381 lines
12 KiB
Plaintext
381 lines
12 KiB
Plaintext
RADLAN-SSL DEFINITIONS ::= BEGIN
|
|
|
|
-- Title: RADLAN Ssl Private Extension
|
|
-- Version: 7.35
|
|
-- Date: 20 Jan 2004
|
|
|
|
IMPORTS
|
|
rnd FROM RADLAN-MIB
|
|
DisplayString FROM SNMPv2-TC-v1
|
|
TruthValue, RowStatus FROM RADLAN-SNMPv2
|
|
Unsigned32, IpAddress,
|
|
MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI
|
|
TEXTUAL-CONVENTION FROM SNMPv2-TC;
|
|
|
|
rlSsl MODULE-IDENTITY
|
|
LAST-UPDATED "200309210000Z"
|
|
ORGANIZATION "Radlan Computer Communications Ltd."
|
|
CONTACT-INFO
|
|
"radlan.com"
|
|
DESCRIPTION
|
|
"The private MIB module definition for SSL."
|
|
REVISION "200309210000Z"
|
|
DESCRIPTION
|
|
"Added this MODULE-IDENTITY clause."
|
|
::= { rnd 100 }
|
|
|
|
rlSslCertificateGenerationTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RlSslCertificateGenerationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used for :
|
|
1. generating keys and self signed certificate - saved in flash and RAM
|
|
(not in configuration file)
|
|
2. generating certificate requests - saved in RAM, can be read by
|
|
rlSslCertificateExportTable
|
|
3. generating self signed certificate - saved in flash and RAM (not in
|
|
configuraion file)
|
|
By setting rlSslCertificateGenerationAction to the appropriate
|
|
value this action takes place. The other fields of this table are used for
|
|
each of this actions"
|
|
::= { rlSsl 1 }
|
|
|
|
rlSslCertificateGenerationEntry OBJECT-TYPE
|
|
SYNTAX RlSslCertificateGenerationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The row definition for this table."
|
|
INDEX { rlSslCertificateGenerationIndex }
|
|
::= { rlSslCertificateGenerationTable 1 }
|
|
|
|
RlSslCertificateGenerationEntry ::= SEQUENCE {
|
|
rlSslCertificateGenerationIndex INTEGER,
|
|
rlSslCertificateGenerationId INTEGER,
|
|
rlSslCertificateGenerationCountryName DisplayString,
|
|
rlSslCertificateGenerationStateOrProvinceName DisplayString,
|
|
rlSslCertificateGenerationLocalityName DisplayString,
|
|
rlSslCertificateGenerationOrganizationName DisplayString,
|
|
rlSslCertificateGenerationOrganizationUnitName DisplayString,
|
|
rlSslCertificateGenerationCommonName DisplayString,
|
|
rlSslCertificateGenerationValidDays INTEGER,
|
|
rlSslCertificateGenerationRsaKeyLength INTEGER,
|
|
rlSslCertificateGenerationPassphrase DisplayString,
|
|
rlSslCertificateGenerationAction INTEGER
|
|
}
|
|
|
|
rlSslCertificateGenerationIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This index is always set to 1 no matter for which certificate or
|
|
certificate request the action refers to."
|
|
::= { rlSslCertificateGenerationEntry 1 }
|
|
|
|
rlSslCertificateGenerationId OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The device can hold a number of keys/certificates/certificate requests.
|
|
These certificates are always numbered from 1 to N (maximum number of
|
|
certificates in device). This field decides to which
|
|
keys/certificates/certificate requests the action refers."
|
|
::= { rlSslCertificateGenerationEntry 2 }
|
|
|
|
|
|
rlSslCertificateGenerationCountryName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(2))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of country name field that will appear when a new certificate
|
|
request or self signed certificate is generated."
|
|
::= { rlSslCertificateGenerationEntry 3 }
|
|
|
|
rlSslCertificateGenerationStateOrProvinceName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of state or province name field that will appear when a new
|
|
certificate or self signed certificate is generated."
|
|
::= { rlSslCertificateGenerationEntry 4 }
|
|
|
|
|
|
rlSslCertificateGenerationLocalityName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of locality field that will appear when a new certificate or
|
|
self signed certificate is generated."
|
|
::= { rlSslCertificateGenerationEntry 5 }
|
|
|
|
|
|
rlSslCertificateGenerationOrganizationName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of organization field that will appear when a new certificate or
|
|
self signed certificate is generated."
|
|
::= { rlSslCertificateGenerationEntry 6 }
|
|
|
|
rlSslCertificateGenerationOrganizationUnitName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of organization field that will appear when a new certificate or
|
|
self signed certificate is generated."
|
|
::= { rlSslCertificateGenerationEntry 7 }
|
|
|
|
rlSslCertificateGenerationCommonName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(1..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of common name field that will appear when a new certificate or
|
|
self signed certificate is generated."
|
|
::= { rlSslCertificateGenerationEntry 8 }
|
|
|
|
rlSslCertificateGenerationValidDays OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When generating self signed certificate this field sets the valid fields.
|
|
'Valid from' is current GMT and 'valid to' current GMT + the value of
|
|
this field."
|
|
::= { rlSslCertificateGenerationEntry 9 }
|
|
|
|
rlSslCertificateGenerationRsaKeyLength OBJECT-TYPE
|
|
SYNTAX INTEGER (512..2048)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting the RSA key size that will be created when a new key is generated -
|
|
generateRsaKeyAndSelfSignedCertificate"
|
|
::= { rlSslCertificateGenerationEntry 10 }
|
|
|
|
rlSslCertificateGenerationPassphrase OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When a RSA key is generated (generateRsaKeyAndSelfSignedCertificate)
|
|
this passphrase is saved in flash and when the time comes and the
|
|
certificate and the key are exported in PKCS12 format this passphrase
|
|
is used to encrypt it. If the passphrase is empty the key and
|
|
certificate can not be exported. There is no method of obtaining this
|
|
passphrase once a key was generated."
