XEDIA-PKI-MIB

File: XEDIA-PKI-MIB.mib (30399 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC SNMPv2-CONF
XEDIA-REG

Imported symbols

MODULE-IDENTITY OBJECT-TYPE Integer32
Gauge32 TEXTUAL-CONVENTION DisplayString
RowStatus TruthValue MODULE-COMPLIANCE
OBJECT-GROUP xediaMibs LongDisplayString

Defined Types

PemString  
An Privacy Enhanced Message formatted string.
TEXTUAL-CONVENTION    
  DisplayString  

PkiAlgorithm  
A public key algorithm.
TEXTUAL-CONVENTION    
  INTEGER rsa(1), dsa(2)  

PkiSigAlgorithm  
A public key signature algorithm.
TEXTUAL-CONVENTION    
  INTEGER md5WithRSAEncryption(1), sha1WithRSAEncryption(2), sha1WithDSAId(3)  

PkiKeyPairName  
An administrative name for a key pair.
TEXTUAL-CONVENTION    
  DisplayString Size(1..32)  

PkiCertType  
A type of certificate.
TEXTUAL-CONVENTION    
  INTEGER x509-v1(1), x509-v2(2), x509-v3(3)  

PkiKeyPairEntry  
SEQUENCE    
  pkiKeyPairName PkiKeyPairName
  pkiKeyPairAlgorithm PkiAlgorithm
  pkiKeyPairLength Integer32
  pkiKeyPairRowStatus RowStatus

PkiCertRqstEntry  
SEQUENCE    
  pkiCertRqstPublicKey PkiKeyPairName
  pkiCertRqstSigAlgorithm PkiSigAlgorithm
  pkiCertRqstSignature OCTET STRING
  pkiCertRqstPem PemString

PkiCertEntry  
SEQUENCE    
  pkiCertIndex Integer32
  pkiCertSubjNames DisplayString
  pkiCertIssuerNames DisplayString
  pkiCertKeyPair PkiKeyPairName
  pkiCertType PkiCertType
  pkiCertSerialNum DisplayString
  pkiCertValidNotBefore DisplayString
  pkiCertValidNotAfter DisplayString
  pkiCertCreation INTEGER
  pkiCertCertAuthority TruthValue
  pkiCertCrlIssuer TruthValue
  pkiCertTrustStatus BIT STRING
  pkiCertForceTrusted TruthValue
  pkiCertSubjPubKeyAlgorithm DisplayString
  pkiCertSignatureAlgorithm DisplayString
  pkiCertSignature OCTET STRING
  pkiCertRemove INTEGER

PkiCrlEntry  
SEQUENCE    
  pkiCrlIndex Integer32
  pkiCrlIssuerNames DisplayString
  pkiCrlNumber DisplayString
  pkiCrlType PkiCertType
  pkiCrlUpdateTime DisplayString
  pkiCrlNextUpdateTime DisplayString
  pkiCrlTrustStatus BIT STRING
  pkiCrlCreation INTEGER
  pkiCrlRevokedCerts Gauge32
  pkiCrlRemove INTEGER

PkiCrlCertEntry  
SEQUENCE    
  pkiCrlCertIndex Integer32
  pkiCrlCertSerialNumber DisplayString
  pkiCrlCertRevokedDate DisplayString
  pkiCrlCertInvalidDate DisplayString
  pkiCrlCertIssuerNames DisplayString

