|
certTpLabel DisplayString,
|
|
certSubName DisplayString
|
|
}
|
|
|
|
certChainLabel OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 1 }
|
|
|
|
certSerialNum OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 2 }
|
|
|
|
certIssuerName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 3 }
|
|
|
|
certStartDate OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 4 }
|
|
|
|
certEndDate OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 5 }
|
|
|
|
certType OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 6 }
|
|
|
|
certRemainingLife OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 7 }
|
|
|
|
certTpLabel OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 8 }
|
|
|
|
certSubName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { certChainEntry 9 }
|
|
|
|
ciscoPkiCRLInfo OBJECT IDENTIFIER
|
|
::= { ciscoPkiRevocationInfo 1 }
|
|
|
|
ciscoPkiOSCPInfo OBJECT IDENTIFIER
|
|
::= { ciscoPkiRevocationInfo 2 }
|
|
|
|
|
|
pkiCRLTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PkiCRLEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the Table Description here."
|
|
::= { ciscoPkiCRLInfo 1 }
|
|
|
|
pkiCRLEntry OBJECT-TYPE
|
|
SYNTAX PkiCRLEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the xxxTable."
|
|
INDEX { crlTpLabel }
|
|
::= { pkiCRLTable 1 }
|
|
|
|
PkiCRLEntry ::= SEQUENCE {
|
|
crlTpLabel DisplayString,
|
|
issuerName DisplayString,
|
|
sequenceNumb DisplayString,
|
|
nextUpdate DisplayString,
|
|
crlSize Unsigned32,
|
|
deltaCRLFlag Unsigned32
|
|
}
|
|
|
|
crlTpLabel OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique trustpoint Label"
|
|
::= { pkiCRLEntry 1 }
|
|
|
|
issuerName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"CRL Issuer name"
|
|
::= { pkiCRLEntry 2 }
|
|
|
|
sequenceNumb OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { pkiCRLEntry 3 }
|
|
|
|
nextUpdate OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { pkiCRLEntry 4 }
|
|
|
|
crlSize OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967294)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
DEFVAL { 0 }
|
|
::= { pkiCRLEntry 5 }
|
|
|
|
deltaCRLFlag OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the storage type for this conceptual row.
|
|
The following columnar objects are allowed to be writable
|
|
when the storageType of this conceptual row is permanent(4):
|
|
(replace with list of columns)"
|
|
DEFVAL { 0 }
|
|
::= { pkiCRLEntry 6 }
|
|
|
|
|
|
pkiOCSPTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PkiOCSPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the Table Description here."
|
|
::= { ciscoPkiOSCPInfo 1 }
|
|
|
|
pkiOCSPEntry OBJECT-TYPE
|
|
SYNTAX PkiOCSPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the xxxTable."
|
|
INDEX { ocspTpLabel }
|
|
::= { pkiOCSPTable 1 }
|
|
|
|
PkiOCSPEntry ::= SEQUENCE {
|
|
ocspTpLabel DisplayString,
|
|
responderID DisplayString,
|
|
thisUpdate DisplayString,
|
|
nexUpdate DisplayString
|
|
}
|
|
|
|
ocspTpLabel OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { pkiOCSPEntry 1 }
|
|
|
|
responderID OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An identifier of the responder (DN name or a hash of its key)"
|
|
::= { pkiOCSPEntry 2 }
|
|
|
|
thisUpdate OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The issuing time of the revocation information."
|
|
::= { pkiOCSPEntry 3 }
|
|
|
|
nexUpdate OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The issuing time of the revocation information that will update
|
|
that one."
|
|
::= { pkiOCSPEntry 4 }
|
|
|
|
|
|
ciscoPkiEnrollmentTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF EnrollProfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the Table Description here."
|
|
::= { ciscoPkiEnrollmentProfile 1 }
|
|
|
|
enrollProfEntry OBJECT-TYPE
|
|
SYNTAX EnrollProfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the xxxTable."
|
|
INDEX { enrollProfLabel }
|
|
::= { ciscoPkiEnrollmentTable 1 }
|
|
|
|
EnrollProfEntry ::= SEQUENCE {
|
|
enrollProfLabel DisplayString,
|
|
enrolCredentials DisplayString,
|
|
authLocation DisplayString,
|
|
authMethod DisplayString,
|
|
authVrf DisplayString,
|
|
authSourceInter DisplayString,
|
|
enrolMethod DisplayString,
|
|
enrolLocation DisplayString,
|
|
enrolVrf DisplayString,
|
|
enrolSourceInter DisplayString,
|
|
reenrolMethod DisplayString,
|
|
reenrolLocation DisplayString,
|
|
reenrolVrf DisplayString,
|
|
reenrolSourceInter DisplayString
|
|
}
|
|
|
|
enrollProfLabel OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique value to display Enrollment Label.
|
|
|
|
If enrollment profiles are not present, string size of 0 will
|
|
show nothing."
