1158 lines
34 KiB
Plaintext
1158 lines
34 KiB
Plaintext
-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00
|
|
|
|
|
|
-- (C)opyright 1999-2014 bintec elmeg GmbH
|
|
-- $RCSfile: mib-cert,v $
|
|
-- $Revision: 1.8 $
|
|
|
|
FEC-CERT-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises,
|
|
snmpModules, mib-2
|
|
FROM SNMPv2-SMI
|
|
DisplayString, TestAndIncr, TimeStamp
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
Date, HexValue
|
|
FROM BINTEC-MIB
|
|
ipsec
|
|
FROM BINTEC-MIB;
|
|
|
|
-- Management Information for the IPSec Subsystem of the BIANCA/BRICK,
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
certMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201405210000Z"
|
|
ORGANIZATION "bintec elmeg GmbH"
|
|
CONTACT-INFO "EMail: info@bintec-elmeg.com
|
|
Web: www.bintec-elmeg.com"
|
|
DESCRIPTION "Management Information for the Certificate Management
|
|
Subsystem"
|
|
|
|
::= { ipsec 251 }
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
-- Management Information for the Certificate Management Subsystem of the
|
|
-- BIANCA/BRICK, belongs to the IPSec Group.
|
|
|
|
cert OBJECT IDENTIFIER ::= { ipsec 33 }
|
|
|
|
-- Global Settings for Certificate Management
|
|
|
|
certGlobals OBJECT IDENTIFIER ::= { cert 1 }
|
|
--Static table containing global settings for the certificate management
|
|
|
|
|
|
certGlobHttpProxy OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the HTTP proxy server which must be used
|
|
to access the HTTP certificate servers defined. It takes either
|
|
an IP-address or a fully qualified domain name."
|
|
DEFVAL { "" }
|
|
::= { certGlobals 1 }
|
|
|
|
|
|
certGlobSocksServer OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the SOCKS server which must be used to
|
|
access the HTTP and LDAP certificate servers defined. It takes
|
|
either an IP-address or a fully qualified domain name."
|
|
DEFVAL { "" }
|
|
::= { certGlobals 2 }
|
|
|
|
certGlobMaxCacheEntries OBJECT-TYPE
|
|
SYNTAX INTEGER (64..8192)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the maximum number of certificate-cache
|
|
entries allowed."
|
|
DEFVAL { 64 }
|
|
::= { certGlobals 3 }
|
|
|
|
certGlobMaxPathLength OBJECT-TYPE
|
|
SYNTAX INTEGER (1..1024)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the maximum number of CA certificates
|
|
accepted for certificate chains from a trusted root
|
|
certificate to a peer certificate."
|
|
DEFVAL { 1024 }
|
|
::= { certGlobals 4 }
|
|
|
|
certGlobMaxRestarts OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the maximum number of restarts in one
|
|
certificate search."
|
|
DEFVAL { 10 }
|
|
::= { certGlobals 5 }
|
|
|
|
certGlobMaxCertValidity OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the maximum validity period of a
|
|
certificate in seconds. A certificate will not be considered
|
|
valid for a longer period of time even if its validity
|
|
field specifies a longer period."
|
|
DEFVAL { 2592000 }
|
|
-- ( 30 days )
|
|
::= { certGlobals 6 }
|
|
|
|
certGlobMaxCrlValidity OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the maximum validity period of a
|
|
certificate revocation list in seconds. A crl will not be
|
|
considered valid for a longer period of time even if its
|
|
validity field specifies a longer period."
|
|
DEFVAL { 86400 }
|
|
-- ( 1 day )
|
|
::= { certGlobals 7 }
|
|
|
|
certGlobNegCachePeriod OBJECT-TYPE
|
|
SYNTAX INTEGER (10 .. 16777216)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the period in seconds a certificate or
|
|
crl search with a negative result will be remembered. Within
|
|
this time, no new search will be performed for the same item."
|
|
DEFVAL { 3600 }
|
|
-- ( 1 hour )
|
|
::= { certGlobals 8 }
|
|
|
|
certGlobPosCachePeriod OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the period in seconds a certificate or
|
|
crl will be stored in the local certificate cache."
|
|
DEFVAL { 3600 }
|
|
-- ( 1 hour )
|
|
::= { certGlobals 9 }
|
|
|
|
certGlobLogLevel OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the log level for certificate cache
|
|
log events.
