CISCO-PKI-MIB

        description

Imported Objects

ciscoMgmt	CISCO-SMI
MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP	SNMPv2-CONF
MODULE-IDENTITY, OBJECT-TYPE, Counter32, NOTIFICATION-TYPE, Integer32, Unsigned32	SNMPv2-SMI
DisplayString, TimeInterval	SNMPv2-TC

Objects

ciscoPkiMIB		.1.3.6.1.4.1.9.9.854
ciscoPkiMIBNotifs		.1.3.6.1.4.1.9.9.854.1
ciscoPkiMIBObjects		.1.3.6.1.4.1.9.9.854.2
ciscoPkiConfiguration		.1.3.6.1.4.1.9.9.854.2.1
ciscoPkiEnrollmentProfile		.1.3.6.1.4.1.9.9.854.2.1.1
ciscoPkiEnrollmentTable		.1.3.6.1.4.1.9.9.854.2.1.1.1
enrollProfEntry	enrollProfLabel	.1.3.6.1.4.1.9.9.854.2.1.1.1.1
enrolLocation	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.10
enrolVrf	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.11
enrolSourceInter	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.12
reenrolMethod	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.13
reenrolLocation	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.14
reenrolVrf	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.15
reenrolSourceInter	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.16
enrollProfLabel	OctetString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.3
enrolCredentials	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.4
authLocation	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.5
authMethod	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.6
authVrf	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.7
authSourceInter	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.8
enrolMethod	OctetString	.1.3.6.1.4.1.9.9.854.2.1.1.1.1.9
ciscoPkiTrustpoints		.1.3.6.1.4.1.9.9.854.2.1.2
pkiTPTable		.1.3.6.1.4.1.9.9.854.2.1.2.1
pkiTPEntry	tpLabel	.1.3.6.1.4.1.9.9.854.2.1.2.1.1
tpLabel	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.1
keyPairLabel	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.10
revocationMethod	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.11
hashAlgo	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.12
trustpointState	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.13
subjectName	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.2
subjectAltName	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.3
aaaListInfo	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.4
enrollmentConfig	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.5
vrfConfig	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.6
sourceInter	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.7
autoEnroll	OctetString	.1.3.6.1.4.1.9.9.854.2.1.2.1.1.8
ciscoPkiCertificates		.1.3.6.1.4.1.9.9.854.2.2
certChainTable		.1.3.6.1.4.1.9.9.854.2.2.1
certChainEntry	certChainLabel	.1.3.6.1.4.1.9.9.854.2.2.1.1
certChainLabel	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.1
certSerialNum	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.2
certIssuerName	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.3
certStartDate	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.4
certEndDate	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.5
certType	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.6
certRemainingLife	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.7
certTpLabel	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.8
certSubName	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.2.1.1.9
ciscoPkiRevocationInfo		.1.3.6.1.4.1.9.9.854.2.3
ciscoPkiCRLInfo		.1.3.6.1.4.1.9.9.854.2.3.1
pkiCRLTable		.1.3.6.1.4.1.9.9.854.2.3.1.1
pkiCRLEntry	crlTpLabel	.1.3.6.1.4.1.9.9.854.2.3.1.1.1
crlTpLabel	SNMPv2-TCDisplayString	.1.3.6.1.4.1.9.9.854.2.3.1.1.1.1
issuerName	OctetString	.1.3.6.1.4.1.9.9.854.2.3.1.1.1.2
sequenceNumb	OctetString	.1.3.6.1.4.1.9.9.854.2.3.1.1.1.3
nextUpdate	OctetString	.1.3.6.1.4.1.9.9.854.2.3.1.1.1.4
crlSize	Unsigned32	.1.3.6.1.4.1.9.9.854.2.3.1.1.1.5
deltaCRLFlag	Unsigned32	.1.3.6.1.4.1.9.9.854.2.3.1.1.1.6
ciscoPkiOSCPInfo		.1.3.6.1.4.1.9.9.854.2.3.2
pkiOCSPTable		.1.3.6.1.4.1.9.9.854.2.3.2.1
pkiOCSPEntry	ocspTpLabel	.1.3.6.1.4.1.9.9.854.2.3.2.1.1
ocspTpLabel	OctetString	.1.3.6.1.4.1.9.9.854.2.3.2.1.1.1
responderID	OctetString	.1.3.6.1.4.1.9.9.854.2.3.2.1.1.2
thisUpdate	OctetString	.1.3.6.1.4.1.9.9.854.2.3.2.1.1.3
nexUpdate	OctetString	.1.3.6.1.4.1.9.9.854.2.3.2.1.1.4
ciscoPkiMIBConform		.1.3.6.1.4.1.9.9.854.3
ciscoPkiMIBCompliances		.1.3.6.1.4.1.9.9.854.3.1
ciscoPkiMIBGroups		.1.3.6.1.4.1.9.9.854.3.2

