XEDIA-PKI-MIB
File:
XEDIA-PKI-MIB.mib (30399 bytes)
Imported modules
Imported symbols
Defined Types
PkiAlgorithm |
|
A public key algorithm. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
rsa(1), dsa(2) |
|
PkiSigAlgorithm |
|
A public key signature algorithm. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
md5WithRSAEncryption(1), sha1WithRSAEncryption(2), sha1WithDSAId(3) |
|
PkiCertType |
|
A type of certificate. |
TEXTUAL-CONVENTION |
|
|
|
|
INTEGER |
x509-v1(1), x509-v2(2), x509-v3(3) |
|
PkiKeyPairEntry |
|
SEQUENCE |
|
|
|
|
pkiKeyPairName |
PkiKeyPairName |
|
|
pkiKeyPairAlgorithm |
PkiAlgorithm |
|
|
pkiKeyPairLength |
Integer32 |
|
|
pkiKeyPairRowStatus |
RowStatus |
|
PkiCertRqstEntry |
|
SEQUENCE |
|
|
|
|
pkiCertRqstPublicKey |
PkiKeyPairName |
|
|
pkiCertRqstSigAlgorithm |
PkiSigAlgorithm |
|
|
pkiCertRqstSignature |
OCTET STRING |
|
|
pkiCertRqstPem |
PemString |
|
PkiCertEntry |
|
SEQUENCE |
|
|
|
|
pkiCertIndex |
Integer32 |
|
|
pkiCertSubjNames |
DisplayString |
|
|
pkiCertIssuerNames |
DisplayString |
|
|
pkiCertKeyPair |
PkiKeyPairName |
|
|
pkiCertType |
PkiCertType |
|
|
pkiCertSerialNum |
DisplayString |
|
|
pkiCertValidNotBefore |
DisplayString |
|
|
pkiCertValidNotAfter |
DisplayString |
|
|
pkiCertCreation |
INTEGER |
|
|
pkiCertCertAuthority |
TruthValue |
|
|
pkiCertCrlIssuer |
TruthValue |
|
|
pkiCertTrustStatus |
BIT STRING |
|
|
pkiCertForceTrusted |
TruthValue |
|
|
pkiCertSubjPubKeyAlgorithm |
DisplayString |
|
|
pkiCertSignatureAlgorithm |
DisplayString |
|
|
pkiCertSignature |
OCTET STRING |
|
|
pkiCertRemove |
INTEGER |
|
PkiCrlEntry |
|
SEQUENCE |
|
|
|
|
pkiCrlIndex |
Integer32 |
|
|
pkiCrlIssuerNames |
DisplayString |
|
|
pkiCrlNumber |
DisplayString |
|
|
pkiCrlType |
PkiCertType |
|
|
pkiCrlUpdateTime |
DisplayString |
|
|
pkiCrlNextUpdateTime |
DisplayString |
|
|
pkiCrlTrustStatus |
BIT STRING |
|
|
pkiCrlCreation |
INTEGER |
|
|
pkiCrlRevokedCerts |
Gauge32 |
|
|
pkiCrlRemove |
INTEGER |
|
PkiCrlCertEntry |
|
SEQUENCE |
|
|
|
|
pkiCrlCertIndex |
Integer32 |
|
|
pkiCrlCertSerialNumber |
DisplayString |
|
|
pkiCrlCertRevokedDate |
DisplayString |
|
|
pkiCrlCertInvalidDate |
DisplayString |
|
|
pkiCrlCertIssuerNames |
DisplayString |
|
Defined Values
xediaPkiMIB |
1.3.6.1.4.1.838.3.24 |
This module defines objects for management of Xedia's
Public Key Infrastructure subsystem. |
MODULE-IDENTITY |
|
|
|
pkiObjects |
1.3.6.1.4.1.838.3.24.1 |
OBJECT IDENTIFIER |
|
|
|
pkiSubjDistName |
1.3.6.1.4.1.838.3.24.1.1.2 |
The X500 distinguished name for this system. This name
corresponds to the subject name in this gateway's
certificates and requests. For example:
'C=US, O=Xedia Corp, CN=198.202.232.217'
This object can be set explicitly or may reflect the
system's LDAP or router address as specified by
pkiSubjNameFormat. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..128) |
|
pkiLdapServer |
1.3.6.1.4.1.838.3.24.1.1.3 |
The name of the LDAP Server used as the default Certificate
and CRL repository. This may be in the form of a DNS or
IP address with an optional port number specified after a
colon. For example:
'ldap.xedia.com'
