XEDIA-PKI-MIB: View SNMP OID List / Download MIB

This module defines objects for management of Xedias Public Key Infrastructure subsystem.

This object is used to specify the format of the subject name(s) for this system in PKI certificates and requests. There are multiple options for forming the subjects distinguished name. distNameFromLDAP(0) will use the systems LDAP directory name. distNameFromRtrAddr(1) will use the systems router IP address. If both options are disabled, then the pkiSubjDistName is set explicitly by the administrator. Default is distNameFromRtrAddr(1). The incIpAddrExt(3) option specifies that the systems router IP address (if configured) should be included as a subject alternate name extension in certificate requests. By default, this option is enabled. The incFQDomainNameExt(4) option specifies that the systems fully qualified domain name (if configured) should be included as a subject alternate name extension in certificate requests. By default, this option is enabled.

The X500 distinguished name for this system. This name corresponds to the subject name in this gateways certificates and requests. For example: C=US, O=Xedia Corp, CN=198.202.232.217 This object can be set explicitly or may reflect the systems LDAP or router address as specified by pkiSubjNameFormat.

The name of the LDAP Server used as the default Certificate and CRL repository. This may be in the form of a DNS or IP address with an optional port number specified after a colon. For example: ldap.xedia.com 198.202.232.121 ldap.xedia.com:389 198.202.232.121:389 When this object is set to a valid server, LDAP is automatically enabled as a PKI certificate and CRL retrieval mechanism. If cleared, LDAP is disabled for PKI purposes.

The PKI key pair table is used to administer public/private key pairs for this system.

The attributes of a single PKI Key Pair. Note that a PkiKeyPairEntry cannot be modified if referenced by a PkiCertRqstEntry.

The administrative name given to the key pair.

The algorithm used to generate the key pair.

The length of the public key in bits. For RSA keys, the valid range is 512 to 2048, and the default is 1024. For DSS keys, the valid range is 512 to 1024, and the default is 1024.

This object is used to create and delete entries in this table.

The PKI key pair table is used to administer PKCS #10 certificate requests for this system.

The attributes of a single PKCS #10 certificate request.

The systems public key included in this certificate request. This object references an entry in the pkiKeyPairTable.

The signature algorithm used to sign the public key information in this certificate request. For both RSA and DSA key pairs, the hash will default to SHA-1.

The signature of the certificate request. After the certificate request is tranported to the CA, many CAs display the certificate request signature and suggest that it is checked against the signature on the generating system.

The full ANS.1 DER encoded PKCS #10 certificate request in PEM/base64 format. This object may be manually cut and pasted over to the certificate authority for X.509 certificate generation.

X.509 Certificate generated by a Certificate Authority based on the pkiPublicKeyCertRequest information in base64/PEM format. This object provides a manual mechanism for the administrator to load static certificates into the pkiCertTable. When this object is written, the system parses the certificate and loads it into the local certificate database as a static entry.

This table contains the certificates in the systems local database including static certificates loaded via network management and dynamic certificates retrieved from certificate operational protocols such as LDAP.

The attributes that make up a single certificate.

The unique index for this certificate.

The subject name(s) of the network entity or user being certified. The certificates subject name can consist of multiple names including distinguished name fields, IP Address, domain name, etc. This object concatenates all these names into one string.

The name(s) of the certificate authority which issued this certificate. The certificates issuer name can consist of multiple names including distinguished name fields, IP Address, domain name, etc. This object concatenates all these names into one string.

This systems public/private keypair associated with this certificate. If the certificate is not for this gateway, the object will be a zero length string.

The type of certificate.

The serial number for this certificate.

The start of the validity period for this certificate.

The end of the validity period for this certificate.

Specifies how the certificate was obtained. If a dynamic certificate is modified via network management, it becomes static.

Indicates whether or not this certificate is for a Certificate Authority.

Certificate Authorities periodically issue Certificate Revocation Lists (CRLs) for certificates which have been revoked. Certificates issued by a CA need to be checked against a current CRL issued by the CA, otherwise they cannot be trusted. By default, all CAs are considered CRL issuers. Disabling this object disables CRL checking when computing trust for subordinate certificates.

The certificates current trust status. If the trust computation succeeds, it will be trusted(0) otherwise this object will give the set of errors detected while computing the trust status for this certificate. To be trusted(0), all issuer certificates in the chain must be trusted. Note that when a self signed root certificate is added, the trustStatus remains untrustedRoot(7) until it is manually set trusted via pkiCertForceTrusted. This gives the administrator the opportunity to view and verify a root certificate before it is used to verify subordinate certificates.

A mechanism whereby the administrator can set any certificate trusted. Enabling forceTrusted will set the certificate trusted for its entire validity period and if its a CA certificate may result in subordinate certificates becoming trusted. Note that forceTrusted must be set enabled for root certificates.

The subjects public key algorithm.

The algorithm used to sign the certificate.

The certificates digital signature. After loading a CA certificate, it is recommended that this value be checked against the CA certificate signature to verify that the certificate was not compromised in transit.

This object is used to delete certificates.

X.509 Certificate Revocation list generated by a Certificate Authority in base64/PEM format. This object provides a manual mechanism for the administrator to load static CRLS into the pkiCrlTable. When this object is written, the system parses the CRL and loads it into the local CRL database as a static entry.

This table contains the CRLs in the systems local database including static CRLs loaded via network management and dynamic CRLs retrieved from operational protocols such as LDAP.

The attributes that make up a single CRL.

The unique index for this CRL.

The name(s) of the certificate authority which issued this CRL. The CRLs issuer name can consist of multiple names including distinguished name fields, IP Address, domain name, etc. This object concatenates all these names into one string.

The CRL number which is unique for all CRLs issued by a particular CA.

The type of certificates in the CRL.

The time when this CRL was updated.

The time when this CRL will be updated next.

The CRLs current trust status. If the trust computation succeeds, it will be trusted(0) otherwise this object will give the set of errors detected while computing the trust status for this CRL. To be trusted, all issuer certificates in the chain must be trusted.

Specifies how the CRL was obtained. If a dynamic CRL is modified via network management, it becomes static.

The number of revoked certificates in this CRL.

This object is used to delete CRLs.

This table contains the list of revoked certificates from CRLs in the pkiCrlTable.

A revoked certificate entry from a CRL.

The unique index for this CRL certificate.

The serial number for the revoked certificate.

The date and time at which the certificate was revoked.

The date and time at which the certificate becomes invalid.

The name(s) of the certificate authority which revoked the certificate. The certificates issuer name can consist of multiple names including distinguished name fields, IP Address, domain name, etc. This object concatenates all these names into one string.

The compliance statement for all agents that support this MIB. A compliant agent implements all objects defined in this MIB.

The set of all accessible objects in this MIB.