CISCO-PKI-MIB

File: CISCO-PKI-MIB.mib (24148 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
CISCO-SMI

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Counter32
NOTIFICATION-TYPE Integer32 Unsigned32
MODULE-COMPLIANCE NOTIFICATION-GROUP OBJECT-GROUP
DisplayString TimeInterval ciscoMgmt

Defined Types

CertChainEntry  
SEQUENCE    
  certChainLabel DisplayString
  certSerialNum DisplayString
  certIssuerName DisplayString
  certStartDate DisplayString
  certEndDate DisplayString
  certRemainingLife DisplayString
  certType DisplayString
  certTpLabel DisplayString
  certSubName DisplayString

PkiCRLEntry  
SEQUENCE    
  crlTpLabel DisplayString
  issuerName DisplayString
  sequenceNumb DisplayString
  nextUpdate DisplayString
  crlSize Unsigned32
  deltaCRLFlag Unsigned32

PkiOCSPEntry  
SEQUENCE    
  ocspTpLabel DisplayString
  responderID DisplayString
  thisUpdate DisplayString
  nexUpdate DisplayString

EnrollProfEntry  
SEQUENCE    
  enrollProfLabel DisplayString
  enrolCredentials DisplayString
  authLocation DisplayString
  authMethod DisplayString
  authVrf DisplayString
  authSourceInter DisplayString
  enrolMethod DisplayString
  enrolLocation DisplayString
  enrolVrf DisplayString
  enrolSourceInter DisplayString
  reenrolMethod DisplayString
  reenrolLocation DisplayString
  reenrolVrf DisplayString
  reenrolSourceInter DisplayString

PkiTPEntry  
SEQUENCE    
  tpLabel DisplayString
  subjectName DisplayString
  subjectAltName DisplayString
  aaaListInfo DisplayString
  enrollmentConfig DisplayString
  vrfConfig DisplayString
  sourceInter DisplayString
  autoEnroll DisplayString
  keyPairLabel DisplayString
  revocationMethod DisplayString
  hashAlgo DisplayString
  trustpointState DisplayString

Defined Values

ciscoPkiMIB 1.3.6.1.4.1.9.9.854
description
MODULE-IDENTITY    

ciscoPkiMIBNotifs 1.3.6.1.4.1.9.9.854.1
OBJECT IDENTIFIER    

ciscoPkiMIBObjects 1.3.6.1.4.1.9.9.854.2
OBJECT IDENTIFIER    

ciscoPkiMIBConform 1.3.6.1.4.1.9.9.854.3
OBJECT IDENTIFIER    

ciscoPkiConfiguration 1.3.6.1.4.1.9.9.854.2.1
OBJECT IDENTIFIER    

ciscoPkiCertificates 1.3.6.1.4.1.9.9.854.2.2
OBJECT IDENTIFIER    

ciscoPkiRevocationInfo 1.3.6.1.4.1.9.9.854.2.3
OBJECT IDENTIFIER    

ciscoPkiEnrollmentProfile 1.3.6.1.4.1.9.9.854.2.1.1
OBJECT IDENTIFIER    

ciscoPkiTrustpoints 1.3.6.1.4.1.9.9.854.2.1.2
OBJECT IDENTIFIER    

certChainTable 1.3.6.1.4.1.9.9.854.2.2.1
Please enter the Table Description here.
OBJECT-TYPE    
  SEQUENCE OF  
    CertChainEntry

certChainEntry 1.3.6.1.4.1.9.9.854.2.2.1.1
An entry (conceptual row) in the xxxTable.
OBJECT-TYPE    
  CertChainEntry  

certChainLabel 1.3.6.1.4.1.9.9.854.2.2.1.1.1
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

certSerialNum 1.3.6.1.4.1.9.9.854.2.2.1.1.2
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

certIssuerName 1.3.6.1.4.1.9.9.854.2.2.1.1.3
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

certStartDate 1.3.6.1.4.1.9.9.854.2.2.1.1.4
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

certEndDate 1.3.6.1.4.1.9.9.854.2.2.1.1.5
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