|
|
All messages with a level higher than the value specified here
|
|
are omitted, zero means no logging at all."
|
|
DEFVAL { 0 }
|
|
::= { certGlobals 10 }
|
|
|
|
|
|
|
|
-- Table of Certificate Servers
|
|
|
|
certServerTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CertServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The certServerTable contains the list of certificate servers
|
|
used for certificate and crl requests."
|
|
::= { cert 2 }
|
|
|
|
certServerEntry OBJECT-TYPE
|
|
SYNTAX CertServerEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A certificate server entry defines the name of a certificate
|
|
server together with the protocols used to access it."
|
|
INDEX {
|
|
certServerPreference
|
|
}
|
|
::= { certServerTable 1 }
|
|
|
|
CertServerEntry ::=
|
|
SEQUENCE {
|
|
certServerName DisplayString,
|
|
certServerUrl DisplayString,
|
|
certServerPreference INTEGER,
|
|
certServerType INTEGER
|
|
}
|
|
|
|
certServerName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the name of a certificate server."
|
|
::= { certServerEntry 1 }
|
|
|
|
certServerUrl OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the url used for accessing the
|
|
certificate server. Syntax:
|
|
[<scheme>:][//[<user>[:<password>]@]<host>[:<port>]]/[<path>]
|
|
example: ldap://myname:mypass@ldap.ca.com:389/ ."
|
|
::= { certServerEntry 2 }
|
|
|
|
certServerPreference OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the preference of this server
|
|
with respect to the others. Servers with lower priority
|
|
are accessed prior to others."
|
|
::= { certServerEntry 3 }
|
|
|
|
certServerType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
delete(1), -- mark this entry for deletion
|
|
server(2) -- directory server
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the type of the entry and is used to
|
|
delete it."
|
|
DEFVAL { server }
|
|
::= { certServerEntry 4 }
|
|
|
|
-- End Table of Certificate Servers
|
|
|
|
|
|
|
|
-- Table of Certificates
|
|
|
|
certTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CertEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The certTable contains the list of certificates known to the
|
|
system.
|
|
This includes own certificates, peer certificates,
|
|
root CA certificates and intermediate CA certificates,
|
|
dynamically loaded as well as manually configured."
|
|
::= { cert 3 }
|
|
|
|
certEntry OBJECT-TYPE
|
|
SYNTAX CertEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A certEntry contains the description of a certificate."
|
|
INDEX {
|
|
certIndex
|
|
}
|
|
::= { certTable 1 }
|
|
|
|
CertEntry ::=
|
|
SEQUENCE {
|
|
certIndex INTEGER,
|
|
certDescription DisplayString,
|
|
certIsCA INTEGER,
|
|
certForceTrusted INTEGER,
|
|
certNoCrls INTEGER,
|
|
certSerialNumber DisplayString,
|
|
certSubjectName DisplayString,
|
|
certSubjectAltNames DisplayString,
|
|
certIssuerName DisplayString,
|
|
certIssuerAltNames DisplayString,
|
|
certValidNotBefore Date,
|
|
certValidNotAfter Date,
|
|
certUptodate INTEGER,
|
|
certPubKeyInfo DisplayString,
|
|
certKeyId OCTET STRING,
|
|
certKeyUsage HexValue,
|
|
certPrivateKey INTEGER,
|
|
certMD5Fingerprint OCTET STRING,
|
|
certSHA1Fingerprint OCTET STRING,
|
|
certSource INTEGER
|
|
}
|
|
|
|
certIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index of this certificate entry.
|
|
Dynamically loaded certificates are assigned negative indexes."
|
|
::= { certEntry 1 }
|
|
|
|
certDescription OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the name of the X.509 Certificate."
|
|
::= { certEntry 2 }
|
|
|
|
certIsCA OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
true(1), -- Globally trusted root certificate
|
|
false(2) -- not globally trusted root certificate
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object determines if the entry specifies a globally
|
|
trusted root certificate.
|
|
Possible Values:
|
|
true(1), -- Globally trusted root certificate
|
|
false(2) -- not globally trusted root certificate."
|
|
DEFVAL { false }
|
|
::= { certEntry 3 }
|
|
|
|
certForceTrusted OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
true(1), -- Disable any validity checks
|
|
false(2) -- Run validity checks as far as configured
|
|
-- otherwise.
