CISCO-PKI-PARTICIPATION-MIB Download
A networking device may provide several security services
and protocols like SSL, SSH, IPSec/IKE etc. which need
identities in the form of X509 certificates. The device
uses these certificates (called identity certificates) to
authenticate itself to various clients communicating with
the device using these protocols and also to provide other
protection for the communication like confidentiality,
integrity and non-repudiation. In addition, the device may
need to authenticate the clients which involves, among
other things, verifying the certificates presented by the
clients (peer certificates) during the protocol exchanges.
The certificate verification, in turn, involves the
certificate revocation status checking and the certificate
signature verification. This MIB applies to the public key
infrastructure (PKI) participation feature which enables a
networking device to participate in one or more PKI
services (also called Certificate Authorities) enabling
it to obtain one or more X509 identity certificates for
its own use as well as to verify peer certificates.
This MIB organizes the various certificates, key-pairs and
Certificate Authority related information into the tables:
the trustpoint table for certificate and CA information
and a key-pair table for the key-pair information for each
type of key-pair such as RSA, DSA etc. An entry in the
trustpoint table corresponds to a trusted CA for obtaining
an identity certificate from and also for verifying the
peer certificates issued by that CA. The entry contains
information about the CA certificate, the identity
certificate - if obtained - from the CA, the corresponding
key-pair from a key-pair table (for which the identity
certificate was obtained) and the information needed for
revocation checking of certitifates issued by the CA.
For each type (RSA, DSA etc.) of key-pair supported by the
device, a key-pair table is present and contains an entry
for each key-pair of that type present in the device. This
allows future expansion of the MIB to support additional
key-pair types (currently only RSA key-pair is supported).
As seen above, a key-pair entry from a key-pair table can
be associated to an entry in the trustpoint table. A key-
pair entry can be associated to multiple trustpoint table
entries but not vice versa.
IPHost Network Monitor offer an easy way of SNMP monitoring your Cisco Servers, Routers, Switches, Bridges,
Firewalls, Repeaters.
OID list for CISCO-PKI-PARTICIPATION-MIB
- cpkiRSAKeyPairTable
- A list of RSA key-pair entries.
- cpkiRSAKeyPairEntry
- The RSA key-pair entry. The entry specifies the key-pair name, size, whether it is exportable and the filename where the key-pair is stored. Each entry corresponds to a RSA key-pair generated internally in the device or imported from outside. When a new e ...
- cpkiRSAKeyPairId
- A unique identification nubmer of the RSA key-pair. This is included to support ordered lists of RSA key-pairs when needed. One such scenario where such ordered list may be needed is for per application configuration of key-pairs.
- cpkiRSAKeyPairSize
- The size of the key. The following modulus sizes are defined: 512-bit, 768-bit, 1024-bit, 1536-bit and 2048-bit. Once created, the size cannot be changed. After key-pair has been deleted through row deletion, the entry can be created again with another si ...
- cpkiRSAKeyPairExportable
- The key-pair is exportable through the 'exportpkcs12' PKI support action. Once created, the exportable flag value cannot be changed. After key-pair has been deleted through row deletion, the entry can be created again with another value for the exportable ...
- cpkiRSAKeyPairStorageType
- The storage type for this conceptual row.
- cpkiRSAKeyPairConfigRowStatus
- The conceptual row status of the key-pair entry. Deleting an entry through row delete will fail if the entry is being pointed to from an instance from cpkiTrustPointTable. The objects in the entry may not be modified while the value of this object is acti ...
- cpkiTrustPointTable
- A list of trustpoint, associated key-pair, certificates and revocation checking configuration entries. The table also provides control, actions, current operating state information and last action result information for the certificate work-flow if being ...
- cpkiTrustPointEntry
- The trustpoint configuration entry. This entry specifies the trustpoint name, the associated key-pair index, the identity certificate filename, some important attributes in the identity certificate and the issuer (CA) certificate filename and important at ...
- cpkiTrustPointId
- A unique identification number of the trustpoint. This is included to support ordered lists of trustpoints when needed. One such scenario where such ordered list may be needed is for per application configuration of trustpoints for certificate selection
- cpkiKeyPairName
- The name of the associated key-pair from a key-pair table. If a key-pair is not yet associated, the value of this object will be a zero length string. If a key-pair is already associated, it can be modified only if the identity certificate is absent as in ...
