Class pki:FabricNodeSSLCertificate (CONCRETE)

Class ID:7603
Class Label: SSL Certificate for each node
Encrypted: false - Exportable: false - Persistent: true - Configurable: false - Subject to Quota: Disabled - Abstraction Layer: Logical Model - APIC NX Processing: Disabled
Write Access: [NON CONFIGURABLE]
Read Access: [admin]
Creatable/Deletable: no (see Container Mos for details)
Semantic Scope: Fabric
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: true, HasStats: false, HasFaults: true, HasHealth: true, HasEventRules: false ]

Object representing a Cisco issued x509 certificate for a node in the Fabric This object is implicitly created and cannot be deleted or exported in the configuration

Naming Rules
RN FORMAT: ifmcertnode-{nodeId}

    [1] PREFIX=ifmcertnode- PROPERTY = nodeId




DN FORMAT: 

[1] uni/fabsslcomm/ifmcertnode-{nodeId}

                


Diagram

Super Mo: pki:Definition,
Container Mos: pki:FabricCommunicationEp (deletable:no),


Containers Hierarchies
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] fabric:Topology The root for IFC topology.
 
 ├
[V] fabric:Pod A pod.
 
 
 ├
[V] fabric:Node The root node for the APIC.
 
 
 
 ├
[V] ctx:Local The local Context.
 
 
 
 
 ├
[V] ctx:Application The context application.
 
 
 
 
 
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 
 
 
 
 
 ├
[V] pki:FabricCommunicationEp  IFM SSL Fabric policies
 
 
 
 
 
 
 
 ├
[V] pki:FabricNodeSSLCertificate  Object representing a Cisco issued x509 certificate for a node in the Fabric This object is implicitly created and cannot be deleted or exported in the configuration
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 ├
[V] pki:FabricCommunicationEp  IFM SSL Fabric policies
 
 
 ├
[V] pki:FabricNodeSSLCertificate  Object representing a Cisco issued x509 certificate for a node in the Fabric This object is implicitly created and cannot be deleted or exported in the configuration


Contained Hierarchy
[V] pki:FabricNodeSSLCertificate  Object representing a Cisco issued x509 certificate for a node in the Fabric This object is implicitly created and cannot be deleted or exported in the configuration
 ├
[V] fault:Counts An immutable object that provides the number of critical, major, minor, and warning faults raised on its parent object and its subtree.
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 ├
[V] fault:Inst Contains detailed information of a fault. This object is attached as a child of the object on which the fault condition occurred. One instance object is created for each fault condition of the parent object. A fault instance object is identified by a fault code.
 
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 
 ├
[V] tag:Annotation 
 
 ├
[V] tag:Tag 
 ├
[V] health:Inst A base class for a health score instance.(Switch only)


Inheritance
[V] naming:NamedObject An abstract base class for an object that contains a name.
 ├
[V] pol:Obj Represents a generic policy object.
 
 ├
[V] pol:Def Represents self-contained policy document.
 
 
 ├
[V] pki:Definition This is an abstract class and cannot be instantiated.
 
 
 
 ├
[V] pki:FabricNodeSSLCertificate  Object representing a Cisco issued x509 certificate for a node in the Fabric This object is implicitly created and cannot be deleted or exported in the configuration