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies if the certificate is trusted without any
|
|
further validity check.
|
|
Possible Values:
|
|
true(1), -- Disable any validity checks
|
|
false(2) -- Run validity checks as far as configured
|
|
-- otherwise."
|
|
DEFVAL { false }
|
|
::= { certEntry 4 }
|
|
|
|
certNoCrls OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
true(1), -- do not check for certificate revocation
|
|
-- lists for this CA (no meaning for non-CA
|
|
-- certificates)
|
|
false(2), -- check for certificate revocation
|
|
-- lists for this CA
|
|
auto(3), -- check for crls only if there is a
|
|
-- CRLDistributionPoint in the certificate
|
|
inherit(4) -- inherit from superior ca in chain
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object determines how CRL checking is performed
|
|
for this certificate.
|
|
Possible Values:
|
|
true(1), -- do not check for certificate revocation
|
|
-- lists for this CA (no meaning for non-CA
|
|
-- certificates)
|
|
false(2), -- check for certificate revocation
|
|
-- lists for this CA (no meaning for non-CA
|
|
-- certificates)
|
|
auto(3), -- check for crls only if there is a
|
|
-- CRLDistributionPoint in the certificate
|
|
inherit(4), -- inherit from superior ca in chain."
|
|
DEFVAL { auto }
|
|
::= { certEntry 5 }
|
|
|
|
certSerialNumber OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the serial number of the certificate."
|
|
::= { certEntry 6 }
|
|
|
|
certSubjectName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the subject name of the certificate."
|
|
::= { certEntry 7 }
|
|
|
|
certSubjectAltNames OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the subject alternative names of the
|
|
certificate."
|
|
::= { certEntry 8 }
|
|
|
|
certIssuerName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the name of the certificate authority
|
|
which issued the certificate."
|
|
::= { certEntry 9 }
|
|
|
|
certIssuerAltNames OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the alternative names of the certificate
|
|
authority which issued the certificate."
|
|
::= { certEntry 10 }
|
|
|
|
certValidNotBefore OBJECT-TYPE
|
|
SYNTAX Date
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the beginning of the validity period
|
|
of the certificate (GMT)."
|
|
::= { certEntry 15 }
|
|
|
|
certValidNotAfter OBJECT-TYPE
|
|
SYNTAX Date
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the end of the validity period
|
|
of the certificate (GMT)."
|
|
::= { certEntry 16 }
|
|
|
|
certUptodate OBJECT-TYPE
|
|
SYNTAX INTEGER (0..100)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remaining up-to-dateness of the certificate in percent.
|
|
0 means certificate is no more valid.
|
|
100 means certificate is not yet valid, but will be valid
|
|
in future.
|
|
This variable is updated every 24 hours."
|
|
::= { certEntry 27 }
|
|
|
|
certPubKeyInfo OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the properties of the public key
|
|
certified in this certificate.
|
|
These are the algorithm for which the key is used
|
|
and its length."
|
|
::= { certEntry 12 }
|
|
|
|
certKeyId OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the key id as contained in the extensions
|
|
of the certificate, if any."
|
|
::= { certEntry 13 }
|
|
|
|
certKeyUsage OBJECT-TYPE
|
|
SYNTAX HexValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the key usage flags contained
|
|
in the extensions of the certificate, if any.
|
|
The flags are:
|
|
EncipherOnly 0x00000001
|
|
CrlSign 0x00000002
|
|
KeyCertSign 0x00000004
|
|
KeyAgreement 0x00000008
|
|
DataEncipherment 0x00000010
|
|
KeyEncipherment 0x00000020
|
|
NonRepudiation 0x00000040
|
|
DigitalSignature 0x00000080
|
|
DecipherOnly 0x00010000"
|
|
::= { certEntry 17 }
|
|
|
|
certPrivateKey OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the index of the private key from the
|
|
ipsecPublicKeyTable corresponding to the public key
|
|
contained in this certificate.
|
|
If this object is zero, there is no private key available
|
|
for this certificate."
|
|
::= { certEntry 14 }
|
|
|
|
certMD5Fingerprint OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the fingerprint of the certificate
|
|
computed as an MD5 hash of the DER encoded binary certificate.
