Class pki:KeyRing (CONCRETE)

Class ID:1482
Class Label: Key Ring
Encrypted: true - Exportable: true - Persistent: true - Configurable: true - Subject to Quota: Disabled - Abstraction Layer: Ambiguous Placement in the Model - APIC NX Processing: Disabled
Write Access: [aaa, admin]
Read Access: [aaa, admin, nw-svc-device, nw-svc-policy]
Creatable/Deletable: yes (see Container Mos for details)
Possible Semantic Scopes: EPG, Fabric,
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: true, HasStats: false, HasFaults: true, HasHealth: true, HasEventRules: false ]

RN FORMAT: keyring-{name}

    [1] PREFIX=keyring- PROPERTY = name




DN FORMAT: 

[1] uni/tn-{name}/certstore/keyring-{name}

[3] uni/userext/pkiext/keyring-{name}

                

Diagram

Super Mo: pki:Item, Container Mos: cloud:CertStore (deletable:yes), pki:Ep (deletable:yes), Contained Mos: aaa:RbacAnnotation, pki:CertReq, tag:Annotation, tag:Tag, Relations From: comm:Https, aaa:KeyringRelnHolder, cloud:Listener, adepg:ASvr, Relations: pki:RtKeyRing, pki:RtKeyringRef, pki:RtListenerToCert, pki:RtSvrKeyRing,

Containers Hierarchies

top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.  ├ fabric:Topology The root for IFC topology.    ├ fabric:Pod A pod.      ├ fabric:Node The root node for the APIC.        ├ ctx:Local The local Context.          ├ ctx:Application The context application.            ├ pol:Uni Represents policy definition/resolution universe.              ├ fv:Tenant A policy owner in the virtual fabric. A tenant can be either a private or a shared entity. For example, you can create a tenant with contexts and bridge domains shared by other tenants. A shared type of tenant is typically named common, default, or infra.                ├ cloud:CertStore                   ├ pki:KeyRing A keyring to create and hold an SSL certificate. The SSL certificate contains the public RSA key and signed identity information of a PKI device. The PKI device holds a pair of RSA encryption keys, one kept private and one made public, stored in an internal key ring. The keyring certificate merges into the PKI device keyring to create a trusted relationship. top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.  ├ pol:Uni Represents policy definition/resolution universe.    ├ fv:Tenant A policy owner in the virtual fabric. A tenant can be either a private or a shared entity. For example, you can create a tenant with contexts and bridge domains shared by other tenants. A shared type of tenant is typically named common, default, or infra.      ├ cloud:CertStore         ├ pki:KeyRing A keyring to create and hold an SSL certificate. The SSL certificate contains the public RSA key and signed identity information of a PKI device. The PKI device holds a pair of RSA encryption keys, one kept private and one made public, stored in an internal key ring. The keyring certificate merges into the PKI device keyring to create a trusted relationship. top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.  ├ fabric:Topology The root for IFC topology.    ├ fabric:Pod A pod.      ├ fabric:Node The root node for the APIC.        ├ ctx:Local The local Context.          ├ ctx:Application The context application.            ├ pol:Uni Represents policy definition/resolution universe.              ├ aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control                ├ pki:Ep The PKI configuration, which includes key rings and certificate authority (CA) credentials. Components of the PKI are used to establish secure communications between two devices.                  ├ pki:KeyRing A keyring to create and hold an SSL certificate. The SSL certificate contains the public RSA key and signed identity information of a PKI device. The PKI device holds a pair of RSA encryption keys, one kept private and one made public, stored in an internal key ring. The keyring certificate merges into the PKI device keyring to create a trusted relationship. top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.  ├ pol:Uni Represents policy definition/resolution universe.    ├ aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control      ├ pki:Ep The PKI configuration, which includes key rings and certificate authority (CA) credentials. Components of the PKI are used to establish secure communications between two devices.        ├ pki:KeyRing A keyring to create and hold an SSL certificate. The SSL certificate contains the public RSA key and signed identity information of a PKI device. The PKI device holds a pair of RSA encryption keys, one kept private and one made public, stored in an internal key ring. The keyring certificate merges into the PKI device keyring to create a trusted relationship.

