| Actions |
boolean |
-
cancelEnrollment
(
);
-
Cancels the enrollment process.
If the enrollment runs in online polling mode, this action stops polling the enrollment server. The enrollment rejects to confirm the PKI response from the enrollment server and releases the generated key-pair. The enrollment fails.
|
boolean |
-
installCredentialFromUri
(
string uri
,
EcimPasswordString uriPassword
,
EcimPasswordString credentialPassword
,
Fingerprint fingerprint
);
-
Installs a node credential or certificate from the specified Uniform Resource Identifier (URI).
If the container file is in PKCS#12 format, the action implicitly starts an offline enrollment. If the file is a certificate in Privacy Enhanced Mail (PEM) or Distinguished Encoding Rules (DER) format, this action closes the ongoing offline enrollment process started by the startOfflineCsrEnrollment action.
The action can be invoked if the enrollmentSupport attribute of the CertMCapabilites MO indicates that offline enrollment is supported.
For a container file in PKCS#12 format, the action can be invoked if there is no other action in progress on this MO. For a certificate file in PEM or DER format, the action can be invoked if there is a startOfflineCsrEnrollment action in progress on this MO.
The action returns immediately after invocation. The progress of the action can be tracked via the enrollmentProgress attribute.
The action returns with TRUE after successful invocation, otherwise it returns with FALSE.
The generic URI syntax is defined by RFC 3986.
Example: sftp://myuser@myhostname.ericsson.local/dir/subdir/file
Example: http://myhostname.ericsson.local/dir/subdir/certificate
-
Parameters
Name: uri
Description: This parameter contains a URI assumed to point to the certificate or credential container file.
The generic Uniform Resource Identifier (URI) syntax is defined by RFC 3986.
Example: sftp://myuser@myhostname.ericsson.local/dir/subdir/file
Example: http://myhostname.ericsson.local/dir/subdir/certificate
The URI must not contain any password. The password shall be provided in the second parameter of this action.
The URI may be local relative (e.g. data/dir/subdir/file), or local absolute (e.g. file:///data/dir/subdir/file), or remote (e.g. sftp://user@hostname/dir/subdir/file) or remote relative (e.g. sftp://user@hostname/~/cert.pem).
If the URI is local relative, the file is expected to be under directory path indicated by the localFileStorePath attribute in the CertM MO.
Name: uriPassword
Description: The password part of the Uniform Resource Identifier (URI).
If a password is not required, the 'NULL' string has to be provided.
Name: credentialPassword
Description: The password for decrypting the PKCS#12 container file.
If the action is called to install a certificate in Privacy Enhanced Mail (PEM) or Distinguished Encoding Rules (DER) format to finish a running enrollment process, the value of password has to be 'NULL'.
Name: fingerprint
Description: The Secure Hash Algorithm (SHA) fingerprint of the certificate to be installed.
The fingerprint is checked against the fingerprint calculated on the installed file. If the verification of the fingerprint is not required, the 'NULL' string must be provided. The hash must be calculated by the SHA algorithm indicated in fingerprintSupport of the CertMCapabilities MO.
|
boolean |
-
startOfflineCsrEnrollment
(
string uri
,
EcimPasswordString uriPassword
);
-
Starts a manual enrollment procedure.
Creates a PKCS#10 Certificate Signing Request (CSR) that is stored at the specified local Uniform Resource Identifier URI. A file transfer service can be used to fetch the CSR file from the ME.
The action can be invoked if the enrollmentSupport attribute of the CertMCapabilites MO indicates that offline CSR-based enrollment is supported.
The action uses attributes subjectName and keyInfo attributes as inputs.
If no other action is in progress on this MO, the action can be invoked and it returns immediately after invocation.
The action progress can be tracked via the enrollmentProgress attribute.
The action returns with TRUE after successful invocation, otherwise it returns with FALSE.
-
Parameters
Name: uri
Description: This parameter contains a URI assumed to point to the certificate or credential container file.