Notifications/Traps

Name	OID	Description
ciscoPkiCertInstallAlert certSerialNum certIssuerName certStartDate certEndDate certType certTpLabel certSubName	.1.3.6.1.4.1.9.9.854.1.1	tificate is installed on the device, notification will be sent with following information. a) Certificates Serial number b) Certificate Issuer-name c) Certificate Subject name d) Trustpoint name e) Type of certificate. (i.e. CA/ID) certificate f) Certificate Start Date g) Certificate End Date Alert will not be sent for RA certificates, trustpool certificates and self-signed non-persistent certificates.
ciscoPkiCertExpiryAlert certSerialNum certSubName certIssuerName certType certTpLabel certRemainingLife	.1.3.6.1.4.1.9.9.854.1.2	e Expiry alert consists of following a) Certificate Serial number b) Certificate Issuer-name c) Trustpoint name d) Type of certificate (i.e. CA/ID/SUBCA/RA) e) Certificate remaining lifetime in seconds. f) Certificate subject-name When a certificate is reaching its expiry on the router, a trap will be sent to SNMP server at regular intervals starting from 60days to till 1week. From 1week onwards daily one trap will be sent with following information a) Certificate Serial number b) Certificate Issuer-name c) Trustpoint name d) Type of certificate (i.e. CA/ID) e) Certificate remaining lifetime. Alert will not be sent if trustpoint is configured with auto-enroll and corresponding shadow certificate/rollover certificate is present provided, shadow/rollover certificates start time is same/behind certificate end time. If shadow/rollover certificate start time is ahead of certificate end time, alerts will be continued to send because shadow certificate wont be valid from certificates expiry time. Expiry alerts will not be sent for trustpool certificates.

Name

OID

Description

ciscoPkiCertInstallAlert
certSerialNum
certIssuerName
certStartDate
certEndDate
certType
certTpLabel
certSubName

.1.3.6.1.4.1.9.9.854.1.1

tificate is installed on the device, notification
will be sent with following information.
          
a)   Certificates Serial number
b)   Certificate Issuer-name
c)   Certificate Subject name
d)   Trustpoint name
e)   Type of certificate. (i.e. CA/ID) certificate
f)   Certificate Start Date
g)   Certificate End Date
          
Alert will not be sent for RA certificates, trustpool
certificates and self-signed non-persistent certificates.

ciscoPkiCertExpiryAlert
certSerialNum
certSubName
certIssuerName
certType
certTpLabel
certRemainingLife

.1.3.6.1.4.1.9.9.854.1.2

e Expiry alert consists of following
a)   Certificate Serial number
b)   Certificate Issuer-name
c)   Trustpoint name
d)   Type of certificate (i.e. CA/ID/SUBCA/RA)
e)   Certificate remaining lifetime in seconds.
f)   Certificate subject-name
          
When a certificate is reaching its expiry on the router, a trap
will be sent to SNMP server at regular intervals starting from
60days to till 1week. From 1week onwards daily one trap will be
sent with
following information
          
a)   Certificate Serial number
b)   Certificate Issuer-name
c)   Trustpoint name
d)   Type of certificate (i.e. CA/ID)
e)   Certificate remaining lifetime.
          
Alert will not be sent if trustpoint is configured with
auto-enroll and corresponding shadow certificate/rollover
certificate is present provided, shadow/rollover certificates
start time is same/behind certificate end time.
          
If shadow/rollover certificate start time is ahead of
certificate end time, alerts will be continued to send because
shadow certificate wont be valid from certificates expiry
time.
          
Expiry alerts will not be sent for trustpool certificates.