snmpTlstmCertToTSNTable OBJECT-TYPE
SYNTAX SEQUENCE OF SnmpTlstmCertToTSNEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used by a (D)TLS server to map the (D)TLS
client\s presented X.509 certificate to a tmSecurityName.
On an incoming (D)TLS/SNMP connection, the client\s presented
certificate must either be validated based on an established
trust anchor, or it must directly match a fingerprint in this
table. This table does not provide any mechanisms for
configuring the trust anchors; the transfer of any needed
trusted certificates for path validation is expected to occur
through an out-of-band transfer.
Once the certificate has been found acceptable (either by path
validation or directly matching a fingerprint in this table),
this table is consulted to determine the appropriate
tmSecurityName to identify with the remote connection. This
is done by considering each active row from this table in
prioritized order according to its snmpTlstmCertToTSNID value.
Each row\s snmpTlstmCertToTSNFingerprint value determines
whether the row is a match for the incoming connection:
1) If the row\s snmpTlstmCertToTSNFingerprint value
identifies the presented certificate, then consider the
row as a successful match.
2) If the row\s snmpTlstmCertToTSNFingerprint value
identifies a locally held copy of a trusted CA
certificate and that CA certificate was used to
validate the path to the presented certificate, then
consider the row as a successful match.
Once a matching row has been found, the
snmpTlstmCertToTSNMapType value can be used to determine how
the tmSecurityName to associate with the session should be
determined. See the snmpTlstmCertToTSNMapType column\s
DESCRIPTION for details on determining the tmSecurityName
value. If it is impossible to determine a tmSecurityName from
the row\s data combined with the data presented in the
certificate, then additional rows MUST be searched looking for
another potential match. If a resulting tmSecurityName mapped
from a given row is not compatible with the needed
requirements of a tmSecurityName (e.g., VACM imposes a
32-octet-maximum length and the certificate derived
securityName could be longer), then it must be considered an
invalid match and additional rows MUST be searched looking for
another potential match.
If no matching and valid row can be found, the connection MUST
be closed and SNMP messages MUST NOT be accepted over it.
Missing values of snmpTlstmCertToTSNID are acceptable and
implementations should continue to the next highest numbered
row. It is recommended that administrators skip index values
to leave room for the insertion of future rows (for example,
use values of 10 and 20 when creating initial rows).
Users are encouraged to make use of certificates with
subjectAltName fields that can be used as tmSecurityNames so
that a single root CA certificate can allow all child
certificate\s subjectAltName to map directly to a
tmSecurityName via a 1:1 transformation. However, this table
is flexible to allow for situations where existing deployed
certificate infrastructures do not provide adequate
subjectAltName values for use as tmSecurityNames.
Certificates may also be mapped to tmSecurityNames using the
CommonName portion of the Subject field. However, the usage
of the CommonName field is deprecated and thus this usage is
NOT RECOMMENDED. Direct mapping from each individual
certificate fingerprint to a tmSecurityName is also possible
but requires one entry in the table per tmSecurityName and
requires more management operations to completely configure a
device."
View at oid-info.com
Automatically extracted from RFC6353
Internet Assigned Numbers Authority
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 1.3.6.1.2.1.198.2.2.1.3.1 | snmpTlstmCertToTSNEntry | 6 | 6 | snmpTlstmCertToTSNEntry OBJECT-TYPE SYNTAX SnmpTlstmCertToTSNEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row … |
| OID | Name | Sub children | Sub Nodes Total | Description |
|---|---|---|---|---|
| 1.3.6.1.2.1.198.2.2.1.1 | snmpTlstmCertToTSNCount | 0 | 0 | snmpTlstmCertToTSNCount OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "A count of the number of en… |
| 1.3.6.1.2.1.198.2.2.1.2 | snmpTlstmCertToTSNTableLastChanged | 0 | 0 | snmpTlstmCertToTSNTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of s… |
| 1.3.6.1.2.1.198.2.2.1.4 | snmpTlstmParamsCount | 0 | 0 | snmpTlstmParamsCount OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "A count of the number of entri… |
| 1.3.6.1.2.1.198.2.2.1.5 | snmpTlstmParamsTableLastChanged | 0 | 0 | snmpTlstmParamsTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysU… |
| 1.3.6.1.2.1.198.2.2.1.6 | snmpTlstmParamsTable | 1 | 4 | snmpTlstmParamsTable OBJECT-TYPE SYNTAX SEQUENCE OF SnmpTlstmParamsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "… |
| 1.3.6.1.2.1.198.2.2.1.7 | snmpTlstmAddrCount | 0 | 0 | snmpTlstmAddrCount OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "A count of the number of entries… |
| 1.3.6.1.2.1.198.2.2.1.8 | snmpTlstmAddrTableLastChanged | 0 | 0 | snmpTlstmAddrTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpT… |
| 1.3.6.1.2.1.198.2.2.1.9 | snmpTlstmAddrTable | 1 | 5 | snmpTlstmAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF SnmpTlstmAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This… |