-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


-- (C)opyright 1999-2014 bintec elmeg GmbH
-- $RCSfile: mib-cert,v $ 
-- $Revision: 1.8 $ 

FEC-CERT-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, enterprises, 
    snmpModules, mib-2
        FROM SNMPv2-SMI
    DisplayString, TestAndIncr, TimeStamp
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF
    Date, HexValue
        FROM BINTEC-MIB
    ipsec
	FROM BINTEC-MIB;

    -- Management Information for the IPSec Subsystem of the BIANCA/BRICK, 
    
---------------------------------------------------------------------------

certMIB MODULE-IDENTITY
    LAST-UPDATED "201405210000Z"
    ORGANIZATION "bintec elmeg GmbH"
    CONTACT-INFO "EMail:   info@bintec-elmeg.com
                  Web:     www.bintec-elmeg.com"
    DESCRIPTION  "Management Information for the Certificate Management
    		  Subsystem"

    ::= { ipsec 251 }

---------------------------------------------------------------------------

    -- Management Information for the Certificate Management Subsystem of the 
    -- BIANCA/BRICK, belongs to the IPSec Group.

	cert   OBJECT IDENTIFIER ::= { ipsec 33 }

-- Global Settings for Certificate Management

	certGlobals OBJECT IDENTIFIER  ::= { cert 1 }
	--Static table containing global settings for the certificate management


	certGlobHttpProxy OBJECT-TYPE
	    SYNTAX DisplayString
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the HTTP proxy server which must be used
		 to access the HTTP certificate servers defined. It takes either
		 an IP-address or a fully qualified domain name."
            DEFVAL { "" }
	::= { certGlobals 1 }


	certGlobSocksServer OBJECT-TYPE
	    SYNTAX DisplayString
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the SOCKS server which must be used to
		 access the HTTP and LDAP certificate servers defined. It takes
		 either an IP-address or a fully qualified domain name."
            DEFVAL { "" }
	::= { certGlobals 2 }

	certGlobMaxCacheEntries OBJECT-TYPE
	    SYNTAX INTEGER (64..8192)
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum number of certificate-cache
		 entries allowed."
	    DEFVAL { 64 }
	::= { certGlobals 3 }

	certGlobMaxPathLength OBJECT-TYPE
	    SYNTAX INTEGER (1..1024)
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum number of CA certificates 
		 accepted for certificate chains from a trusted root 
		 certificate to a peer certificate."
	    DEFVAL { 1024 }
	::= { certGlobals 4 }

	certGlobMaxRestarts OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum number of restarts in one
		 certificate search."
	    DEFVAL { 10 }
	::= { certGlobals 5 }

	certGlobMaxCertValidity OBJECT-TYPE
	    SYNTAX INTEGER
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum validity period of a
		 certificate in seconds. A certificate will not be considered
		 valid for a longer period of time even if its validity
		 field specifies a longer period."
	    DEFVAL { 2592000 }
--                 ( 30 days )
	::= { certGlobals 6 }

	certGlobMaxCrlValidity OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the maximum validity period of a
		 certificate revocation list in seconds. A crl will not be
		 considered valid for a longer period of time even if its
		 validity field specifies a longer period."
	    DEFVAL { 86400 } 
--                 ( 1 day )
	::= { certGlobals 7 }

	certGlobNegCachePeriod OBJECT-TYPE
	    SYNTAX INTEGER (10 .. 16777216)
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the period in seconds a certificate or
		 crl search with a negative result will be remembered. Within
		 this time, no new search will be performed for the same item."
	    DEFVAL { 3600 } 
--                 ( 1 hour )
	::= { certGlobals 8 }

	certGlobPosCachePeriod OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the period in seconds a certificate or
		 crl will be stored in the local certificate cache."
	    DEFVAL { 3600 } 
--                 ( 1 hour )
	::= { certGlobals 9 }

	certGlobLogLevel OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the log level for certificate cache 
		 log events.
		 All messages with a level higher than the value specified here
		 are omitted, zero means no logging at all."
	    DEFVAL { 0 } 
	::= { certGlobals 10 }