certType 1.3.6.1.4.1.9.9.854.2.2.1.1.6
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

certRemainingLife 1.3.6.1.4.1.9.9.854.2.2.1.1.7
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

certTpLabel 1.3.6.1.4.1.9.9.854.2.2.1.1.8
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

certSubName 1.3.6.1.4.1.9.9.854.2.2.1.1.9
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

ciscoPkiCRLInfo 1.3.6.1.4.1.9.9.854.2.3.1
OBJECT IDENTIFIER    

ciscoPkiOSCPInfo 1.3.6.1.4.1.9.9.854.2.3.2
OBJECT IDENTIFIER    

pkiCRLTable 1.3.6.1.4.1.9.9.854.2.3.1.1
Please enter the Table Description here.
OBJECT-TYPE    
  SEQUENCE OF  
    PkiCRLEntry

pkiCRLEntry 1.3.6.1.4.1.9.9.854.2.3.1.1.1
An entry (conceptual row) in the xxxTable.
OBJECT-TYPE    
  PkiCRLEntry  

crlTpLabel 1.3.6.1.4.1.9.9.854.2.3.1.1.1.1
Unique trustpoint Label
OBJECT-TYPE    
  DisplayString  

issuerName 1.3.6.1.4.1.9.9.854.2.3.1.1.1.2
CRL Issuer name
OBJECT-TYPE    
  DisplayString Size(0..255)  

sequenceNumb 1.3.6.1.4.1.9.9.854.2.3.1.1.1.3
Please enter the object description here
OBJECT-TYPE    
  DisplayString Size(0..255)  

nextUpdate 1.3.6.1.4.1.9.9.854.2.3.1.1.1.4
Please enter the object description here
OBJECT-TYPE    
  DisplayString Size(0..255)  

crlSize 1.3.6.1.4.1.9.9.854.2.3.1.1.1.5
Please enter the object description here
OBJECT-TYPE    
  Unsigned32 0..4294967294  

deltaCRLFlag 1.3.6.1.4.1.9.9.854.2.3.1.1.1.6
This object specifies the storage type for this conceptual row. The following columnar objects are allowed to be writable when the storageType of this conceptual row is permanent(4): (replace with list of columns)
OBJECT-TYPE    
  Unsigned32  

pkiOCSPTable 1.3.6.1.4.1.9.9.854.2.3.2.1
Please enter the Table Description here.
OBJECT-TYPE    
  SEQUENCE OF  
    PkiOCSPEntry

pkiOCSPEntry 1.3.6.1.4.1.9.9.854.2.3.2.1.1
An entry (conceptual row) in the xxxTable.
OBJECT-TYPE    
  PkiOCSPEntry  

ocspTpLabel 1.3.6.1.4.1.9.9.854.2.3.2.1.1.1
Please enter the object description here
OBJECT-TYPE    
  DisplayString Size(0..255)  

responderID 1.3.6.1.4.1.9.9.854.2.3.2.1.1.2
An identifier of the responder (DN name or a hash of its key)
OBJECT-TYPE    
  DisplayString Size(0..255)  

thisUpdate 1.3.6.1.4.1.9.9.854.2.3.2.1.1.3
The issuing time of the revocation information.
OBJECT-TYPE    
  DisplayString Size(0..255)  

nexUpdate 1.3.6.1.4.1.9.9.854.2.3.2.1.1.4
The issuing time of the revocation information that will update that one.
OBJECT-TYPE    
  DisplayString Size(0..255)  

ciscoPkiEnrollmentTable 1.3.6.1.4.1.9.9.854.2.1.1.1
Please enter the Table Description here.
OBJECT-TYPE    
  SEQUENCE OF  
    EnrollProfEntry

enrollProfEntry 1.3.6.1.4.1.9.9.854.2.1.1.1.1
An entry (conceptual row) in the xxxTable.
OBJECT-TYPE    
  EnrollProfEntry  