- cpkiIdCertFileName
- The name of the file storing the identity certificate. It is a unix style '/' seperated string representing the absolute path of the file in the file system of the device. If there is no identity certificate obtained as yet, the value of this object will ...
- cpkiIdCertSubjectName
- The subject name of the identity certificate. If there is no certificate (as indicated by a zero length string value of the object cpkiIdCertFileName) or no subject name in the certificate, the value of this object will be a zero length string.
- cpkiIdCertSerialNum
- The serial number of the identity certificate. If there is no certificate (as indicated by a zero length string value of the object cpkiIdCertFileName), the value of this object will be a zero length string.
- cpkiIdCertStartDate
- The time when the identity certificate starts to be valid, corresponding to the notBefore field in the certificate. If there is no certificate (as indicated by a zero length string value of the object cpkiIdCertFileName), the value of this object will be ...
- cpkiIdCertEndDate
- The time when the identity certificate validity ends, corresponding to the notAfter field in the certificate. If there is no certificate (as indicated by the zero length string value of the object cpkiIdCertFileName), the value of this object will be a ze ...
- cpkiIdCertFingerPrint
- The MD5 fingerprint of the identity certificate in HEX string format. If there is no certificate (as indicated by a zero length string value of the object cpkiIdCertFileName), the value of this object will be a zero length string.
- cpkiIssuerCertFileName
- The name of the file storing the issuer certificate. It is a unix style '/' seperated string representing the absolute path of the file in the file system of the device. If there is no issuer certificate obtained yet, the value of this object will be a ze ...
- cpkiIssuerCertSubjectName
- The issuer name (subject name in issuer certificate which will be the same as the issuer name in the identity certificate if present). If there is no certificate (as indicated by a zero length string value of the object cpkiIssuerCertFileName), the value ...
- cpkiIssuerCertSerialNum
- The serial number of the issuer certificate. If there is no certificate (as indicated by a zero length string value of the object cpkiIssuerCertFileName), the value will be a zero length string.
- cpkiIssuerCertStartDate
- The time when the issuer certificate starts to be valid, corresponding to the notBefore field in the certificate. If there is no certificate (as indicated by a zero length string value of the object cpkiIssuerCertFileName), the value will be a zero length ...
- cpkiIssuerCertEndDate
- The time when the issuer certificate validity ends, corresponding to the notAfter field on in the certificate. If there is no certificate (as indicated by a zero length string value of the object cpkiIssuerCertFileName), the value will be a zero length st ...
- cpkiIssuerCertFingerPrint
- The MD5 fingerprint of the issuer's certificate in HEX string format. If there is no certificate (as indicated by a zero length string value of cpkiIssuerCertFileName), the value of this object will be a zero length string.
- cpkiRevokeCheckMethods
- Revocation checking methods list which is an ordered list of certificate revocation checking methods to be employed while verifying peer certificates issued by the CA corresponding to this trust point entry. The value of this object is a ordered list of o ...
- cpkiOCSPurl
- The contact http url of the external OCSP server for certificate revocation checking using OCSP protocol. The default value of this object (after row creation) is a zero length string
- cpkiAction
- The PKI support action to be triggered for this trustpoint entry. The PKI support actions are steps in the certificate work-flow used to facilitate the configuration of the RSAkey-pair, identity certificate and CA certificates in a trustpoint. A PKI suppo ...
- cpkiLastActionResult
- The result of the execution of the last PKI support action (represented by the value of cpkiLastAction). When the value of this object is 'inProgress', an attempt to set the value of cpkiAction object will return inConsistentError. ::= { cpkiTrustPointEnt ...
- cpkiTrustPointConfigRowStatus
- The conceptual row status of the trustpoint entry. After row creation, the value of this object will become active(1) as there is no prerequisite of certain objects to be set to make this object active. The various read-only objects of the row can be popu ...
Download IPHost Network Monitor (500 monitors for 30 days, 50 monitors free forever) to start monitoring network devices right now.