Defined Values

xediaPkiMIB 1.3.6.1.4.1.838.3.24
This module defines objects for management of Xedia's Public Key Infrastructure subsystem.
MODULE-IDENTITY    

pkiObjects 1.3.6.1.4.1.838.3.24.1
OBJECT IDENTIFIER    

pkiConformance 1.3.6.1.4.1.838.3.24.2
OBJECT IDENTIFIER    

pkiSubsystemGroup 1.3.6.1.4.1.838.3.24.1.1
OBJECT IDENTIFIER    

pkiSubjNameFormat 1.3.6.1.4.1.838.3.24.1.1.1
This object is used to specify the format of the subject name(s) for this system in PKI certificates and requests. There are multiple options for forming the subject's distinguished name. distNameFromLDAP(0) will use the system's LDAP directory name. distNameFromRtrAddr(1) will use the system's router IP address. If both options are disabled, then the pkiSubjDistName is set explicitly by the administrator. Default is distNameFromRtrAddr(1). The incIpAddrExt(3) option specifies that the system's router IP address (if configured) should be included as a subject alternate name extension in certificate requests. By default, this option is enabled. The incFQDomainNameExt(4) option specifies that the system's fully qualified domain name (if configured) should be included as a subject alternate name extension in certificate requests. By default, this option is enabled.
OBJECT-TYPE    
  BIT STRING distNameFromRtrAddr(0)  

pkiSubjDistName 1.3.6.1.4.1.838.3.24.1.1.2
The X500 distinguished name for this system. This name corresponds to the subject name in this gateway's certificates and requests. For example: 'C=US, O=Xedia Corp, CN=198.202.232.217' This object can be set explicitly or may reflect the system's LDAP or router address as specified by pkiSubjNameFormat.
OBJECT-TYPE    
  DisplayString Size(0..128)  

pkiLdapServer 1.3.6.1.4.1.838.3.24.1.1.3
The name of the LDAP Server used as the default Certificate and CRL repository. This may be in the form of a DNS or IP address with an optional port number specified after a colon. For example: 'ldap.xedia.com' '198.202.232.121' 'ldap.xedia.com:389' '198.202.232.121:389' When this object is set to a valid server, LDAP is automatically enabled as a PKI certificate and CRL retrieval mechanism. If cleared, LDAP is disabled for PKI purposes.
OBJECT-TYPE    
  DisplayString Size(0..128)  

pkiKeyPairTable 1.3.6.1.4.1.838.3.24.1.2
The PKI key pair table is used to administer public/private key pairs for this system.
OBJECT-TYPE    
  SEQUENCE OF  
    PkiKeyPairEntry

pkiKeyPairEntry 1.3.6.1.4.1.838.3.24.1.2.1
The attributes of a single PKI Key Pair. Note that a PkiKeyPairEntry cannot be modified if referenced by a PkiCertRqstEntry.
OBJECT-TYPE    
  PkiKeyPairEntry  

pkiKeyPairName 1.3.6.1.4.1.838.3.24.1.2.1.1
The administrative name given to the key pair.
OBJECT-TYPE    
  PkiKeyPairName  

pkiKeyPairAlgorithm 1.3.6.1.4.1.838.3.24.1.2.1.2
The algorithm used to generate the key pair.
OBJECT-TYPE    
  PkiAlgorithm  

pkiKeyPairLength 1.3.6.1.4.1.838.3.24.1.2.1.3
The length of the public key in bits. For RSA keys, the valid range is 512 to 2048, and the default is 1024. For DSS keys, the valid range is 512 to 1024, and the default is 1024.
OBJECT-TYPE    
  Integer32 512..2048  

pkiKeyPairRowStatus 1.3.6.1.4.1.838.3.24.1.2.1.4
This object is used to create and delete entries in this table.
OBJECT-TYPE    
  RowStatus  

pkiCertRqstTable 1.3.6.1.4.1.838.3.24.1.3
The PKI key pair table is used to administer PKCS #10 certificate requests for this system.
OBJECT-TYPE    
  SEQUENCE OF  
    PkiCertRqstEntry

pkiCertRqstEntry 1.3.6.1.4.1.838.3.24.1.3.1
The attributes of a single PKCS #10 certificate request.
OBJECT-TYPE    
  PkiCertRqstEntry  

pkiCertRqstPublicKey 1.3.6.1.4.1.838.3.24.1.3.1.1
The system's public key included in this certificate request. This object references an entry in the pkiKeyPairTable.
OBJECT-TYPE    
  PkiKeyPairName  