enrollProfLabel 1.3.6.1.4.1.9.9.854.2.1.1.1.1.3
Unique value to display Enrollment Label. If enrollment profiles are not present, string size of 0 will show nothing.
OBJECT-TYPE    
  DisplayString Size(0..255)  

enrolCredentials 1.3.6.1.4.1.9.9.854.2.1.1.1.1.4
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

authLocation 1.3.6.1.4.1.9.9.854.2.1.1.1.1.5
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

authMethod 1.3.6.1.4.1.9.9.854.2.1.1.1.1.6
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

authVrf 1.3.6.1.4.1.9.9.854.2.1.1.1.1.7
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

authSourceInter 1.3.6.1.4.1.9.9.854.2.1.1.1.1.8
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

enrolMethod 1.3.6.1.4.1.9.9.854.2.1.1.1.1.9
Enrollment method will be displayed which will be used to authenticate and enroll. If enrollment method is configured as terminal, this parameter gives enrollment terminal If enrollment method is configured with url, this parameter returns enrollment url ip_addresss If vrf is configured as part of enrollment url, it will be shown as part of enrollment url ip_address vrf interface
OBJECT-TYPE    
  DisplayString Size(0..255)  

enrolLocation 1.3.6.1.4.1.9.9.854.2.1.1.1.1.10
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

enrolVrf 1.3.6.1.4.1.9.9.854.2.1.1.1.1.11
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

enrolSourceInter 1.3.6.1.4.1.9.9.854.2.1.1.1.1.12
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

reenrolMethod 1.3.6.1.4.1.9.9.854.2.1.1.1.1.13
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

reenrolLocation 1.3.6.1.4.1.9.9.854.2.1.1.1.1.14
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

reenrolVrf 1.3.6.1.4.1.9.9.854.2.1.1.1.1.15
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

reenrolSourceInter 1.3.6.1.4.1.9.9.854.2.1.1.1.1.16
Please enter the object description here
OBJECT-TYPE    
  DisplayString  

pkiTPTable 1.3.6.1.4.1.9.9.854.2.1.2.1
Please enter the Table Description here.
OBJECT-TYPE    
  SEQUENCE OF  
    PkiTPEntry

pkiTPEntry 1.3.6.1.4.1.9.9.854.2.1.2.1.1
An entry (conceptual row) in the xxxTable.
OBJECT-TYPE    
  PkiTPEntry  

tpLabel 1.3.6.1.4.1.9.9.854.2.1.2.1.1.1
Unique name of Trustpoint Label. When there is no trustpoint configured, size 0 shows no trustpoint configured.
OBJECT-TYPE    
  DisplayString Size(0..255)  

subjectName 1.3.6.1.4.1.9.9.854.2.1.2.1.1.2
Subject name configured under the trustpoint will be returned
OBJECT-TYPE    
  DisplayString Size(0..255)  

subjectAltName 1.3.6.1.4.1.9.9.854.2.1.2.1.1.3
subject alternate name configured under the trustpoint which can be used while generating the csr.
OBJECT-TYPE    
  DisplayString Size(0..50)  

aaaListInfo 1.3.6.1.4.1.9.9.854.2.1.2.1.1.4
Returns AAA authorization list to be used configured under trustpoint. AAA authorization list will be used during peer certificate validations etc. In order to access information on AAA list, please check AAA MIB corresponding to this AAA label.
OBJECT-TYPE    
  DisplayString Size(0..50)  

enrollmentConfig 1.3.6.1.4.1.9.9.854.2.1.2.1.1.5
Enrollment configuration which is configured under the trustpoint will be returned.
OBJECT-TYPE    
  DisplayString Size(0..255)  

vrfConfig 1.3.6.1.4.1.9.9.854.2.1.2.1.1.6
VRF interface configured under trustpoint which can be used for enrollment and obtaining CRL's
OBJECT-TYPE    
  DisplayString Size(0..50)  

sourceInter 1.3.6.1.4.1.9.9.854.2.1.2.1.1.7
source Interface configured under trustpoint.
OBJECT-TYPE    
  DisplayString Size(0..50)  