-- Table of Certificate Servers

	certServerTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF CertServerEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"The certServerTable contains the list of certificate servers
		 used for certificate and crl requests."
	::= { cert 2 }

	certServerEntry OBJECT-TYPE
            SYNTAX  CertServerEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"A certificate server entry defines the name of a certificate
		 server together with the protocols used to access it."
	    INDEX   {
		certServerPreference
	    }
            ::= { certServerTable 1 }

	CertServerEntry ::=
            SEQUENCE {
		certServerName			DisplayString,
		certServerUrl			DisplayString, 
		certServerPreference		INTEGER,
		certServerType			INTEGER
            }

	certServerName OBJECT-TYPE
	    SYNTAX DisplayString 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "This object specifies the name of a certificate server."
	::= { certServerEntry 1 }

	certServerUrl OBJECT-TYPE
	    SYNTAX DisplayString 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "This object specifies the url used for accessing the
		  certificate server. Syntax:
		  [<scheme>:][//[<user>[:<password>]@]<host>[:<port>]]/[<path>]
		  example: ldap://myname:mypass@ldap.ca.com:389/  ."
	::= { certServerEntry 2 }

	certServerPreference OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "This object specifies the preference of this server
		  with respect to the others. Servers with lower priority 
		  are accessed prior to others."
	::= { certServerEntry 3 }

	certServerType OBJECT-TYPE
	    SYNTAX INTEGER {
	    delete(1), -- mark this entry for deletion
	    server(2)  -- directory server
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "This object specifies the type of the entry and is used to 
		  delete it."
	    DEFVAL { server }
	::= { certServerEntry 4 }

-- End Table of Certificate Servers



-- Table of Certificates

	certTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF CertEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"The certTable contains the list of certificates known to the 
		 system.
		 This includes own certificates, peer certificates, 
		 root CA certificates and intermediate CA certificates, 
		 dynamically loaded as well as manually configured."
	::= { cert 3 }

	certEntry OBJECT-TYPE
            SYNTAX  CertEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"A certEntry contains the description of a certificate."
	    INDEX   {
		certIndex
	    }
            ::= { certTable 1 }

	CertEntry ::=
            SEQUENCE {
	        certIndex		INTEGER, 
		certDescription		DisplayString,
		certIsCA		INTEGER,
		certForceTrusted	INTEGER,
		certNoCrls		INTEGER, 
		certSerialNumber	DisplayString,
		certSubjectName		DisplayString,
		certSubjectAltNames	DisplayString,
		certIssuerName		DisplayString,
		certIssuerAltNames	DisplayString,
		certValidNotBefore	Date,
		certValidNotAfter	Date,
		certUptodate		INTEGER,
		certPubKeyInfo		DisplayString,
		certKeyId	        OCTET STRING, 
		certKeyUsage 	        HexValue,
		certPrivateKey		INTEGER,
		certMD5Fingerprint	OCTET STRING,
		certSHA1Fingerprint	OCTET STRING,
		certSource		INTEGER
            }

	certIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index of this certificate entry.
		 Dynamically loaded certificates are assigned negative indexes."
	::= { certEntry 1 }

	certDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the name of the X.509 Certificate."
	::= { certEntry 2 }

	certIsCA OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- Globally trusted root certificate
		false(2) 	-- not globally trusted root certificate
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object determines if the entry specifies a globally 
		 trusted root certificate.
		  Possible Values:
		    true(1), 	-- Globally trusted root certificate
		    false(2) 	-- not globally trusted root certificate."
	DEFVAL { false }
	::= { certEntry 3 }

	certForceTrusted OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- Disable any validity checks
		false(2) 	-- Run validity checks as far as configured
				-- otherwise.
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies if the certificate is trusted without any
		 further validity check.
		  Possible Values:
		   true(1), 	-- Disable any validity checks
		   false(2) 	-- Run validity checks as far as configured
				-- otherwise."
	DEFVAL { false }
	::= { certEntry 4 }