pkiCertRqstSigAlgorithm 1.3.6.1.4.1.838.3.24.1.3.1.2
The signature algorithm used to sign the public key information in this certificate request. For both RSA and DSA key pairs, the hash will default to SHA-1.
OBJECT-TYPE    
  PkiSigAlgorithm  

pkiCertRqstSignature 1.3.6.1.4.1.838.3.24.1.3.1.3
The signature of the certificate request. After the certificate request is tranported to the CA, many CAs display the certificate request signature and suggest that it is checked against the signature on the generating system.
OBJECT-TYPE    
  OCTET STRING  

pkiCertRqstPem 1.3.6.1.4.1.838.3.24.1.3.1.4
The full ANS.1 DER encoded PKCS #10 certificate request in PEM/base64 format. This object may be manually cut and pasted over to the certificate authority for X.509 certificate generation.
OBJECT-TYPE    
  PemString  

pkiNewCert 1.3.6.1.4.1.838.3.24.1.4
X.509 Certificate generated by a Certificate Authority based on the pkiPublicKeyCertRequest information in base64/PEM format. This object provides a manual mechanism for the administrator to load static certificates into the pkiCertTable. When this object is written, the system parses the certificate and loads it into the local certificate database as a static entry.
OBJECT-TYPE    
  PemString  

pkiCertTable 1.3.6.1.4.1.838.3.24.1.5
This table contains the certificates in the system's local database including static certificates loaded via network management and dynamic certificates retrieved from certificate operational protocols such as LDAP.
OBJECT-TYPE    
  SEQUENCE OF  
    PkiCertEntry

pkiCertEntry 1.3.6.1.4.1.838.3.24.1.5.1
The attributes that make up a single certificate.
OBJECT-TYPE    
  PkiCertEntry  

pkiCertIndex 1.3.6.1.4.1.838.3.24.1.5.1.1
The unique index for this certificate.
OBJECT-TYPE    
  Integer32  

pkiCertSubjNames 1.3.6.1.4.1.838.3.24.1.5.1.2
The subject name(s) of the network entity or user being certified. The certificate's subject name can consist of multiple names including distinguished name fields, IP Address, domain name, etc. This object concatenates all these names into one string.
OBJECT-TYPE    
  DisplayString  

pkiCertIssuerNames 1.3.6.1.4.1.838.3.24.1.5.1.3
The name(s) of the certificate authority which issued this certificate. The certificate's issuer name can consist of multiple names including distinguished name fields, IP Address, domain name, etc. This object concatenates all these names into one string.
OBJECT-TYPE    
  DisplayString  

pkiCertKeyPair 1.3.6.1.4.1.838.3.24.1.5.1.4
This system's public/private keypair associated with this certificate. If the certificate is not for this gateway, the object will be a zero length string.
OBJECT-TYPE    
  PkiKeyPairName  

pkiCertType 1.3.6.1.4.1.838.3.24.1.5.1.5
The type of certificate.
OBJECT-TYPE    
  PkiCertType  

pkiCertSerialNum 1.3.6.1.4.1.838.3.24.1.5.1.6
The serial number for this certificate.
OBJECT-TYPE    
  DisplayString  

pkiCertValidNotBefore 1.3.6.1.4.1.838.3.24.1.5.1.7
The start of the validity period for this certificate.
OBJECT-TYPE    
  DisplayString  

pkiCertValidNotAfter 1.3.6.1.4.1.838.3.24.1.5.1.8
The end of the validity period for this certificate.
OBJECT-TYPE    
  DisplayString  

pkiCertCreation 1.3.6.1.4.1.838.3.24.1.5.1.9
Specifies how the certificate was obtained. If a dynamic certificate is modified via network management, it becomes 'static'.
OBJECT-TYPE    
  INTEGER static(1), dynamic(2)  

pkiCertCertAuthority 1.3.6.1.4.1.838.3.24.1.5.1.10
Indicates whether or not this certificate is for a Certificate Authority.
OBJECT-TYPE    
  TruthValue  