|
|
Compare this object against an externally retrieved MD5
|
|
fingerprint (e.g. published on a CA's web site) to assure
|
|
the authenticity of the certificate."
|
|
::= { certEntry 24 }
|
|
|
|
certSHA1Fingerprint OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the fingerprint of the certificate
|
|
computed as an SHA1 hash of the DER encoded binary certificate.
|
|
Compare this object against an externally retrieved SHA1
|
|
fingerprint (e.g. published on a CA's web site) to assure
|
|
the authenticity of the certificate."
|
|
::= { certEntry 25 }
|
|
|
|
certSource OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
config(1), -- statically configured
|
|
ike(2), -- received inline with IKE negotiation
|
|
ldap(3), -- retrieved via LDAP
|
|
http(4) -- retrieved via HTTP
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the instance which created the certificate."
|
|
DEFVAL { config }
|
|
::= { certEntry 26 }
|
|
|
|
|
|
-- End Table of Certificates
|
|
|
|
|
|
|
|
-- Table of Certificate Revocation Lists
|
|
|
|
certRevListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CertRevListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The certRevListTable contains the dynamic list of certificate
|
|
revocation lists currently cached by the system."
|
|
::= { cert 6 }
|
|
|
|
certRevListEntry OBJECT-TYPE
|
|
SYNTAX CertRevListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object describes a certificate revocation list (CRL)
|
|
currently in the systems dynamic CRL cache."
|
|
INDEX {
|
|
certRevListIndex
|
|
}
|
|
::= { certRevListTable 1 }
|
|
|
|
CertRevListEntry ::=
|
|
SEQUENCE {
|
|
certRevListIndex INTEGER,
|
|
certRevListDescription DisplayString,
|
|
certRevListIssuerName DisplayString,
|
|
certRevListIssuerAltNames DisplayString,
|
|
certRevListSerialNumber DisplayString,
|
|
certRevListThisUpdate Date,
|
|
certRevListNextUpdate Date,
|
|
certRevListNumCerts INTEGER,
|
|
certRevListSource INTEGER
|
|
}
|
|
|
|
certRevListIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index of this CRL."
|
|
::= { certRevListEntry 1 }
|
|
|
|
certRevListDescription OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the name of the certificate
|
|
revocation list."
|
|
::= { certRevListEntry 2 }
|
|
|
|
certRevListIssuerName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the certificate authority which issued this CRL."
|
|
::= { certRevListEntry 3 }
|
|
|
|
certRevListIssuerAltNames OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The alternative names of the certificate authority which issued
|
|
this CRL."
|
|
::= { certRevListEntry 4 }
|
|
|
|
certRevListSerialNumber OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The serial number of the CRL."
|
|
::= { certRevListEntry 5 }
|
|
|
|
certRevListThisUpdate OBJECT-TYPE
|
|
SYNTAX Date
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The beginning of the validity period of CRL (GMT)."
|
|
::= { certRevListEntry 9 }
|
|
|
|
certRevListNextUpdate OBJECT-TYPE
|
|
SYNTAX Date
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The end of the validity period of the CRL (GMT)."
|
|
::= { certRevListEntry 10 }
|
|
|
|
certRevListNumCerts OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of certificates contained in the CRL defined by this
|
|
entry."
|
|
::= { certRevListEntry 7 }
|
|
|
|
certRevListSource OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
config(1), -- statically configured
|
|
ike(2), -- received inline with IKE negotiation
|
|
ldap(3), -- retrieved via LDAP
|
|
http(4) -- retrieved via HTTP
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The instance which created this crl."
|
|
DEFVAL { config }
|
|
::= { certRevListEntry 8 }
|
|
|
|
-- End Table of Certificate Revocation Lists
|
|
|
|
|
|
-- Certificate Management Table
|
|
|
|
certMgmtTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CertMgmtEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The certMgmtTable provides MIB access to the machines
|
|
certificate management functions. These are certificate
|
|
download/upload, creation ofd certificate requests and
|
|
automatic certificate enrollment."
|
|
::= { cert 7 }
|
|
|
|
certMgmtEntry OBJECT-TYPE
|
|
SYNTAX CertMgmtEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies a task in the systems certMgmtTable.
|
|
The system automatically deletes all tasks which have been
|
|
finished except the most recent one."