|
|
::= { enrollProfEntry 3 }
|
|
|
|
enrolCredentials OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 4 }
|
|
|
|
authLocation OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 5 }
|
|
|
|
authMethod OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 6 }
|
|
|
|
authVrf OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 7 }
|
|
|
|
authSourceInter OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 8 }
|
|
|
|
enrolMethod OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enrollment method will be displayed which will be used to
|
|
authenticate and enroll.
|
|
|
|
If enrollment method is configured as terminal, this parameter
|
|
gives
|
|
enrollment terminal
|
|
|
|
If enrollment method is configured with url, this parameter
|
|
returns
|
|
enrollment url ip_addresss
|
|
|
|
If vrf is configured as part of enrollment url, it will be
|
|
shown
|
|
as part of enrollment url ip_address vrf interface"
|
|
::= { enrollProfEntry 9 }
|
|
|
|
enrolLocation OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 10 }
|
|
|
|
enrolVrf OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 11 }
|
|
|
|
enrolSourceInter OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 12 }
|
|
|
|
reenrolMethod OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 13 }
|
|
|
|
reenrolLocation OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 14 }
|
|
|
|
reenrolVrf OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 15 }
|
|
|
|
reenrolSourceInter OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the object description here"
|
|
::= { enrollProfEntry 16 }
|
|
|
|
|
|
pkiTPTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PkiTPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Please enter the Table Description here."
|
|
::= { ciscoPkiTrustpoints 1 }
|
|
|
|
pkiTPEntry OBJECT-TYPE
|
|
SYNTAX PkiTPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the xxxTable."
|
|
INDEX { tpLabel }
|
|
::= { pkiTPTable 1 }
|
|
|
|
PkiTPEntry ::= SEQUENCE {
|
|
tpLabel DisplayString,
|
|
subjectName DisplayString,
|
|
subjectAltName DisplayString,
|
|
aaaListInfo DisplayString,
|
|
enrollmentConfig DisplayString,
|
|
vrfConfig DisplayString,
|
|
sourceInter DisplayString,
|
|
autoEnroll DisplayString,
|
|
keyPairLabel DisplayString,
|
|
revocationMethod DisplayString,
|
|
hashAlgo DisplayString,
|
|
trustpointState DisplayString
|
|
}
|
|
|
|
tpLabel OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique name of Trustpoint Label.
|
|
|
|
When there is no trustpoint configured, size 0 shows no
|
|
trustpoint configured."
|
|
::= { pkiTPEntry 1 }
|
|
|
|
subjectName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subject name configured under the trustpoint will be returned"
|
|
::= { pkiTPEntry 2 }
|
|
|
|
subjectAltName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..50))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"subject alternate name configured under the trustpoint which
|
|
can be used while generating the csr."
|
|
::= { pkiTPEntry 3 }
|
|
|
|
aaaListInfo OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..50))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Returns AAA authorization list to be used configured under
|
|
trustpoint.
|
|
|
|
AAA authorization list will be used during peer certificate
|
|
validations etc.
|
|
|
|
In order to access information on AAA list, please check AAA MIB
|
|
corresponding to this AAA label."
|
|
::= { pkiTPEntry 4 }
|
|
|
|
enrollmentConfig OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enrollment configuration which is configured under the
|
|
trustpoint will be returned."
|
|
::= { pkiTPEntry 5 }
|
|
|
|
vrfConfig OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..50))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VRF interface configured under trustpoint which can be used for
|
|
enrollment and obtaining CRL's"
|
|
::= { pkiTPEntry 6 }
|
|
|
|
sourceInter OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..50))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"source Interface configured under trustpoint."
|
|
::= { pkiTPEntry 7 }
|
|
|
|
autoEnroll OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If autoEnroll is configured under the trustpoint, autoEnroll
|
|
returns with the percentage configured.
|
|
|
|
If the percentage is not configured, but auto-enroll is
|
|
configured under trustpoint, this parameter return auto-enroll.
|
|
|
|
If percentage is configured, parameter returns
|
|
auto-enroll <percentage>"
|
|
::= { pkiTPEntry 8 }
|
|
|
|
keyPairLabel OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Displays keypairLabel associated to this trustpoint if it is
|
|
enrolled.
|
|
|
|
During authentication, we wont generate the keypair Label."
|
|
::= { pkiTPEntry 10 }
|
|
|
|
revocationMethod OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..50))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object displays revocation check configured on the device.
|
|
|
|
|
|
If nothing is configured under the trustpoint, by default
|
|
revocation-check crl will be updated."
|
|
::= { pkiTPEntry 11 }
|
|
|
|
hashAlgo OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hash algorithm configured under the trustpoint.
|
|
|
|
This will be used while selecting the HASH algorithm when CA
|
|
server responded with GetCACapabilities list.
|
|
|
|
Default value is sha1"
|
|
::= { pkiTPEntry 12 }
|
|
|
|
trustpointState OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Trustpoint state displays following
|
|
|
|
1) Authenticated - Trustpoint is in Authenticated state.