pkiCertCrlIssuer 1.3.6.1.4.1.838.3.24.1.5.1.11
Certificate Authorities periodically issue Certificate Revocation Lists (CRLs) for certificates which have been revoked. Certificates issued by a CA need to be checked against a current CRL issued by the CA, otherwise they cannot be trusted. By default, all CA's are considered CRL issuers. Disabling this object disables CRL checking when computing trust for subordinate certificates.
OBJECT-TYPE    
  TruthValue  

pkiCertTrustStatus 1.3.6.1.4.1.838.3.24.1.5.1.12
The certificate's current trust status. If the trust computation succeeds, it will be 'trusted(0)' otherwise this object will give the set of errors detected while computing the trust status for this certificate. To be trusted(0), all issuer certificates in the chain must be trusted. Note that when a self signed root certificate is added, the trustStatus remains 'untrustedRoot(7)' until it is manually set trusted via pkiCertForceTrusted. This gives the administrator the opportunity to view and verify a root certificate before it is used to verify subordinate certificates.
OBJECT-TYPE    
  BIT STRING trusted(0), computing(1), noIssuer(2), issuerUntrusted(3), noIssuerCRL(4), revoked(5), pathLengthExceeded(6), validityPeriod(7), signatureCheck(8), untrustedRoot(9)  

pkiCertForceTrusted 1.3.6.1.4.1.838.3.24.1.5.1.13
A mechanism whereby the administrator can set any certificate trusted. Enabling 'forceTrusted' will set the certificate trusted for it's entire validity period and if it's a CA certificate may result in subordinate certificates becoming trusted. Note that 'forceTrusted' must be set enabled for root certificates.
OBJECT-TYPE    
  TruthValue  

pkiCertSubjPubKeyAlgorithm 1.3.6.1.4.1.838.3.24.1.5.1.14
The subject's public key algorithm.
OBJECT-TYPE    
  DisplayString  

pkiCertSignatureAlgorithm 1.3.6.1.4.1.838.3.24.1.5.1.15
The algorithm used to sign the certificate.
OBJECT-TYPE    
  DisplayString  

pkiCertSignature 1.3.6.1.4.1.838.3.24.1.5.1.16
The certificate's digital signature. After loading a CA certificate, it is recommended that this value be checked against the CA certificate signature to verify that the certificate was not compromised in transit.
OBJECT-TYPE    
  OCTET STRING  

pkiCertRemove 1.3.6.1.4.1.838.3.24.1.5.1.17
This object is used to delete certificates.
OBJECT-TYPE    
  INTEGER ready(1), execute(2)  

pkiNewCrl 1.3.6.1.4.1.838.3.24.1.6
X.509 Certificate Revocation list generated by a Certificate Authority in base64/PEM format. This object provides a manual mechanism for the administrator to load static CRLS into the pkiCrlTable. When this object is written, the system parses the CRL and loads it into the local CRL database as a static entry.
OBJECT-TYPE    
  PemString  

pkiCrlTable 1.3.6.1.4.1.838.3.24.1.7
This table contains the CRLs in the system's local database including static CRLs loaded via network management and dynamic CRLs retrieved from operational protocols such as LDAP.
OBJECT-TYPE    
  SEQUENCE OF  
    PkiCrlEntry

pkiCrlEntry 1.3.6.1.4.1.838.3.24.1.7.1
The attributes that make up a single CRL.
OBJECT-TYPE    
  PkiCrlEntry  

pkiCrlIndex 1.3.6.1.4.1.838.3.24.1.7.1.1
The unique index for this CRL.
OBJECT-TYPE    
  Integer32  

pkiCrlIssuerNames 1.3.6.1.4.1.838.3.24.1.7.1.2
The name(s) of the certificate authority which issued this CRL. The CRL's issuer name can consist of multiple names including distinguished name fields, IP Address, domain name, etc. This object concatenates all these names into one string.
OBJECT-TYPE    
  DisplayString  