The generic Uniform Resource Identifier (URI) syntax is defined by RFC 3986.
Example: sftp://myuser@myhostname.ericsson.local/dir/subdir/file
The URI must not contain any password. The password shall be provided in the second parameter of this action.
The URI may be local relative e.g. dir/subdir/csr.p10, or local absolute e.g. file:///data/dir/subdir/csr.p10, or remote e.g. sftp://user@hostname/dir/subdir/csr.p10).
If the URI is local relative, the file will be stored under the path indicated by the localFileStorePath attribute in the CertM MO.
Name: uriPassword
Description: The password section of the Uniform Resource Identifier (URI).
If a password is not required, the 'NULL' string must be provided.
|
boolean |
-
startOnlineEnrollment
(
EcimPasswordString challengePassword
);
-
Starts the online enrollment process.
For initial enrollment a challengePassword must be provided.
The action can be invoked if the enrollmentSupport attribute of the CertMCapabilites MO indicates that online enrollment is supported.
As inputs, the action uses subjectName, keyInfo, enrollmentServerGroup and enrollmentAuthority attributes.
If no other action is in progress on this MO, the action can be invoked and it returns immediately after invocation.
Action progress can be tracked via the enrollmentProgress attribute.
The action returns with TRUE after successful invocation, otherwise it returns with FALSE.
-
Parameters
Name: challengePassword
Description: The one-time challenge password used as a shared-secret between the ME and the enrollment CA.
|
| Attributes |
CertificateContent[0..1]
readOnly |
-
certificateContent
-
The X.509 content of the certificate.
|
CertificateState[0..1]
readOnly |
-
certificateState
-
The current state of the certificate.
|
EnrollmentAuthority[0..1] |
-
enrollmentAuthority
-
The DN of the EnrollmentAuthority used for online enrollments.
|
AsyncActionProgress[0..1]
readOnly |
-
enrollmentProgress
-
Reports the progress of the ongoing enrollment.
|
EnrollmentServerGroup[0..1] |
-
enrollmentServerGroup
-
The DN of the EnrollmentServerGroup used for online enrollments.
|
uint16[0..1] |
-
enrollmentTimer
=
60
-
The enrollment poll timer in minutes.
If the time indicated by this timer elapses before the enrollment is finished, the enrollment fails. Used only for online enrollment.
|
ExpiryAlarmThresholdRange |
-
expiryAlarmThreshold
=
30
-
Threshold value to calculate the date of the alarm indicating the coming expiry of the certificate.
The alarm severity is raised to MINOR in case the remaining time to expiry is reduced to the one third of the configured threshold.
The alarm severity is raised to MAJOR in case the remaining time to expiry is reduced to the one tenth of the configured threshold or one week.
The alarm is cleared and a certificate not available alarm is raised when the certificate expires.
|
KeyInfo[0..1] |
-
keyInfo
-
Specifies the key type and length that is used for the next enrollment.
|
string
key
mandatory
noNotification
restricted |
-
nodeCredentialId
-
The value component of the RDN.
|
RenewalMode[0..1] |
-
renewalMode
=
MANUAL
-
The certificate renewal mode for online enrollment.
Renewals use subjectName, keyInfo and enrollmentServerGroup attributes as inputs.
If configured to AUTOMATIC, manually initiated offline and online renewals fail.
If an automatic enrollment failed alarm is present on the MO, setting this attribute to MANUAL clears the alarm.
|
ManagedObject[0..] nonUnique
noNotification
readOnly |
-
reservedByUser
-
Indicates the users of this NodeCredential MO.
The users are identified by Distinguished Names of Credential User Managed Objects.
|
string[0..1]
noNotification
restricted |
-
subjectName
-
The X.501 DN to be used in the subject field of the requested certificate.
For instance: "C=SE,O=Ericsson,CN=someserialnumber.ericsson.com"
|
string[0..1] |
-
userLabel
-
An additional descriptive text.
|