'198.202.232.121'
'ldap.xedia.com:389'
'198.202.232.121:389'
When this object is set to a valid server, LDAP is automatically
enabled as a PKI certificate and CRL retrieval mechanism. If
cleared, LDAP is disabled for PKI purposes. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
DisplayString |
Size(0..128) |
|
pkiKeyPairTable |
1.3.6.1.4.1.838.3.24.1.2 |
The PKI key pair table is used to administer
public/private key pairs for this system. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PkiKeyPairEntry |
|
pkiKeyPairEntry |
1.3.6.1.4.1.838.3.24.1.2.1 |
The attributes of a single PKI Key Pair. Note that a
PkiKeyPairEntry cannot be modified if referenced by a
PkiCertRqstEntry. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PkiKeyPairEntry |
|
|
pkiKeyPairName |
1.3.6.1.4.1.838.3.24.1.2.1.1 |
The administrative name given to the key pair. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PkiKeyPairName |
|
|
pkiKeyPairLength |
1.3.6.1.4.1.838.3.24.1.2.1.3 |
The length of the public key in bits.
For RSA keys, the valid range is 512 to 2048,
and the default is 1024.
For DSS keys, the valid range is 512 to 1024,
and the default is 1024. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
512..2048 |
|
pkiKeyPairRowStatus |
1.3.6.1.4.1.838.3.24.1.2.1.4 |
This object is used to create and delete entries in this
table. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
pkiCertRqstTable |
1.3.6.1.4.1.838.3.24.1.3 |
The PKI key pair table is used to administer PKCS #10
certificate requests for this system. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PkiCertRqstEntry |
|
pkiCertRqstEntry |
1.3.6.1.4.1.838.3.24.1.3.1 |
The attributes of a single PKCS #10 certificate request. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PkiCertRqstEntry |
|
|
pkiCertRqstPublicKey |
1.3.6.1.4.1.838.3.24.1.3.1.1 |
The system's public key included in this certificate
request. This object references an entry in the
pkiKeyPairTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PkiKeyPairName |
|
|
pkiCertRqstSigAlgorithm |
1.3.6.1.4.1.838.3.24.1.3.1.2 |
The signature algorithm used to sign the public key
information in this certificate request. For both RSA
and DSA key pairs, the hash will default to SHA-1. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
PkiSigAlgorithm |
|
|
pkiCertRqstSignature |
1.3.6.1.4.1.838.3.24.1.3.1.3 |
The signature of the certificate request. After the
certificate request is tranported to the CA, many
CAs display the certificate request signature and
suggest that it is checked against the signature
on the generating system. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
|
|
pkiCertRqstPem |
1.3.6.1.4.1.838.3.24.1.3.1.4 |
The full ANS.1 DER encoded PKCS #10 certificate request
in PEM/base64 format. This object may be manually cut and
pasted over to the certificate authority for X.509
certificate generation. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
PemString |
|
|
pkiNewCert |
1.3.6.1.4.1.838.3.24.1.4 |
X.509 Certificate generated by a Certificate Authority
based on the pkiPublicKeyCertRequest information in
base64/PEM format.