	certNoCrls OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- do not check for certificate revocation 
				-- lists for this CA (no meaning for non-CA 
				-- certificates)
		false(2), 	-- check for certificate revocation 
				-- lists for this CA
		auto(3),	-- check for crls only if there is a 
				-- CRLDistributionPoint in the certificate
		inherit(4)	-- inherit from superior ca in chain
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object determines how CRL checking is performed 
		 for this certificate.
		  Possible Values:
		   true(1), 	-- do not check for certificate revocation 
				-- lists for this CA (no meaning for non-CA 
				-- certificates)
		   false(2), 	-- check for certificate revocation 
				-- lists for this CA (no meaning for non-CA 
				-- certificates)
		   auto(3),	-- check for crls only if there is a 
				-- CRLDistributionPoint in the certificate
		   inherit(4),	-- inherit from superior ca in chain."
	DEFVAL { auto }
	::= { certEntry 5 }

	certSerialNumber OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the serial number of the certificate."
	::= { certEntry 6 }

	certSubjectName OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the subject name of the certificate."
	::= { certEntry 7 }

	certSubjectAltNames OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the subject alternative names of the 
		 certificate."
	::= { certEntry 8 }

	certIssuerName OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the name of the certificate authority 
		 which issued the certificate."
	::= { certEntry 9 }

	certIssuerAltNames OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the alternative names of the certificate
		 authority which issued the certificate."
	::= { certEntry 10 }

	certValidNotBefore OBJECT-TYPE
	    SYNTAX Date
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the beginning of the validity period
		 of the certificate (GMT)."
	::= { certEntry 15 }

	certValidNotAfter OBJECT-TYPE
	    SYNTAX Date
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the end of the validity period
		 of the certificate (GMT)."
	::= { certEntry 16 }

	certUptodate OBJECT-TYPE
	    SYNTAX INTEGER (0..100)
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The remaining up-to-dateness of the certificate in percent.
		 0 means certificate is no more valid.
		 100 means certificate is not yet valid, but will be valid
		 in future.
		 This variable is updated every 24 hours."
	::= { certEntry 27 }

	certPubKeyInfo OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the properties of the public key 
		 certified in this certificate. 
		 These are the algorithm for which the key is used
		 and its length."
	::= { certEntry 12 }

	certKeyId OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the key id as contained in the extensions
		 of the certificate, if any."
	::= { certEntry 13 }

	certKeyUsage OBJECT-TYPE
	    SYNTAX HexValue
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the key usage flags contained 
		 in the extensions of the certificate, if any.
		 The flags are:
                  EncipherOnly       0x00000001
                  CrlSign            0x00000002
                  KeyCertSign        0x00000004
                  KeyAgreement       0x00000008
                  DataEncipherment   0x00000010
                  KeyEncipherment    0x00000020
                  NonRepudiation     0x00000040
                  DigitalSignature   0x00000080
                  DecipherOnly       0x00010000"
	::= { certEntry 17 }

	certPrivateKey OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the index of the private key from the 
		 ipsecPublicKeyTable corresponding to the public key 
		 contained in this certificate.
		 If this object is zero, there is no private key available
	 	 for this certificate."
	::= { certEntry 14 }

	certMD5Fingerprint OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the fingerprint of the certificate
		 computed as an MD5 hash of the DER encoded binary certificate.
		 Compare this object against an externally retrieved MD5
		 fingerprint (e.g. published on a CA's web site) to assure
		 the authenticity of the certificate."
	::= { certEntry 24 }

	certSHA1Fingerprint OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the fingerprint of the certificate
		 computed as an SHA1 hash of the DER encoded binary certificate.
		 Compare this object against an externally retrieved SHA1
		 fingerprint (e.g. published on a CA's web site) to assure
		 the authenticity of the certificate."
	::= { certEntry 25 }

	certSource OBJECT-TYPE
	    SYNTAX INTEGER {
		config(1),	-- statically configured
		ike(2),		-- received inline with IKE negotiation
		ldap(3),	-- retrieved via LDAP
		http(4)		-- retrieved via HTTP
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"This object shows the instance which created the certificate."
	    DEFVAL { config }
	::= { certEntry 26 }


