sitesec.CertificateAuthProfile (NSP Network Functions Manager

sitesec
CertificateAuthProfile

This class defines the Certificate Authority Profile. It is used as the Certificate-Authority profile table.

Inheritance Hierarchy
- ManagedObject
  - policy.PolicyObject
    - policy.PolicyDefinition
      - sitesec. CertificateAuthProfile

Parent Hierarchy
- netw.Network
  - netw.NetworkElement
    - policy.Manager [caProfile]
      - sitesec.CertificateAuthProfile [[network]:[${systemAddress}]:[$%{policyTypeManaged}]:[capf-${displayedName}]]
- parent []
  - sitesec.CertificateAuthProfile [[backup-${policyTypeManaged}]:[capf-${displayedName}]]
- policy.Manager [caProfile]
  - sitesec.CertificateAuthProfile [[$%{policyTypeManaged}]:[capf-${displayedName}]]

Children Hierarchy
- sitesec.CertificateAuthProfile
  - sitesec.AutoCRLUpdate
    - sitesec.CrlUrlEntry
  - sitesec.CAProfActn
  - sitesec.CmpKeyListEntry

Relationships
- many sitesec.CertificateAuthProfiles may be associated with file.FileTransmissionProfile (implied relationship)
- sitesec.CertificateAuthProfile may be associated with many ipsec.CertChainCAProfileses (implied relationship)
- sitesec.CertificateAuthProfile may be associated with many ipsec.IPSecGateways (implied relationship)
- sitesec.CertificateAuthProfile may be associated with many ipsec.IPSecTunnels (implied relationship)
- sitesec.CertificateAuthProfile may be associated with many ipsec.TrustAnchorEntrys (implied relationship)
- many sitesec.CertificateAuthProfiles may be direct children of one policy.Manager (child-parent relationship)
- one sitesec.CertificateAuthProfile may be a direct parent of many sitesec.AutoCRLUpdates (parent-child relationship)
- one sitesec.CertificateAuthProfile may be a direct parent of many sitesec.CAProfActns (parent-child relationship)
- many sitesec.CertificateAuthProfiles may be associated with sitesec.CertificateAuthProfile (implied relationship)
- sitesec.CertificateAuthProfile may be associated with many sitesec.CertificateAuthProfiles (implied relationship)
- sitesec.CertificateAuthProfile may be associated with many sitesec.CertificateUpdateProfiles (implied relationship)
- one sitesec.CertificateAuthProfile may be a direct parent of many sitesec.CmpKeyListEntrys (parent-child relationship)
- sitesec.CertificateAuthProfile may be associated with many sitesec.TlsTrustAnchorEntrys (implied relationship)

CertificateAuthProfile

Relative Name=[[capf-${displayedName}]]