This object provides a manual mechanism for the
administrator to load static certificates into the
pkiCertTable. When this object is written, the system
parses the certificate and loads it into the local
certificate database as a static entry. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
PemString |
|
|
pkiCertTable |
1.3.6.1.4.1.838.3.24.1.5 |
This table contains the certificates in the system's local
database including static certificates loaded via network
management and dynamic certificates retrieved from
certificate operational protocols such as LDAP. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PkiCertEntry |
|
pkiCertEntry |
1.3.6.1.4.1.838.3.24.1.5.1 |
The attributes that make up a single certificate. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PkiCertEntry |
|
|
pkiCertIndex |
1.3.6.1.4.1.838.3.24.1.5.1.1 |
The unique index for this certificate. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
pkiCertSubjNames |
1.3.6.1.4.1.838.3.24.1.5.1.2 |
The subject name(s) of the network entity or
user being certified. The certificate's subject name
can consist of multiple names including distinguished name
fields, IP Address, domain name, etc. This object
concatenates all these names into one string. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
pkiCertIssuerNames |
1.3.6.1.4.1.838.3.24.1.5.1.3 |
The name(s) of the certificate authority which issued
this certificate. The certificate's issuer name can consist
of multiple names including distinguished name fields, IP
Address, domain name, etc. This object concatenates all these
names into one string. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
pkiCertKeyPair |
1.3.6.1.4.1.838.3.24.1.5.1.4 |
This system's public/private keypair associated with
this certificate. If the certificate is not for this
gateway, the object will be a zero length string. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
PkiKeyPairName |
|
|
pkiCertType |
1.3.6.1.4.1.838.3.24.1.5.1.5 |
The type of certificate. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
PkiCertType |
|
|
pkiCertSerialNum |
1.3.6.1.4.1.838.3.24.1.5.1.6 |
The serial number for this certificate. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
pkiCertCreation |
1.3.6.1.4.1.838.3.24.1.5.1.9 |
Specifies how the certificate was obtained. If a
dynamic certificate is modified via network management,
it becomes 'static'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
static(1), dynamic(2) |
|
pkiCertCertAuthority |
1.3.6.1.4.1.838.3.24.1.5.1.10 |
Indicates whether or not this certificate is for a
Certificate Authority. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
pkiCertCrlIssuer |
1.3.6.1.4.1.838.3.24.1.5.1.11 |
Certificate Authorities periodically issue Certificate Revocation
Lists (CRLs) for certificates which have been revoked. Certificates
issued by a CA need to be checked against a current CRL issued by
the CA, otherwise they cannot be trusted.
By default, all CA's are considered CRL issuers. Disabling this
object disables CRL checking when computing trust for subordinate
certificates. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
pkiCertTrustStatus |
1.3.6.1.4.1.838.3.24.1.5.1.12 |
The certificate's current trust status. If the trust
computation succeeds, it will be 'trusted(0)' otherwise
this object will give the set of errors detected
while computing the trust status for this certificate.
To be trusted(0), all issuer certificates in the chain must be
trusted. Note that when a self signed root certificate is
added, the trustStatus remains 'untrustedRoot(7)' until it is
manually set trusted via pkiCertForceTrusted. This gives the
administrator the opportunity to view and verify a root
certificate before it is used to verify subordinate certificates. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
BIT STRING |
trusted(0), computing(1), noIssuer(2), issuerUntrusted(3), noIssuerCRL(4), revoked(5), pathLengthExceeded(6), validityPeriod(7), signatureCheck(8), untrustedRoot(9) |
|
pkiCertForceTrusted |
1.3.6.1.4.1.838.3.24.1.5.1.13 |
A mechanism whereby the administrator can set any certificate
trusted. Enabling 'forceTrusted' will set the certificate
trusted for it's entire validity period and if it's a CA
certificate may result in subordinate certificates becoming
trusted. Note that 'forceTrusted' must be set enabled for
root certificates. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
pkiCertSignature |
1.3.6.1.4.1.838.3.24.1.5.1.16 |
The certificate's digital signature. After loading
a CA certificate, it is recommended that this
value be checked against the CA certificate
signature to verify that the certificate was not
compromised in transit. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
|
|
pkiCertRemove |
1.3.6.1.4.1.838.3.24.1.5.1.17 |
This object is used to delete certificates. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
ready(1), execute(2) |
|
pkiNewCrl |
1.3.6.1.4.1.838.3.24.1.6 |
X.509 Certificate Revocation list generated by a
Certificate Authority in base64/PEM format.