|
|
|
|
2) Enrolled - Trustpoint is authenticated and enrolled.
|
|
Certificate state is granted.
|
|
|
|
3) Pending - Trustpoint is authenticated but enrollment is in
|
|
pending state. This means CA server returned PENDING for the
|
|
router certificate.
|
|
|
|
4) None - Trustpoint is neither authenticated nor enrolled."
|
|
DEFVAL { "0" }
|
|
::= { pkiTPEntry 13 }
|
|
|
|
|
|
ciscoPkiCertInstallAlert NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
certSerialNum,
|
|
certIssuerName,
|
|
certStartDate,
|
|
certEndDate,
|
|
certType,
|
|
certTpLabel,
|
|
certSubName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When a certificate is installed on the device, notification
|
|
will be sent with following information.
|
|
|
|
a) Certificates Serial number
|
|
b) Certificate Issuer-name
|
|
c) Certificate Subject name
|
|
d) Trustpoint name
|
|
e) Type of certificate. (i.e. CA/ID) certificate
|
|
f) Certificate Start Date
|
|
g) Certificate End Date
|
|
|
|
Alert will not be sent for RA certificates, trustpool
|
|
certificates and self-signed non-persistent certificates."
|
|
::= { ciscoPkiMIBNotifs 1 }
|
|
|
|
ciscoPkiCertExpiryAlert NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
certSerialNum,
|
|
certSubName,
|
|
certIssuerName,
|
|
certType,
|
|
certTpLabel,
|
|
certRemainingLife
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Certificate Expiry alert consists of following
|
|
a) Certificate Serial number
|
|
b) Certificate Issuer-name
|
|
c) Trustpoint name
|
|
d) Type of certificate (i.e. CA/ID/SUBCA/RA)
|
|
e) Certificate remaining lifetime in seconds.
|
|
f) Certificate subject-name
|
|
|
|
When a certificate is reaching its expiry on the router, a trap
|
|
will be sent to SNMP server at regular intervals starting from
|
|
60days to till 1week. From 1week onwards daily one trap will be
|
|
sent with
|
|
following information
|
|
|
|
a) Certificate Serial number
|
|
b) Certificate Issuer-name
|
|
c) Trustpoint name
|
|
d) Type of certificate (i.e. CA/ID)
|
|
e) Certificate remaining lifetime.
|
|
|
|
Alert will not be sent if trustpoint is configured with
|
|
auto-enroll and corresponding shadow certificate/rollover
|
|
certificate is present provided, shadow/rollover certificates
|
|
start time is same/behind certificate end time.
|
|
|
|
If shadow/rollover certificate start time is ahead of
|
|
certificate end time, alerts will be continued to send because
|
|
shadow certificate wont be valid from certificates expiry
|
|
time.
|
|
|
|
Expiry alerts will not be sent for trustpool certificates."
|
|
::= { ciscoPkiMIBNotifs 2 }
|
|
ciscoPkiMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoPkiMIBConform 1 }
|
|
|
|
ciscoPkiMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoPkiMIBConform 2 }
|
|
|
|
|
|
ciscoPkiMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is a default module-compliance
|
|
containing default object groups."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
ciscoPkiMIBMainObjectGroup,
|
|
ciscoPkiMIBNotificationGroup
|
|
}
|
|
::= { ciscoPkiMIBCompliances 1 }
|
|
|
|
-- Units of Conformance
|
|
|
|
ciscoPkiMIBMainObjectGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
enrolMethod,
|
|
trustpointState,
|
|
revocationMethod,
|
|
enrollmentConfig,
|
|
subjectName,
|
|
subjectAltName,
|
|
aaaListInfo,
|
|
vrfConfig,
|
|
sourceInter,
|
|
autoEnroll,
|
|
keyPairLabel,
|
|
issuerName,
|
|
sequenceNumb,
|
|
nextUpdate,
|
|
crlSize,
|
|
deltaCRLFlag,
|
|
responderID,
|
|
thisUpdate,
|
|
nexUpdate,
|
|
certRemainingLife,
|
|
certSerialNum,
|
|
certIssuerName,
|
|
certStartDate,
|
|
certEndDate,
|
|
certType,
|
|
certTpLabel,
|
|
certSubName,
|
|
hashAlgo,
|
|
enrolCredentials,
|
|
authLocation,
|
|
authMethod,
|
|
authVrf,
|
|
authSourceInter,
|
|
enrolLocation,
|
|
enrolVrf,
|
|
enrolSourceInter,
|
|
reenrolMethod,
|
|
reenrolLocation,
|
|
reenrolVrf,
|
|
reenrolSourceInter
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The is a test group."
|
|
::= { ciscoPkiMIBGroups 1 }
|
|
|
|
ciscoPkiMIBNotificationGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
ciscoPkiCertInstallAlert,
|
|
ciscoPkiCertExpiryAlert
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Notification alert group consists of both installation and
|
|
expiry notifications."
|
|
::= { ciscoPkiMIBGroups 2 }
|
|
|
|
END
|
|
|