|
|
INDEX {
|
|
certMgmtCommand
|
|
}
|
|
::= { certMgmtTable 1 }
|
|
|
|
CertMgmtEntry ::=
|
|
SEQUENCE {
|
|
certMgmtIndex INTEGER,
|
|
certMgmtCommand INTEGER,
|
|
certMgmtUrl DisplayString,
|
|
certMgmtCertName DisplayString,
|
|
certMgmtSubjectName DisplayString,
|
|
certMgmtSubjectAltName DisplayString,
|
|
certMgmtSubjectAltName2 DisplayString,
|
|
certMgmtSubjectAltName3 DisplayString,
|
|
certMgmtKeyIndex INTEGER,
|
|
certMgmtCaCertIndex INTEGER,
|
|
certMgmtCaDomain DisplayString,
|
|
certMgmtPassword DisplayString,
|
|
certMgmtAutoSave INTEGER,
|
|
certMgmtPollInterval INTEGER,
|
|
certMgmtMaxPolls INTEGER,
|
|
certMgmtNumPolls INTEGER,
|
|
certMgmtState INTEGER,
|
|
certMgmtRaSignCertIndex INTEGER,
|
|
certMgmtRaEncryptCertIndex INTEGER,
|
|
certMgmtKeyLength INTEGER,
|
|
certMgmtCaFingerprint OCTET STRING,
|
|
certMgmtNoCrls INTEGER,
|
|
certMgmtAction INTEGER
|
|
}
|
|
|
|
certMgmtIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index for this entry."
|
|
::= { certMgmtEntry 1 }
|
|
|
|
certMgmtCommand OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
getca-scep(1), -- Retrieve CA certificate via SCEP
|
|
enroll-scep(2), -- Enroll using SCEP
|
|
enroll-manual(3), -- Do a manual enrollment
|
|
delete(8) -- Cancel the task and delete this entry
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The task to perform for this entry.
|
|
Possible values:
|
|
getca-scep(1), -- Retrieve CA certificate via SCEP
|
|
enroll-scep(2), -- Enroll using SCEP
|
|
enroll-manual(3), -- Do a manual enrollment
|
|
delete(8) -- Cancel the task and delete this entry
|
|
"
|
|
DEFVAL { enroll-scep }
|
|
::= { certMgmtEntry 2 }
|
|
|
|
certMgmtUrl OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The url to access for the task."
|
|
::= { certMgmtEntry 3 }
|
|
|
|
certMgmtCertName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the resulting certificate (for certificate
|
|
retrieval tasks) or the name of the certificate to use
|
|
(for certificate export tasks."
|
|
::= { certMgmtEntry 4 }
|
|
|
|
certMgmtSubjectName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subject name to include into the certificate request."
|
|
::= { certMgmtEntry 5 }
|
|
|
|
certMgmtSubjectAltName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subject alternative name to include into the certificate
|
|
request (optional)."
|
|
::= { certMgmtEntry 6 }
|
|
|
|
certMgmtSubjectAltName2 OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A second subject alternative name (optional)."
|
|
::= { certMgmtEntry 7 }
|
|
|
|
certMgmtSubjectAltName3 OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A third subject alternative name (optional)."
|
|
::= { certMgmtEntry 8 }
|
|
|
|
certMgmtKeyIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the key in the ipsecPublicKeyTable to use for
|
|
certificate enrollment."
|
|
::= { certMgmtEntry 9 }
|
|
|
|
certMgmtCaCertIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the CA certificate to use (from the certTable)."
|
|
::= { certMgmtEntry 10 }
|
|
|
|
certMgmtCaDomain OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The domain for which the CA certificate is to be received
|
|
(getca_scep command only)."
|
|
::= { certMgmtEntry 11 }
|
|
|
|
certMgmtPassword OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The password (SCEP: challenge password, CMP: <ref-no>:<psk>."
|
|
::= { certMgmtEntry 12 }
|
|
|
|
certMgmtAutoSave OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
true(1), -- save pending tasks permanently
|
|
false(2) -- do notsave tasks permanently
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Determines if pending requests should be saved permanently
|
|
after each try and results should be saved permanently after
|
|
finish."
|
|
DEFVAL { true }
|
|
::= { certMgmtEntry 13 }
|
|
|
|
certMgmtPollInterval OBJECT-TYPE
|
|
SYNTAX INTEGER (5..86400)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interval (in seconds) between polls."