|
|
::= { rlSslCertificateGenerationEntry 11 }
|
|
|
|
|
|
rlSslCertificateGenerationAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
generateRsaKeyAndSelfSignedCertificate(1),
|
|
generateSelfSignedCertificate(2),
|
|
generatePkcs12(3),
|
|
generateCertificateRequest(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Setting to a regenerateCertificate causes a new certificate to be
|
|
generated and to be used for all new sessions."
|
|
::= { rlSslCertificateGenerationEntry 12 }
|
|
|
|
|
|
|
|
|
|
rlSslCertificateExportTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RlSslCertificateExportEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used for viewing saved data from RAM and flash."
|
|
::= { rlSsl 2 }
|
|
|
|
rlSslCertificateExportEntry OBJECT-TYPE
|
|
SYNTAX RlSslCertificateExportEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The row definition for this table."
|
|
INDEX { rlSslCertificateExportId,
|
|
rlSslCertificateExportType,
|
|
rlSslCertificateExportFragmentId }
|
|
::= { rlSslCertificateExportTable 1 }
|
|
|
|
RlSslCertificateExportEntry ::= SEQUENCE {
|
|
rlSslCertificateExportId INTEGER,
|
|
rlSslCertificateExportType INTEGER,
|
|
rlSslCertificateExportFragmentId INTEGER,
|
|
rlSslCertificateExportFragmentText OCTET STRING
|
|
}
|
|
|
|
rlSslCertificateExportId OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifies the index of this certficate / certificate request the table holds."
|
|
::= { rlSslCertificateExportEntry 1 }
|
|
|
|
rlSslCertificateExportType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
certificateRequestPemFormat (1),
|
|
certificatePemFormat(2),
|
|
certificateOpenSslFormat(3),
|
|
certificateAndKeyPkcs12(4)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifies the type of data the current entry shows."
|
|
::= { rlSslCertificateExportEntry 2 }
|
|
|
|
rlSslCertificateExportFragmentId OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifies the index of this fragment in the certificate request."
|
|
::= { rlSslCertificateExportEntry 3 }
|
|
|
|
rlSslCertificateExportFragmentText OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A part of the readable text entry for the certificate request."
|
|
::= { rlSslCertificateExportEntry 4 }
|
|
|
|
|
|
|
|
rlSslCertificateSave OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Saves data from rlSslCertificateImportTable to RAM and flash. When
|
|
an external certificate should be copied to the device first we copy
|
|
it to rlSslCertificateImportTable and then this scalar is set to the
|
|
certificate id that we want to save -
|
|
1. All entries in rlSslCertificateImportTable that have this id and
|
|
their format is equal to the current value of rlSslCertificateSaveFormat
|
|
are concatenated.
|
|
2. If the imported certificate format is .. - section 1 result
|
|
is validated against the key with the same index. If validation fails
|
|
for any reason - the certificate is not saved and the setting this
|
|
scalar fails.
|
|
3. If the imported certificate format is PKCS12 - section1 result is
|
|
decrypted using rlSslImportedPKCS12CertificatePassphrase current value.
|
|
If decryption fails for any reason the PKCS12 certificate and key are
|
|
not saved to FLASH and setting this scalar fails."
|
|
::= { rlSsl 3 }
|
|
|
|
rlSslCertificateSaveFormat OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
x509 (1),
|
|
pkcs12(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { rlSsl 4 }
|
|
|
|
rlSslImportedPKCS12CertificatePassphrase OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(8..96))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { rlSsl 5 }
|
|
|
|
|
|
rlSslCertificateImportTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RlSslCertificateImportEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used for copying an external certificate to the device -
|
|
see rlSslCertificateSave"
|
|
::= { rlSsl 6 }
|
|
|
|
rlSslCertificateImportEntry OBJECT-TYPE
|
|
SYNTAX RlSslCertificateImportEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The row definition for this table."
|
|
INDEX { rlSslCertificateImportId,
|
|
rlSslCertificateImportFormat,
|
|
rlSslCertificateImportFragmentId}
|
|
::= { rlSslCertificateImportTable 1 }
|
|
|
|
RlSslCertificateImportEntry ::= SEQUENCE {
|
|
rlSslCertificateImportId INTEGER,
|
|
rlSslCertificateImportFormat INTEGER,
|
|
rlSslCertificateImportFragmentId INTEGER,
|
|
rlSslCertificateImportFragmentText OCTET STRING,
|
|
rlSslCertificateImportFragmentStatus RowStatus
|
|
}
|
|
|
|
rlSslCertificateImportId OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The certificate ID."
|
|
::= { rlSslCertificateImportEntry 1 }
|
|
|
|
rlSslCertificateImportFormat OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
x509 (1),
|
|
pkcs12(2)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { rlSslCertificateImportEntry 2 }
|
|
|
|
|
|
rlSslCertificateImportFragmentId OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifies the index of this fragment in the certificate."
|
|
::= { rlSslCertificateImportEntry 3 }
|
|
|
|
|
|
rlSslCertificateImportFragmentText OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A part of the readable text entry for the certificate."
|
|
::= { rlSslCertificateImportEntry 4 }
|
|
|
|
rlSslCertificateImportFragmentStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { rlSslCertificateImportEntry 5 }
|
|
|
|
|
|
|
|
|
|
END
|
|
|