Displayed Name=Certificate Authority Profile

Properties
administrativeState	> Specifies the adminstrative state of the Certificate-Authority profile. type=netw.AdministrativeState default=tmnxOutOfService Displayed(tab/group)=Administrative State
certificateFile	Specifies the location and name of the Certificate file. type=string default=N/A minimum=0 maximum=95 Displayed(tab/group)=Certificate File
cmpAccUnprotErr	Specifies whether to accept unprotected error messages in this profile for CMPv2. type=boolean default=false Displayed(tab/group)=Accept Unprotected Error Messages (CMPv2)
cmpAccUnprotPki	Specifies whether to accept unprotected PKI configuration messages in this profile for CMPv2. type=boolean default=false Displayed(tab/group)=Accept Unprotected PKI Configuration Messages (CMPv2)
cmpAlSetSndrForIr	Specifies whether to always set the sender field in CMPv2 header of all Initial Registration (IR) messages with the subject name for this CA profile. The subject name is available in the IR message body, but certain CA implementation may require it in the sender field of the message header as well. By default, the sender field is only set if an optional certificate is specified in the CMPv2 request. type=boolean default=false Displayed(tab/group)=Always Set Sender for Initialization Request (CMPv2)
cmpHttpResponseTimeout	The value of httpResponseTimeout specifies the timeout interval CMP requests to the Certificate-Authority server. type=long default=30 minimum=1 maximum=3600 units=seconds Displayed(tab/group)=Http Response Timeout (CMPv2)
cmpRespSignCert	The value of cmpRespSignCert specifies the location and name of the certificate file which is used to verify the signature of the response. type=string default= minimum=0 maximum=95 Displayed(tab/group)=Response Signing Certificate Filename (CMPv2)
cmpRespSignExtSubj	The value of cmpRespSignExtSubj optionally specifies the subject of the signing certificate when responseSigningCert is set to true. If not specified, the subject will be retrieved, if present, from the sender field in the CMPv2 response. type=string default= minimum=0 maximum=256 Displayed(tab/group)=Response Signing Extra Certificate Subject (CMPv2)
cmpSameRecipNonce	Specifies whether to use the same recipient nonce for poll requests. type=boolean default=false Displayed(tab/group)= Use Same Recipient Nonce (CMPv2)
cmpSvcID	The value points to IES or VPRN Service ID. By default it points to the base routing instance. type=long default=0 minimum=0 maximum=2147483647 Displayed(tab/group)=Service ID (CMPv2/Service)
cmpSvcName	Specifies the IES or VPRN service name in which to reach the CMP URL type=string access=read-only Displayed(tab/group)=Service Name (CMPv2/Service)
cmpUrl	The value of cmpUrl specifies the URL of the Certificate-Authority server. type=string default= minimum=0 maximum=180 Displayed(tab/group)=CA Server URL (CMPv2/Service)
crlFile	Specifies the location and name of the Certificate Revoke List (CRL) file. type=string default=N/A minimum=0 maximum=95 Displayed(tab/group)=CRL File
fileTransmissionProfilePointer	Specifies the name of the file transmission profile to be matched. Transmission profiles are configured using tmnxSysFileTransProfTable. Operators are encouraged to use fileTransmissionProfilePointer instead of serviceName because serviceName will be deleted in a future release. type=Pointer default= Displayed(tab/group)=File Transmission Profile Name (/OCSP)
httpVersion	Specifies the HTTP version used in CMPv2 requests. The system by default uses HTTP version 1.1 unless explicitly specified. type=sitesec.HttpVersionType default=v11 Displayed(tab/group)=HTTP Version (CMPv2)
operationalFlag	Indicates the reason that this Certificate-Authority profile is not in service. type=sitesec.PkiCAProfileOperFlags access=read-only default=unspecified Displayed(tab/group)=Operational Flag
operationalState	Indicates the current operational status of this Certificate-Authority profile. type=netw.OperationalState access=read-only default=unknown Displayed(tab/group)=Operational State
recipient	Specifies whether to use the CA subject as the request recipient subject, 'useCaSubject' (1), or to use a custom recipient, 'subject' (2), as specified in recipient subject type=sitesec.RecipientType default=useCaSubject Displayed(tab/group)=Recipient (CMPv2)
recipientSubject	Specifies a custom request recipient subject to be used as the CMPv2 request recipient. type=string default= minimum=0 maximum=256 Displayed(tab/group)=Recipient Subject (CMPv2)
responderUrl	Specifies the HTTP URL of the OCSP responder of the Certificate-Authority profile. type=string default=N/A minimum=0 maximum=180 Displayed(tab/group)=Responder URL (/OCSP)
responseSigningCert	Specifies whether or not to use the certificate in `extraCerts` from the CMPv2 response to verify the response signature. type=sitesec.ResponseSigningCertType default=none Displayed(tab/group)=Response Signing Certificate (CMPv2)
revocationCheck	Specifies the method system uses to verify the revocation status of certificates issued by CA. type=sitesec.RevocationCheckType default=crl Displayed(tab/group)=Revocation Check
service	Specifies the routing instance that is used to contact OCSP responder. type=long default=0 minimum=0 maximum=2147483647 Displayed(tab/group)=Service ID (/OCSP)
serviceName	Specifies the IES or VPRN service name in which to reach the OCSP URL. type=string access=read-only Displayed(tab/group)=Service Name (/OCSP)
sitesec.AutoCRLUpdate-Set	type=Children-Set
sitesec.CAProfActn-Set	type=Children-Set
sitesec.CmpKeyListEntry-Set	type=Children-Set

Properties

administrativeState

> Specifies the adminstrative state of the Certificate-Authority profile.

type=netw.AdministrativeState
default=tmnxOutOfService
Displayed(tab/group)=Administrative State

certificateFile

Specifies the location and name of the Certificate file.

type=string
default=N/A
minimum=0
maximum=95
Displayed(tab/group)=Certificate File

cmpAccUnprotErr

Specifies whether to accept unprotected error messages in this profile for CMPv2.

type=boolean
default=false
Displayed(tab/group)=Accept Unprotected Error Messages (CMPv2)

cmpAccUnprotPki

Specifies whether to accept unprotected PKI configuration messages in this profile for CMPv2.

type=boolean
default=false
Displayed(tab/group)=Accept Unprotected PKI Configuration Messages (CMPv2)

cmpAlSetSndrForIr

Specifies whether to always set the sender field in CMPv2 header of all Initial Registration (IR) messages with the subject name for this CA profile. The subject name is available in the IR message body, but certain CA implementation may require it in the sender field of the message header as well. By default, the sender field is only set if an optional certificate is specified in the CMPv2 request.