|
|
DEFVAL { 300 }
|
|
::= { certMgmtEntry 14 }
|
|
|
|
certMgmtMaxPolls OBJECT-TYPE
|
|
SYNTAX INTEGER (-1..32767)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of polls performed. A value of -1 means
|
|
forever, a value of 0 disables polling, i.e. the task is
|
|
cancelled if the initial result is delayed."
|
|
DEFVAL { 12 }
|
|
::= { certMgmtEntry 15 }
|
|
|
|
certMgmtNumPolls OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of polls already performed."
|
|
::= { certMgmtEntry 16 }
|
|
|
|
certMgmtState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
done(1), -- Task finished successfully
|
|
error(2), -- Task finished with an error
|
|
running(3), -- Task is currently performed
|
|
delayed(4), -- Task has been initiated but not yet finished
|
|
-- (nothing is currently done for this task)
|
|
polling(5), -- A delayed Task is currently continued polling
|
|
-- for the result
|
|
notreached(6) -- Task will be retried later because target
|
|
-- host was not reachable yet
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The state of the task specified by this entry."
|
|
DEFVAL { running }
|
|
::= { certMgmtEntry 17 }
|
|
|
|
certMgmtRaSignCertIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the Registration Authority's (RA) certificate to
|
|
use for signing purposes (from the certTable)."
|
|
::= { certMgmtEntry 18 }
|
|
|
|
certMgmtRaEncryptCertIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the Registration Authority's (RA) certificate to
|
|
use for encryption purposes (from the certTable)."
|
|
::= { certMgmtEntry 19 }
|
|
|
|
certMgmtKeyLength OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The key length in bits used in requests for certificate enrollment."
|
|
DEFVAL { 1024 }
|
|
::= { certMgmtEntry 20 }
|
|
|
|
certMgmtCaFingerprint OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object holds the fingerprint of the CA certificate
|
|
computed as an SHA1 or MD5 hash.
|
|
This object is compared against an externally retrieved
|
|
SHA1 / MD5 fingerprint (e.g. published on a CA's web site) to
|
|
assure the authenticity of the certificate."
|
|
::= { certMgmtEntry 21 }
|
|
|
|
certMgmtNoCrls OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
true(1), -- do not check for certificate revocation
|
|
-- lists for this CA (no meaning for non-CA
|
|
-- certificates)
|
|
false(2), -- check for certificate revocation
|
|
-- lists for this CA
|
|
auto(3), -- check for crls only if there is a
|
|
-- CRLDistributionPoint in the certificate
|
|
inherit(4) -- inherit from superior ca in chain
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object determines how CRL checking is set for
|
|
certificates retrieved during certificate enrollment.
|
|
Possible Values:
|
|
true(1), -- do not check for certificate revocation
|
|
-- lists for this CA (no meaning for non-CA
|
|
-- certificates)
|
|
false(2), -- check for certificate revocation
|
|
-- lists for this CA (no meaning for non-CA
|
|
-- certificates)
|
|
auto(3), -- check for crls only if there is a
|
|
-- CRLDistributionPoint in the certificate
|
|
inherit(4), -- inherit from superior ca in chain."
|
|
DEFVAL { auto }
|
|
::= { certMgmtEntry 22 }
|
|
|
|
certMgmtAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
wait(1), -- Certificate management task is waiting
|
|
go(2) -- Certificate management task starts now
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS mandatory
|
|
DESCRIPTION
|
|
"Flag whether certificate management task is waiting or
|
|
starts immediately.
|
|
Use this flag to create complex tasks in multiple steps:
|
|
First create task with certMgmtAction set to 'wait'. After
|
|
task is completely build, set this flag to 'go' and the
|
|
certificate management task starts automatically.
|
|
After certificate management task has started, certMgmtAction
|
|
is automatically set to 'wait'.
|
|
Possible values:
|
|
wait -- Certificate management task is waiting
|
|
go -- Certificate management task starts now
|
|
"
|
|
DEFVAL { wait }
|
|
::= { certMgmtEntry 23 }
|
|
|
|
-- End Certificate Management Table
|
|
|
|
-- Global Certificate Statistics
|
|
|
|
certStats OBJECT IDENTIFIER ::= { cert 8 }
|
|
--Statistics for the certificate management
|
|
|
|
certStatCertsConfigured OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of configured certificate entries (opposed to those
|
|
dynamically learnt by any means during system run)."