-- End Table of Certificates



-- Table of Certificate Revocation Lists

	certRevListTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF CertRevListEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"The certRevListTable contains the dynamic list of certificate
		 revocation lists currently cached by the system."
	::= { cert 6 }

	certRevListEntry OBJECT-TYPE
            SYNTAX  CertRevListEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object describes a certificate revocation list (CRL)
		 currently in the systems dynamic CRL cache."
	    INDEX   {
		certRevListIndex
	    }
            ::= { certRevListTable 1 }

	CertRevListEntry ::=
            SEQUENCE {
		certRevListIndex		INTEGER,
		certRevListDescription		DisplayString, 
		certRevListIssuerName		DisplayString,
		certRevListIssuerAltNames	DisplayString,
		certRevListSerialNumber		DisplayString, 
		certRevListThisUpdate		Date,
		certRevListNextUpdate		Date,
		certRevListNumCerts		INTEGER,
		certRevListSource		INTEGER
            }

	certRevListIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index of this CRL."
	::= { certRevListEntry 1 }

	certRevListDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object specifies the name of the certificate
		 revocation list."
	::= { certRevListEntry 2 }

	certRevListIssuerName OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The name of the certificate authority which issued this CRL."
	::= { certRevListEntry 3 }

	certRevListIssuerAltNames OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The alternative names of the certificate authority which issued
		this CRL."
	::= { certRevListEntry 4 }

	certRevListSerialNumber OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The serial number of the CRL."
	::= { certRevListEntry 5 }

	certRevListThisUpdate OBJECT-TYPE
	    SYNTAX Date
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The beginning of the validity period of CRL (GMT)."
	::= { certRevListEntry 9 }

	certRevListNextUpdate OBJECT-TYPE
	    SYNTAX Date
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The end of the validity period of the CRL (GMT)."
	::= { certRevListEntry 10 }

	certRevListNumCerts OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of certificates contained in the CRL defined by this
		entry."
	::= { certRevListEntry 7 }

	certRevListSource OBJECT-TYPE
	    SYNTAX INTEGER {
		config(1),	-- statically configured
		ike(2),		-- received inline with IKE negotiation
		ldap(3),	-- retrieved via LDAP
		http(4)		-- retrieved via HTTP
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The instance which created this crl."
	    DEFVAL { config }
	::= { certRevListEntry 8 }

-- End Table of Certificate Revocation Lists


-- Certificate Management Table

	certMgmtTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF CertMgmtEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"The certMgmtTable provides MIB access to the machines
		 certificate management functions. These are certificate
		 download/upload, creation ofd certificate requests and
		 automatic certificate enrollment."
	::= { cert 7 }

	certMgmtEntry OBJECT-TYPE
            SYNTAX  CertMgmtEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object specifies a task in the systems certMgmtTable.
		 The system automatically deletes all tasks which have been 
		 finished except the most recent one."
	    INDEX   {
		certMgmtCommand
	    }
        ::= { certMgmtTable 1 }

	CertMgmtEntry ::=
            SEQUENCE {
		certMgmtIndex	  		INTEGER, 
		certMgmtCommand  		INTEGER, 
		certMgmtUrl	   		DisplayString, 
		certMgmtCertName   		DisplayString, 
		certMgmtSubjectName		DisplayString, 
		certMgmtSubjectAltName		DisplayString, 
		certMgmtSubjectAltName2		DisplayString, 
		certMgmtSubjectAltName3		DisplayString, 
		certMgmtKeyIndex		INTEGER, 
		certMgmtCaCertIndex   		INTEGER, 
		certMgmtCaDomain   		DisplayString, 
		certMgmtPassword   		DisplayString, 
		certMgmtAutoSave		INTEGER, 
		certMgmtPollInterval		INTEGER, 
		certMgmtMaxPolls		INTEGER, 
		certMgmtNumPolls		INTEGER, 
		certMgmtState   		INTEGER,
		certMgmtRaSignCertIndex  	INTEGER, 
		certMgmtRaEncryptCertIndex   	INTEGER,
		certMgmtKeyLength		INTEGER,
		certMgmtCaFingerprint		OCTET STRING,
		certMgmtNoCrls  		INTEGER,
		certMgmtAction			INTEGER
            }

	certMgmtIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"A unique index for this entry."
	::= { certMgmtEntry 1 }

	certMgmtCommand OBJECT-TYPE
	    SYNTAX INTEGER {
		getca-scep(1), 	-- Retrieve CA certificate via SCEP
		enroll-scep(2),	-- Enroll using SCEP
		enroll-manual(3), -- Do a manual enrollment
		delete(8)	-- Cancel the task and delete this entry
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The task to perform for this entry.
		 Possible values:
		  getca-scep(1),	-- Retrieve CA certificate via SCEP
		  enroll-scep(2),	-- Enroll using SCEP
		  enroll-manual(3),	-- Do a manual enrollment
		  delete(8)		-- Cancel the task and delete this entry
		"
	    DEFVAL { enroll-scep }
	::= { certMgmtEntry 2 }

	certMgmtUrl OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The url to access for the task."
	::= { certMgmtEntry 3 }

	certMgmtCertName OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The name of the resulting certificate (for certificate
		 retrieval tasks) or the name of the certificate to use
		 (for certificate export tasks."
	::= { certMgmtEntry 4 }

	certMgmtSubjectName OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The subject name to include into the certificate request."
	::= { certMgmtEntry 5 }

	certMgmtSubjectAltName OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The subject alternative name to include into the certificate 
		 request (optional)."
	::= { certMgmtEntry 6 }

	certMgmtSubjectAltName2 OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"A second subject alternative name (optional)."
	::= { certMgmtEntry 7 }

	certMgmtSubjectAltName3 OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"A third subject alternative name (optional)."
	::= { certMgmtEntry 8 }

	certMgmtKeyIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the key in the ipsecPublicKeyTable to use for 
		 certificate enrollment."
	::= { certMgmtEntry 9 }

	certMgmtCaCertIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the CA certificate to use (from the certTable)."
	::= { certMgmtEntry 10 }

	certMgmtCaDomain OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The domain for which the CA certificate is to be received
		 (getca_scep command only)."
	::= { certMgmtEntry 11 }

	certMgmtPassword OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The password (SCEP: challenge password, CMP: <ref-no>:<psk>."
	::= { certMgmtEntry 12 }

	certMgmtAutoSave OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- save pending tasks permanently
		false(2)	-- do notsave tasks permanently
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"Determines if pending requests should be saved permanently
		 after each try and results should be saved permanently after
		 finish."
	    DEFVAL { true }
	::= { certMgmtEntry 13 }

	certMgmtPollInterval OBJECT-TYPE
	    SYNTAX INTEGER (5..86400)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The interval (in seconds) between polls."
	    DEFVAL { 300 }
	::= { certMgmtEntry 14 }

	certMgmtMaxPolls OBJECT-TYPE
	    SYNTAX INTEGER (-1..32767)
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The maximum number of polls performed. A value of -1 means
		 forever, a value of 0 disables polling, i.e. the task is 
		 cancelled if the initial result is delayed."
	    DEFVAL { 12 }
	::= { certMgmtEntry 15 }

	certMgmtNumPolls OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The number of polls already performed."
	::= { certMgmtEntry 16 }

	certMgmtState OBJECT-TYPE
	    SYNTAX INTEGER {
		done(1),	-- Task finished successfully
		error(2),	-- Task finished with an error
		running(3), 	-- Task is currently performed
		delayed(4), 	-- Task has been initiated but not yet finished
				-- (nothing is currently done for this task)
		polling(5),  	-- A delayed Task is currently continued polling 
				-- for the result
		notreached(6)	-- Task will be retried later because target 
				-- host was not reachable yet
	    }
	    MAX-ACCESS read-only
	    STATUS current
	    DESCRIPTION
		"The state of the task specified by this entry."
	    DEFVAL { running }
	::= { certMgmtEntry 17 }

	certMgmtRaSignCertIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the Registration Authority's (RA) certificate to
		 use for signing purposes (from the certTable)."
	::= { certMgmtEntry 18 }

	certMgmtRaEncryptCertIndex OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The index of the Registration Authority's (RA) certificate to
		 use for encryption purposes (from the certTable)."
	::= { certMgmtEntry 19 }

	certMgmtKeyLength OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"The key length in bits used in requests for certificate enrollment."
	    DEFVAL { 1024 }
	::= { certMgmtEntry 20 }

	certMgmtCaFingerprint OBJECT-TYPE
	    SYNTAX OCTET STRING
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object holds the fingerprint of the CA certificate
		 computed as an SHA1 or MD5 hash.
		 This object is compared against an externally retrieved
		 SHA1 / MD5 fingerprint (e.g. published on a CA's web site) to
		 assure the authenticity of the certificate."
	::= { certMgmtEntry 21 }

	certMgmtNoCrls OBJECT-TYPE
	    SYNTAX INTEGER {
		true(1), 	-- do not check for certificate revocation 
				-- lists for this CA (no meaning for non-CA 
				-- certificates)
		false(2), 	-- check for certificate revocation 
				-- lists for this CA
		auto(3),	-- check for crls only if there is a 
				-- CRLDistributionPoint in the certificate
		inherit(4)	-- inherit from superior ca in chain
	    }
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"This object determines how CRL checking is set for
		 certificates retrieved during certificate enrollment.
		  Possible Values:
		   true(1), 	-- do not check for certificate revocation 
				-- lists for this CA (no meaning for non-CA 
				-- certificates)
		   false(2), 	-- check for certificate revocation 
				-- lists for this CA (no meaning for non-CA 
				-- certificates)
		   auto(3),	-- check for crls only if there is a 
				-- CRLDistributionPoint in the certificate
		   inherit(4),	-- inherit from superior ca in chain."
	DEFVAL { auto }
	::= { certMgmtEntry 22 }

	certMgmtAction OBJECT-TYPE
	    SYNTAX INTEGER {
		 wait(1),     -- Certificate management task is waiting
		 go(2)        -- Certificate management task starts now
	    }
	    MAX-ACCESS read-write
	    STATUS mandatory
	    DESCRIPTION
		"Flag whether certificate management task is waiting or
		 starts immediately.
		 Use this flag to create complex tasks in multiple steps:
		 First create task with certMgmtAction set to 'wait'. After
		 task is completely build, set this flag to 'go' and the
		 certificate management task starts automatically.
		 After certificate management task has started, certMgmtAction
		 is automatically set to 'wait'.
		 Possible values:
		  wait        -- Certificate management task is waiting
		  go          -- Certificate management task starts now
		"
	    DEFVAL { wait }
	::= { certMgmtEntry 23 }

-- End Certificate Management Table

-- Global Certificate Statistics

	certStats OBJECT IDENTIFIER  ::= { cert 8 }
	--Statistics for the certificate management

	certStatCertsConfigured OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS  read-only
	    STATUS  current
        DESCRIPTION
		"Number of configured certificate entries (opposed to those
		 dynamically learnt by any means during system run)."
	::= { certStats 1 }


--   Global Certificate Cache Statistics

	certCacheStats OBJECT IDENTIFIER  ::= { certStats 64 }
	--Statistics table for the certificate management

	certCacheStatMemoryUsage OBJECT-TYPE
	    SYNTAX INTEGER
	    MAX-ACCESS  read-only
	    STATUS  current
        DESCRIPTION
		"Allocated memory by the certificate cache."
	::= { certCacheStats 1 }

	certCacheStatNumEntries OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS  read-only
	    STATUS  current
        DESCRIPTION
		"Number of entries used in the certificate cache."
	::= { certCacheStats 2 }

	certCacheStatNumCertCacheHit OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS  read-only
	    STATUS  current
        DESCRIPTION
		"Number of successful certificate requests from cache."
	::= { certCacheStats 3 }