autoEnroll 1.3.6.1.4.1.9.9.854.2.1.2.1.1.8
If autoEnroll is configured under the trustpoint, autoEnroll returns with the percentage configured. If the percentage is not configured, but auto-enroll is configured under trustpoint, this parameter return auto-enroll. If percentage is configured, parameter returns auto-enroll
OBJECT-TYPE    
  DisplayString Size(0..20)  

keyPairLabel 1.3.6.1.4.1.9.9.854.2.1.2.1.1.10
Displays keypairLabel associated to this trustpoint if it is enrolled. During authentication, we wont generate the keypair Label.
OBJECT-TYPE    
  DisplayString Size(0..255)  

revocationMethod 1.3.6.1.4.1.9.9.854.2.1.2.1.1.11
This object displays revocation check configured on the device. If nothing is configured under the trustpoint, by default revocation-check crl will be updated.
OBJECT-TYPE    
  DisplayString Size(0..50)  

hashAlgo 1.3.6.1.4.1.9.9.854.2.1.2.1.1.12
Hash algorithm configured under the trustpoint. This will be used while selecting the HASH algorithm when CA server responded with GetCACapabilities list. Default value is sha1
OBJECT-TYPE    
  DisplayString  

trustpointState 1.3.6.1.4.1.9.9.854.2.1.2.1.1.13
Trustpoint state displays following 1) Authenticated - Trustpoint is in Authenticated state. 2) Enrolled - Trustpoint is authenticated and enrolled. Certificate state is granted. 3) Pending - Trustpoint is authenticated but enrollment is in pending state. This means CA server returned PENDING for the router certificate. 4) None - Trustpoint is neither authenticated nor enrolled.
OBJECT-TYPE    
  DisplayString Size(0..20)  

ciscoPkiCertInstallAlert 1.3.6.1.4.1.9.9.854.1.1
When a certificate is installed on the device, notification will be sent with following information. a) Certificates Serial number b) Certificate Issuer-name c) Certificate Subject name d) Trustpoint name e) Type of certificate. (i.e. CA/ID) certificate f) Certificate Start Date g) Certificate End Date Alert will not be sent for RA certificates, trustpool certificates and self-signed non-persistent certificates.
NOTIFICATION-TYPE    

ciscoPkiCertExpiryAlert 1.3.6.1.4.1.9.9.854.1.2
Certificate Expiry alert consists of following a) Certificate Serial number b) Certificate Issuer-name c) Trustpoint name d) Type of certificate (i.e. CA/ID/SUBCA/RA) e) Certificate remaining lifetime in seconds. f) Certificate subject-name When a certificate is reaching its expiry on the router, a trap will be sent to SNMP server at regular intervals starting from 60days to till 1week. From 1week onwards daily one trap will be sent with following information a) Certificate Serial number b) Certificate Issuer-name c) Trustpoint name d) Type of certificate (i.e. CA/ID) e) Certificate remaining lifetime. Alert will not be sent if trustpoint is configured with auto-enroll and corresponding shadow certificate/rollover certificate is present provided, shadow/rollover certificates start time is same/behind certificate end time. If shadow/rollover certificate start time is ahead of certificate end time, alerts will be continued to send because shadow certificate wont be valid from certificates expiry time. Expiry alerts will not be sent for trustpool certificates.
NOTIFICATION-TYPE    

ciscoPkiMIBCompliances 1.3.6.1.4.1.9.9.854.3.1
OBJECT IDENTIFIER    

ciscoPkiMIBGroups 1.3.6.1.4.1.9.9.854.3.2
OBJECT IDENTIFIER    

ciscoPkiMIBCompliance 1.3.6.1.4.1.9.9.854.3.1.1
This is a default module-compliance containing default object groups.
MODULE-COMPLIANCE    

ciscoPkiMIBMainObjectGroup 1.3.6.1.4.1.9.9.854.3.2.1
The is a test group.
OBJECT-GROUP    

ciscoPkiMIBNotificationGroup 1.3.6.1.4.1.9.9.854.3.2.2
Notification alert group consists of both installation and expiry notifications.
NOTIFICATION-GROUP