|
|
::= { certStats 1 }
|
|
|
|
|
|
-- Global Certificate Cache Statistics
|
|
|
|
certCacheStats OBJECT IDENTIFIER ::= { certStats 64 }
|
|
--Statistics table for the certificate management
|
|
|
|
certCacheStatMemoryUsage OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Allocated memory by the certificate cache."
|
|
::= { certCacheStats 1 }
|
|
|
|
certCacheStatNumEntries OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of entries used in the certificate cache."
|
|
::= { certCacheStats 2 }
|
|
|
|
certCacheStatNumCertCacheHit OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of successful certificate requests from cache."
|
|
::= { certCacheStats 3 }
|
|
|
|
certCacheStatNumCertCacheMiss OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of failed certificate requests from cache."
|
|
::= { certCacheStats 4 }
|
|
|
|
certCacheStatNumCrlCacheHit OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of successful crl requests from cache."
|
|
::= { certCacheStats 5 }
|
|
|
|
certCacheStatNumCrlCacheMiss OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of failed crl requests from cache."
|
|
::= { certCacheStats 6 }
|
|
|
|
-- End Global Certificate Cache Statistics
|
|
|
|
-- End Global Certificate Statistics
|
|
|
|
-- Public Key Table
|
|
|
|
ipsecPublicKeyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF IpsecPubKeyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the list of public key pairs and ID's used
|
|
with IPSec."
|
|
|
|
::= { ipsec 2 }
|
|
|
|
ipsecPubKeyEntry OBJECT-TYPE
|
|
SYNTAX IpsecPubKeyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object contains a key pair for a certain public key
|
|
algorithm and the ids used together with this key."
|
|
INDEX {
|
|
ipsecPubKeyAlgorithm,
|
|
ipsecPubKeyKeyLength
|
|
}
|
|
::= { ipsecPublicKeyTable 1 }
|
|
|
|
IpsecPubKeyEntry ::=
|
|
SEQUENCE {
|
|
ipsecPubKeyIndex INTEGER,
|
|
ipsecPubKeyDescription DisplayString,
|
|
ipsecPubKeyAlgorithm INTEGER,
|
|
ipsecPubKeyKeyLength INTEGER,
|
|
ipsecPubKeyPublicExponent INTEGER,
|
|
ipsecPubKeyState INTEGER
|
|
}
|
|
|
|
ipsecPubKeyIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index for this entry."
|
|
::= { ipsecPubKeyEntry 1 }
|
|
|
|
ipsecPubKeyDescription OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An optional description for this key."
|
|
::= { ipsecPubKeyEntry 2 }
|
|
|
|
ipsecPubKeyAlgorithm OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
rsa(2), -- The RSA encryption algorithm
|
|
dsa(3), -- The digital signature algorithm
|
|
delete(15) -- Mark this entry for deletion
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the algorithm for which the key is used.
|
|
Possible values:
|
|
rsa(2), -- The RSA encryption algorithm
|
|
dsa(3), -- The digital signature algorithm
|
|
delete(15) -- Mark this entry for deletion."
|
|
DEFVAL { rsa }
|
|
::= { ipsecPubKeyEntry 3 }
|
|
|
|
ipsecPubKeyKeyLength OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
UNITS "bits"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The size of the public and private keys in bits."
|
|
DEFVAL { 768 }
|
|
::= { ipsecPubKeyEntry 4 }
|
|
|
|
ipsecPubKeyPublicExponent OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The RSA public exponent of the key. (undefined for DSA)"
|
|
::= { ipsecPubKeyEntry 5 }
|
|
|
|
ipsecPubKeyState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
generating(1), -- Key generation is in progress
|
|
complete(2), -- Key generation is complete
|
|
error(3) -- Key generation terminated with an error
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the state of the Key.
|
|
Possible values:
|
|
generating(1), -- Key generation is in progress
|
|
complete(2), -- Key generation is complete
|
|
error(3) -- Key generation terminated with an error."
|
|
DEFVAL { generating }
|
|
::= { ipsecPubKeyEntry 6 }
|
|
|
|
-- End Public Key Table
|
|
|
|
END
|