Events
                


Faults
                pki:FabricNodeSSLCertificate:NodeCertInvalid


Fsms
                


Properties Summary
Defined in: pki:FabricNodeSSLCertificate
string:Basic authorityKeyIdentifier  (pki:FabricNodeSSLCertificate:authorityKeyIdentifier)
           NO COMMENTS
string:CharBuffer data  (pki:FabricNodeSSLCertificate:data)
           Information returned by or provided to the application or task.
scalar:Bool expiredCertificate  (pki:FabricNodeSSLCertificate:expiredCertificate)
           Current system time is either before or after certificate validity window
scalar:Bool invalidIssuer  (pki:FabricNodeSSLCertificate:invalidIssuer)
           Invalid issuer
scalar:Bool invalidSigningCAForCertificate  (pki:FabricNodeSSLCertificate:invalidSigningCAForCertificate)
           Invalid Signing CA for certificate
scalar:Bool invalidSubjectFormat  (pki:FabricNodeSSLCertificate:invalidSubjectFormat)
           Invalid Subject line format
string:Basic issuer  (pki:FabricNodeSSLCertificate:issuer)
           NO COMMENTS
string:Basic keySize  (pki:FabricNodeSSLCertificate:keySize)
           x509 certificate public key size - for e.g. 1024 bits
string:Basic message  (pki:FabricNodeSSLCertificate:message)
           The contents of the informational banner to be displayed before user login authentication.
reference:BinRef monPolDn  (pki:FabricNodeSSLCertificate:monPolDn)
           The monitoring policy attached to this observable object.
scalar:Uint16 nodeId  (pki:FabricNodeSSLCertificate:nodeId)
           The ID of the APIC, leaf, or spine.
pki:CertificateReferenceType
          scalar:Enum16
nodeType  (pki:FabricNodeSSLCertificate:nodeType)
           NO COMMENTS
string:Basic publicKeyAlgorithm  (pki:FabricNodeSSLCertificate:publicKeyAlgorithm)
           x509 certificate signature algorithm - for e.g. rsaEncryption
string:Basic serialNumber  (pki:FabricNodeSSLCertificate:serialNumber)
           NO COMMENTS
string:Basic signatureAlgorithm  (pki:FabricNodeSSLCertificate:signatureAlgorithm)
           x509 certificate signature algorithm - for e.g. sha1WithRSAEncryption
string:Basic subject  (pki:FabricNodeSSLCertificate:subject)
           A short free-form description of a fault.
string:Basic subjectKeyIdentifier  (pki:FabricNodeSSLCertificate:subjectKeyIdentifier)
           X509v3 Subject Key Identifier: E9:C6:31:FC:E1:96:06:9D:E0:22:BC:27:0C:36:71:99:1B:5E:6B:9E X509v3 Authority Key Identifier: keyid:D0:C5:22:26:AB:4F:46:60:EC:AE:05:91:C7:DC:5A:D1:B0:47:F7:6C
scalar:Bool validCertificate  (pki:FabricNodeSSLCertificate:validCertificate)
           The following are boolean properties that will be used to trigger fault rules Validation of certificate contents indicate this certificate will fail if used for SSL IFM in strict mode
scalar:Date validityNotAfter  (pki:FabricNodeSSLCertificate:validityNotAfter)
           NO COMMENTS
scalar:Date validityNotBefore  (pki:FabricNodeSSLCertificate:validityNotBefore)
           NO COMMENTS
string:Basic version  (pki:FabricNodeSSLCertificate:version)
           The version of the compatibility catalog.
Defined in: pki:Definition
naming:Name
          string:Basic
name  (pki:Definition:name)
           Overrides:pol:Obj:name | naming:NamedObject:name
          
Defined in: pol:Def
naming:Descr
          string:Basic
descr  (pol:Def:descr)
           Specifies a description of the policy definition.
naming:Descr
          string:Basic
ownerKey  (pol:Def:ownerKey)
           The key for enabling clients to own their data for entity correlation.
naming:Descr
          string:Basic
ownerTag  (pol:Def:ownerTag)
           A tag for enabling clients to add their own data. For example, to indicate who created this object.
Defined in: naming:NamedObject
naming:NameAlias
          string:Basic
nameAlias  (naming:NamedObject:nameAlias)
           NO COMMENTS
Defined in: mo:Resolvable
mo:Owner
          scalar:Enum8
lcOwn  (mo:Resolvable:lcOwn)
           A value that indicates how this object was created. For internal use only.
Defined in: mo:Modifiable
mo:TStamp
          scalar:Date
modTs  (mo:Modifiable:modTs)
           The time when this object was last modified.
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32
childAction  (mo:TopProps:childAction)
           Delete or ignore. For internal use only.
reference:BinRef dn  (mo:TopProps:dn)
           A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN rn  (mo:TopProps:rn)
           Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus
          scalar:Bitmask32
status  (mo:TopProps:status)
           The upgrade status. This property is for internal use only.
Properties Detail

authorityKeyIdentifier

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS



childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
    Comments:
Delete or ignore. For internal use only.
Constants
deleteAll 16384u deleteAll NO COMMENTS
ignore 4096u ignore NO COMMENTS
deleteNonPresent 8192u deleteNonPresent NO COMMENTS
DEFAULT 0 --- This type is used to





data

Type: string:CharBuffer

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Information returned by or provided to the application or task.



descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
Specifies a description of the policy definition.



dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
    Comments:
A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.



expiredCertificate

Type: scalar:Bool

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Current system time is either before or after certificate validity window
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





invalidIssuer

Type: scalar:Bool

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Invalid issuer
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





invalidSigningCAForCertificate

Type: scalar:Bool

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Invalid Signing CA for certificate
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





invalidSubjectFormat

Type: scalar:Bool

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
Invalid Subject line format
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





issuer

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS



keySize

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
x509 certificate public key size - for e.g. 1024 bits



lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A value that indicates how this object was created. For internal use only.
Constants
local 0 Local NO COMMENTS
policy 1 Policy NO COMMENTS
replica 2 Replica NO COMMENTS
resolveOnBehalf 3 ResolvedOnBehalf NO COMMENTS
implicit 4 Implicit NO COMMENTS
DEFAULT local(0) Local NO COMMENTS





message

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The contents of the informational banner to be displayed before user login authentication.



modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The time when this object was last modified.
Constants
never 0ull never NO COMMENTS
DEFAULT never(0ull) never NO COMMENTS





monPolDn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The monitoring policy attached to this observable object.



name

Type: naming:Name
Primitive Type: string:Basic

Overrides:pol:Obj:name  |  naming:NamedObject:name
Units: null Encrypted: false Access: create Category: TopLevelRegular
    Comments:



nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
NO COMMENTS



nodeId

Type: scalar:Uint16

Units: null
Encrypted: false
Naming Property -- [NAMING RULES]
Access: naming
Category: TopLevelRegular
    Comments:
The ID of the APIC, leaf, or spine.
Constants
defaultValue 0 --- NO COMMENTS





nodeType

Type: pki:CertificateReferenceType
Primitive Type: scalar:Enum16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS
Constants
Local 0 Local NO COMMENTS
Neighbor 1 Neighbor NO COMMENTS
Unknown 2 Unknown NO COMMENTS
DEFAULT Unknown(2) Unknown NO COMMENTS





ownerKey

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
The key for enabling clients to own their data for entity correlation.



ownerTag

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
    Comments:
A tag for enabling clients to add their own data. For example, to indicate who created this object.



publicKeyAlgorithm

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
x509 certificate signature algorithm - for e.g. rsaEncryption



rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
    Comments:
Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.



serialNumber

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS



signatureAlgorithm

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
x509 certificate signature algorithm - for e.g. sha1WithRSAEncryption



status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
    Comments:
The upgrade status. This property is for internal use only.
Constants
created 2u created In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u modified In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u deleted In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 --- This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.






subject

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A short free-form description of a fault.



subjectKeyIdentifier

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
X509v3 Subject Key Identifier: E9:C6:31:FC:E1:96:06:9D:E0:22:BC:27:0C:36:71:99:1B:5E:6B:9E X509v3 Authority Key Identifier: keyid:D0:C5:22:26:AB:4F:46:60:EC:AE:05:91:C7:DC:5A:D1:B0:47:F7:6C



validCertificate

Type: scalar:Bool

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The following are boolean properties that will be used to trigger fault rules Validation of certificate contents indicate this certificate will fail if used for SSL IFM in strict mode
Constants
no false --- NO COMMENTS
yes true --- NO COMMENTS
DEFAULT no(false) --- NO COMMENTS





validityNotAfter

Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS



validityNotBefore

Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS



version

Type: string:Basic

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The version of the compatibility catalog.