Contained Hierarchy

pki:KeyRing A keyring to create and hold an SSL certificate. The SSL certificate contains the public RSA key and signed identity information of a PKI device. The PKI device holds a pair of RSA encryption keys, one kept private and one made public, stored in an internal key ring. The keyring certificate merges into the PKI device keyring to create a trusted relationship.  ├ aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility  ├ fault:Counts An immutable object that provides the number of critical, major, minor, and warning faults raised on its parent object and its subtree.  ├ fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.  ├ fault:Inst Contains detailed information of a fault. This object is attached as a child of the object on which the fault condition occurred. One instance object is created for each fault condition of the parent object. A fault instance object is identified by a fault code.    ├ aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility    ├ tag:Annotation     ├ tag:Tag   ├ health:Inst A base class for a health score instance.(Switch only)  ├ pki:CertReq A request sent to a certificate authority (CA or trustpoint) requesting that the CA affirm the identity of the requester and issue a digital certificate verifying that the requestor is the owner of the presented public key.    ├ aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility    ├ tag:Annotation     ├ tag:Tag   ├ pki:RtKeyRing   ├ pki:RtKeyringRef   ├ pki:RtListenerToCert   ├ pki:RtSvrKeyRing  ISE private key, certificate  ├ tag:Annotation   ├ tag:Tag

Inheritance

naming:NamedObject An abstract base class for an object that contains a name.  ├ pol:Obj Represents a generic policy object.    ├ pol:Def Represents self-contained policy document.      ├ pki:Definition This is an abstract class and cannot be instantiated.        ├ pki:Item This is an abstract class and cannot be instantiated.          ├ pki:KeyRing A keyring to create and hold an SSL certificate. The SSL certificate contains the public RSA key and signed identity information of a PKI device. The PKI device holds a pair of RSA encryption keys, one kept private and one made public, stored in an internal key ring. The keyring certificate merges into the PKI device keyring to create a trusted relationship.

                pki:KeyRing:pki_KeyRing_createKeyRing

                pki:KeyRing:pki_KeyRing_deleteKeyRing

                pki:KeyRing:pki_KeyRing_modKeyRing

                pki:KeyRing:creation__pki_KeyRing

                pki:KeyRing:modification__pki_KeyRing

                pki:KeyRing:deletion__pki_KeyRing

                

                pki:KeyRing:customKeyRingExpired

                pki:KeyRing:customKeyRingExpiring

                

adminState

Type: pki:KeyringState
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

The current administrative state of the certificate request process.

annotation

Type: mo:Annotation
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+

NO COMMENTS

cert

Type: pki:Cert
Primitive Type: string:CharBuffer

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

A certificate is a file containing a device's public key along with signed information verifying the identity of the device.

certValidUntil

Type: pki:CertValidity
Primitive Type: string:CharBuffer

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

certificateDecodeInformation

Type: pki:Cert
Primitive Type: string:CharBuffer

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction

Delete or ignore. For internal use only.

descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

Specifies a description of the policy definition.

dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn

A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.

expState

Type: pki:ExpStatus
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

NO COMMENTS

extMngdBy

Type: mo:ExtMngdByType
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

NO COMMENTS

key

Type: pki:PrivateKey
Primitive Type: string:Password

Units: null
Encrypted: true
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "4096"

The private key of the certificate.

lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

A value that indicates how this object was created. For internal use only.

modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

The time when this object was last modified.

modulus

Type: pki:Modulus
Primitive Type: scalar:Enum16

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

The length of the encryption keys. A longer key length increases the difficulty of breaking the key.

monPolDn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

The monitoring policy attached to this observable object.

name

Type: naming:Name
Primitive Type: string:Basic

Overrides:pki:Definition:name  |  pol:Obj:name  |  naming:NamedObject:name

Units: null
Encrypted: false
Naming Property -- [NAMING RULES]
Access: naming
Category: TopLevelRegular
Property Validators:
    Range:  min: "1"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+

The name of the key ring.

nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.-]+

NO COMMENTS

ownerKey

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

The key for enabling clients to own their data for entity correlation.

ownerTag

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

A tag for enabling clients to add their own data. For example, to indicate who created this object.

regen

Type: scalar:Bool

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

Forces regeneration of the keypair. Each PKI device holds a pair of asymmetric Rivest-Shamir-Adleman (RSA) encryption keys, one kept private and one made public, stored in an internal key ring.

rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn

Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.

status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus

The upgrade status. This property is for internal use only.

tp

Type: naming:LongName
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+

A third-party certificate from a trusted source, or trusted point, that affirms the identity of your device. The third-party certificate is signed by the issuing certificate authority (CA or trustpoint), which can be a root CA, an intermediate CA, or a trust anchor that is part of a trust chain that leads to a root CA.

uid

Type: scalar:Uint16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

A unique identifier for this object.