type=boolean
default=false
Displayed(tab/group)=Always Set Sender for Initialization Request (CMPv2)

cmpHttpResponseTimeout

The value of httpResponseTimeout specifies the timeout interval CMP requests to the Certificate-Authority server.

type=long
default=30
minimum=1
maximum=3600
units=seconds
Displayed(tab/group)=Http Response Timeout (CMPv2)

cmpRespSignCert

The value of cmpRespSignCert specifies the location and name of the certificate file which is used to verify the signature of the response.

type=string
default=
minimum=0
maximum=95
Displayed(tab/group)=Response Signing Certificate Filename (CMPv2)

cmpRespSignExtSubj

The value of cmpRespSignExtSubj optionally specifies the subject of the signing certificate when responseSigningCert is set to true. If not specified, the subject will be retrieved, if present, from the sender field in the CMPv2 response.

type=string
default=
minimum=0
maximum=256
Displayed(tab/group)=Response Signing Extra Certificate Subject (CMPv2)

cmpSameRecipNonce

Specifies whether to use the same recipient nonce for poll requests.

type=boolean
default=false
Displayed(tab/group)= Use Same Recipient Nonce (CMPv2)

cmpSvcID

The value points to IES or VPRN Service ID. By default it points to the base routing instance.

type=long
default=0
minimum=0
maximum=2147483647
Displayed(tab/group)=Service ID (CMPv2/Service)

cmpSvcName

Specifies the IES or VPRN service name in which to reach the CMP URL

type=string
access=read-only
Displayed(tab/group)=Service Name (CMPv2/Service)

cmpUrl

The value of cmpUrl specifies the URL of the Certificate-Authority server.

type=string
default=
minimum=0
maximum=180
Displayed(tab/group)=CA Server URL (CMPv2/Service)

crlFile

Specifies the location and name of the Certificate Revoke List (CRL) file.

type=string
default=N/A
minimum=0
maximum=95
Displayed(tab/group)=CRL File

fileTransmissionProfilePointer

Specifies the name of the file transmission profile to be matched. Transmission profiles are configured using tmnxSysFileTransProfTable. Operators are encouraged to use fileTransmissionProfilePointer instead of serviceName because serviceName will be deleted in a future release.

type=Pointer
default=
Displayed(tab/group)=File Transmission Profile Name (/OCSP)

httpVersion

Specifies the HTTP version used in CMPv2 requests. The system by default uses HTTP version 1.1 unless explicitly specified.

type=sitesec.HttpVersionType
default=v11
Displayed(tab/group)=HTTP Version (CMPv2)

operationalFlag

Indicates the reason that this Certificate-Authority profile is not in service.

type=sitesec.PkiCAProfileOperFlags
access=read-only
default=unspecified
Displayed(tab/group)=Operational Flag

operationalState

Indicates the current operational status of this Certificate-Authority profile.

type=netw.OperationalState
access=read-only
default=unknown
Displayed(tab/group)=Operational State

recipient

Specifies whether to use the CA subject as the request recipient subject, 'useCaSubject' (1), or to use a custom recipient, 'subject' (2), as specified in recipient subject

type=sitesec.RecipientType
default=useCaSubject
Displayed(tab/group)=Recipient (CMPv2)

recipientSubject

Specifies a custom request recipient subject to be used as the CMPv2 request recipient.

type=string
default=
minimum=0
maximum=256
Displayed(tab/group)=Recipient Subject (CMPv2)

responderUrl

Specifies the HTTP URL of the OCSP responder of the Certificate-Authority profile.

type=string
default=N/A
minimum=0
maximum=180
Displayed(tab/group)=Responder URL (/OCSP)

responseSigningCert

Specifies whether or not to use the certificate in `extraCerts` from the CMPv2 response to verify the response signature.

type=sitesec.ResponseSigningCertType
default=none
Displayed(tab/group)=Response Signing Certificate (CMPv2)

revocationCheck

Specifies the method system uses to verify the revocation status of certificates issued by CA.

type=sitesec.RevocationCheckType
default=crl
Displayed(tab/group)=Revocation Check

service

Specifies the routing instance that is used to contact OCSP responder.

type=long
default=0
minimum=0
maximum=2147483647
Displayed(tab/group)=Service ID (/OCSP)

serviceName

Specifies the IES or VPRN service name in which to reach the OCSP URL.