This object provides a manual mechanism for the
administrator to load static CRLS into the pkiCrlTable.
When this object is written, the system parses the CRL
and loads it into the local CRL database as a static entry. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
PemString |
|
|
pkiCrlTable |
1.3.6.1.4.1.838.3.24.1.7 |
This table contains the CRLs in the system's local
database including static CRLs loaded via network
management and dynamic CRLs retrieved from
operational protocols such as LDAP. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PkiCrlEntry |
|
pkiCrlEntry |
1.3.6.1.4.1.838.3.24.1.7.1 |
The attributes that make up a single CRL. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PkiCrlEntry |
|
|
pkiCrlIndex |
1.3.6.1.4.1.838.3.24.1.7.1.1 |
The unique index for this CRL. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
pkiCrlIssuerNames |
1.3.6.1.4.1.838.3.24.1.7.1.2 |
The name(s) of the certificate authority which issued
this CRL. The CRL's issuer name can consist of multiple names
including distinguished name fields, IP Address, domain name,
etc. This object concatenates all these names into one string. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
pkiCrlNumber |
1.3.6.1.4.1.838.3.24.1.7.1.3 |
The CRL number which is unique for all CRLs issued by a
particular CA. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
pkiCrlType |
1.3.6.1.4.1.838.3.24.1.7.1.4 |
The type of certificates in the CRL. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
PkiCertType |
|
|
pkiCrlTrustStatus |
1.3.6.1.4.1.838.3.24.1.7.1.7 |
The CRL's current trust status. If the trust computation
succeeds, it will be 'trusted(0)' otherwise this object will
give the set of errors detected while computing the trust
status for this CRL. To be trusted, all issuer certificates
in the chain must be trusted. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
BIT STRING |
trusted(0), noIssuer(1), issuerUntrusted(2), validityPeriod(3), updateDue(4), signatureCheck(5) |
|
pkiCrlCreation |
1.3.6.1.4.1.838.3.24.1.7.1.8 |
Specifies how the CRL was obtained. If a dynamic
CRL is modified via network management, it becomes
'static'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
static(1), dynamic(2) |
|
pkiCrlRevokedCerts |
1.3.6.1.4.1.838.3.24.1.7.1.9 |
The number of revoked certificates in this CRL. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Gauge32 |
|
|
pkiCrlRemove |
1.3.6.1.4.1.838.3.24.1.7.1.10 |
This object is used to delete CRLs. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
ready(1), execute(2) |
|
pkiCrlCertTable |
1.3.6.1.4.1.838.3.24.1.8 |
This table contains the list of revoked certificates from
CRLs in the pkiCrlTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PkiCrlCertEntry |
|
pkiCrlCertEntry |
1.3.6.1.4.1.838.3.24.1.8.1 |
A revoked certificate entry from a CRL. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PkiCrlCertEntry |
|
|
pkiCrlCertIndex |
1.3.6.1.4.1.838.3.24.1.8.1.1 |
The unique index for this CRL certificate. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
pkiCrlCertInvalidDate |
1.3.6.1.4.1.838.3.24.1.8.1.4 |
The date and time at which the certificate becomes invalid. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
pkiCrlCertIssuerNames |
1.3.6.1.4.1.838.3.24.1.8.1.5 |
The name(s) of the certificate authority which revoked
the certificate. The certificate's issuer name can consist
of multiple names including distinguished name fields, IP
Address, domain name, etc. This object concatenates all these
names into one string. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
DisplayString |
|
|
pkiGroups |
1.3.6.1.4.1.838.3.24.2.2 |
OBJECT IDENTIFIER |
|
|
|
pkiCompliance |
1.3.6.1.4.1.838.3.24.2.1.1 |
The compliance statement for all agents that support this
MIB. A compliant agent implements all objects defined in this
MIB. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
pkiAllGroup |
1.3.6.1.4.1.838.3.24.2.2.1 |
The set of all accessible objects in this MIB. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|