	certCacheStatNumCertCacheMiss OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS  read-only
	    STATUS  current
        DESCRIPTION
		"Number of failed certificate requests from cache."
	::= { certCacheStats 4 }

	certCacheStatNumCrlCacheHit OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS  read-only
	    STATUS  current
        DESCRIPTION
		"Number of successful crl requests from cache."
	::= { certCacheStats 5 }

	certCacheStatNumCrlCacheMiss OBJECT-TYPE
	    SYNTAX INTEGER (0..65535)
	    MAX-ACCESS  read-only
	    STATUS  current
        DESCRIPTION
		"Number of failed crl requests from cache."
	::= { certCacheStats 6 }

--   End Global Certificate Cache Statistics

-- End Global Certificate Statistics

-- Public Key Table

	ipsecPublicKeyTable OBJECT-TYPE
            SYNTAX  SEQUENCE OF IpsecPubKeyEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This table contains the list of public key pairs and ID's used
		 with IPSec."

	::= { ipsec 2 }

	ipsecPubKeyEntry OBJECT-TYPE
            SYNTAX  IpsecPubKeyEntry
            MAX-ACCESS  not-accessible
            STATUS  current
            DESCRIPTION
		"This object contains a key pair for a certain public key
		algorithm and the ids used together with this key."
	    INDEX   {
		ipsecPubKeyAlgorithm,
		ipsecPubKeyKeyLength
	    }
            ::= { ipsecPublicKeyTable 1 }

	IpsecPubKeyEntry ::=
            SEQUENCE {
		ipsecPubKeyIndex		INTEGER,
		ipsecPubKeyDescription		DisplayString,
		ipsecPubKeyAlgorithm		INTEGER, 
		ipsecPubKeyKeyLength		INTEGER, 
		ipsecPubKeyPublicExponent	INTEGER, 
		ipsecPubKeyState		INTEGER
            }

	ipsecPubKeyIndex OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		 "A unique index for this entry."
	::= { ipsecPubKeyEntry 1 }

	ipsecPubKeyDescription OBJECT-TYPE
	    SYNTAX DisplayString
	    MAX-ACCESS read-write
	    STATUS current
	    DESCRIPTION
		"An optional description for this key."
	::= { ipsecPubKeyEntry 2 }

	ipsecPubKeyAlgorithm OBJECT-TYPE
	    SYNTAX INTEGER {
		rsa(2),	   -- The RSA encryption algorithm
		dsa(3),	   -- The digital signature algorithm
		delete(15) -- Mark this entry for deletion
	    }
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		"This object specifies the algorithm for which the key is used.
		  Possible values:
		   rsa(2),	 -- The RSA encryption algorithm
		   dsa(3),	 -- The digital signature algorithm
		   delete(15)	 -- Mark this entry for deletion."
	    DEFVAL { rsa }
	::= { ipsecPubKeyEntry 3 }

	ipsecPubKeyKeyLength OBJECT-TYPE
	    SYNTAX INTEGER 
	    UNITS  "bits"
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "The size of the public and private keys in bits."
	    DEFVAL { 768 }
	::= { ipsecPubKeyEntry 4 }

	ipsecPubKeyPublicExponent OBJECT-TYPE
	    SYNTAX INTEGER 
            MAX-ACCESS  read-write
            STATUS  current
            DESCRIPTION
		 "The RSA public exponent of the key. (undefined for DSA)"
	::= { ipsecPubKeyEntry 5 }

	ipsecPubKeyState OBJECT-TYPE
	    SYNTAX INTEGER {
		generating(1),	   -- Key generation is in progress
		complete(2),	   -- Key generation is complete
		error(3)	   -- Key generation terminated with an error
	    }
            MAX-ACCESS  read-only
            STATUS  current
            DESCRIPTION
		"This object specifies the state of the Key.
		  Possible values:
		   generating(1),  -- Key generation is in progress
		   complete(2),	   -- Key generation is complete
		   error(3)	   -- Key generation terminated with an error."
	    DEFVAL { generating }
	::= { ipsecPubKeyEntry 6 }

-- End Public Key Table

END