type=string
access=read-only
Displayed(tab/group)=Service Name (/OCSP)

sitesec.AutoCRLUpdate-Set

type=Children-Set

sitesec.CAProfActn-Set

type=Children-Set

sitesec.CmpKeyListEntry-Set

type=Children-Set

Overridden Properties
displayedName	access=read-create minimum=1 maximum=32

Overridden Properties

displayedName

access=read-create
minimum=1
maximum=32

Properties inherited from policy.PolicyDefinition
configurationAction, configurationMode, discoveryState, displayedName, distributionMode, isMaster, lastSyncTime, numberOfUnderlyingPolicyItems, origin, policyMode, policySyncGroupPointer, policyType

Properties inherited from policy.PolicyDefinition

configurationAction, configurationMode, discoveryState, displayedName, distributionMode, isMaster, lastSyncTime, numberOfUnderlyingPolicyItems, origin, policyMode, policySyncGroupPointer, policyType

Properties inherited from policy.PolicyObject
description, displayedName, globalPolicy, id, isLocal, policyType, siteId, siteName, templateObject

Properties inherited from policy.PolicyObject

description, displayedName, globalPolicy, id, isLocal, policyType, siteId, siteName, templateObject

Properties inherited from ManagedObject
actionMask, children-Set, deploymentState, isFaultSquelched, name, objectFullName, selfAlarmed

Properties inherited from ManagedObject

actionMask, children-Set, deploymentState, isFaultSquelched, name, objectFullName, selfAlarmed

Methods inherited from policy.PolicyDefinition
distribute, distributeUsingGroups, distributeV2, evaluatePolicy, findGlobal, findLocal, findReleased, getSyncTaskResult, resetToReleasedPolicy, setConfigurationModeToDraft, setConfigurationModeToReleased, setDistributionModeToLocalEditOnly, setDistributionModeToSyncWithGlobal, syncTo, syncToLocalWithResync

Methods inherited from policy.PolicyDefinition

distribute, distributeUsingGroups, distributeV2, evaluatePolicy, findGlobal, findLocal, findReleased, getSyncTaskResult, resetToReleasedPolicy, setConfigurationModeToDraft, setConfigurationModeToReleased, setDistributionModeToLocalEditOnly, setDistributionModeToSyncWithGlobal, syncTo, syncToLocalWithResync

Supported Network Elements
7750 SR	Supported from 10.0.R1 until 13.0.R13 Excluded chassis types: 7750-SR1, 7750-SRc4, 7750-SRa4, 7750-SRa8, 7750-SR1 Fixed CFM, 7750 SR-1e, 7750 SR-2e, 7750 SR-3e Supported from 13.0.R13 until 14.0.R4 Excluded chassis types: 7750-SRc4, 7750-SRa4, 7750-SRa8, 7750-SR1 Fixed CFM Supported from 14.0.R4
7705 SAR Gen 2
7705 SAR Hm
7450 ESS	Supported from 11.0.R1 Excluded chassis types: 7450-ESS1
7705 SAR	Supported from 7.0.R4 Excluded chassis types: 7705-SARM ASAP, 7705-SARM, 7705-SARM ASAP FL, 7705-SARM FL, 7705 SAR-A T1/E1, 7705 SAR-A
7705 SAR H	Supported from 7.0.R4
7950 XRS	Supported from 14.0.R4
7250 IXR	Supported from 19.5.R1
Product Specifics
7250 IXR 20.0	Warning: iframes not supported by this browser.
7250 IXR 21.0
7250 IXR 22.0
7250 IXR 23.0
7250 IXR 24.0
7250 IXR 25.0
7450 ESS 20.0
7450 ESS 21.0
7450 ESS 22.0
7450 ESS 23.0
7450 ESS 24.0
7450 ESS 25.0
7705 SAR Gen 2 25.0
7705 SAR H 20.0
7705 SAR H 21.0
7705 SAR H 22.0
7705 SAR H 23.0
7705 SAR H 24.0
7705 SAR H 25.0
7705 SAR H 9.0
7705 SAR Hm 20.0
7705 SAR Hm 21.0
7705 SAR Hm 22.0
7705 SAR Hm 23.0
7705 SAR Hm 24.0
7705 SAR Hm 25.0
7705 SAR 20.0
7705 SAR 21.0
7705 SAR 22.0
7705 SAR 23.0
7705 SAR 24.0
7705 SAR 25.0
7750 SR 20.0
7750 SR 21.0
7750 SR 22.0
7750 SR 23.0
7750 SR 24.0
7750 SR 25.0
7950 XRS 20.0
7950 XRS 21.0
7950 XRS 22.0
7950 XRS 23.0
7950 XRS 24.0
7950 XRS 25.0

Supported Network Elements

7750 SR

Supported from 10.0.R1 until 13.0.R13