pkiCrlNumber 1.3.6.1.4.1.838.3.24.1.7.1.3
The CRL number which is unique for all CRLs issued by a particular CA.
OBJECT-TYPE    
  DisplayString  

pkiCrlType 1.3.6.1.4.1.838.3.24.1.7.1.4
The type of certificates in the CRL.
OBJECT-TYPE    
  PkiCertType  

pkiCrlUpdateTime 1.3.6.1.4.1.838.3.24.1.7.1.5
The time when this CRL was updated.
OBJECT-TYPE    
  DisplayString  

pkiCrlNextUpdateTime 1.3.6.1.4.1.838.3.24.1.7.1.6
The time when this CRL will be updated next.
OBJECT-TYPE    
  DisplayString  

pkiCrlTrustStatus 1.3.6.1.4.1.838.3.24.1.7.1.7
The CRL's current trust status. If the trust computation succeeds, it will be 'trusted(0)' otherwise this object will give the set of errors detected while computing the trust status for this CRL. To be trusted, all issuer certificates in the chain must be trusted.
OBJECT-TYPE    
  BIT STRING trusted(0), noIssuer(1), issuerUntrusted(2), validityPeriod(3), updateDue(4), signatureCheck(5)  

pkiCrlCreation 1.3.6.1.4.1.838.3.24.1.7.1.8
Specifies how the CRL was obtained. If a dynamic CRL is modified via network management, it becomes 'static'.
OBJECT-TYPE    
  INTEGER static(1), dynamic(2)  

pkiCrlRevokedCerts 1.3.6.1.4.1.838.3.24.1.7.1.9
The number of revoked certificates in this CRL.
OBJECT-TYPE    
  Gauge32  

pkiCrlRemove 1.3.6.1.4.1.838.3.24.1.7.1.10
This object is used to delete CRLs.
OBJECT-TYPE    
  INTEGER ready(1), execute(2)  

pkiCrlCertTable 1.3.6.1.4.1.838.3.24.1.8
This table contains the list of revoked certificates from CRLs in the pkiCrlTable.
OBJECT-TYPE    
  SEQUENCE OF  
    PkiCrlCertEntry

pkiCrlCertEntry 1.3.6.1.4.1.838.3.24.1.8.1
A revoked certificate entry from a CRL.
OBJECT-TYPE    
  PkiCrlCertEntry  

pkiCrlCertIndex 1.3.6.1.4.1.838.3.24.1.8.1.1
The unique index for this CRL certificate.
OBJECT-TYPE    
  Integer32  

pkiCrlCertSerialNumber 1.3.6.1.4.1.838.3.24.1.8.1.2
The serial number for the revoked certificate.
OBJECT-TYPE    
  DisplayString  

pkiCrlCertRevokedDate 1.3.6.1.4.1.838.3.24.1.8.1.3
The date and time at which the certificate was revoked.
OBJECT-TYPE    
  DisplayString  

pkiCrlCertInvalidDate 1.3.6.1.4.1.838.3.24.1.8.1.4
The date and time at which the certificate becomes invalid.
OBJECT-TYPE    
  DisplayString  

pkiCrlCertIssuerNames 1.3.6.1.4.1.838.3.24.1.8.1.5
The name(s) of the certificate authority which revoked the certificate. The certificate's issuer name can consist of multiple names including distinguished name fields, IP Address, domain name, etc. This object concatenates all these names into one string.
OBJECT-TYPE    
  DisplayString  

pkiCompliances 1.3.6.1.4.1.838.3.24.2.1
OBJECT IDENTIFIER    

pkiGroups 1.3.6.1.4.1.838.3.24.2.2
OBJECT IDENTIFIER    

pkiCompliance 1.3.6.1.4.1.838.3.24.2.1.1
The compliance statement for all agents that support this MIB. A compliant agent implements all objects defined in this MIB.
MODULE-COMPLIANCE    

pkiAllGroup 1.3.6.1.4.1.838.3.24.2.2.1
The set of all accessible objects in this MIB.
OBJECT-GROUP