Configuring Certificate Authority Related Information
For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:
Configuring Local and Remote Certstore
Configuring Local and Remote Certstore
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiCertstoreLookup": {
"attributes": {
"type": "both"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<calookup-items>
<type>both</type>
</calookup-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca lookup both
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiCertstoreLookup | sys/userext/pkiext/calookup |
pkiCertstoreLookup Properties
The following table contains information about the pkiCertstoreLookup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| type | pki:CertLookupType (scalar:Enum8) | Certstore Type for Lookup | SELECTION: 2 - remote 3 - local 4 - both DEFAULT: local |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Local Certstore
Configuring Local Certstore
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiCertstoreLookup": {
"attributes": {
"type": "local"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<calookup-items>
<type>local</type>
</calookup-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca lookup local
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiCertstoreLookup | sys/userext/pkiext/calookup |
pkiCertstoreLookup Properties
The following table contains information about the pkiCertstoreLookup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| type | pki:CertLookupType (scalar:Enum8) | Certstore Type for Lookup | SELECTION: 2 - remote 3 - local 4 - both DEFAULT: local |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Remote Certstore
Configuring Remote Certstore
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiCertstoreLookup": {
"attributes": {
"type": "remote"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<calookup-items>
<type>remote</type>
</calookup-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca lookup remote
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiCertstoreLookup | sys/userext/pkiext/calookup |
pkiCertstoreLookup Properties
The following table contains information about the pkiCertstoreLookup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| type | pki:CertLookupType (scalar:Enum8) | Certstore Type for Lookup | SELECTION: 2 - remote 3 - local 4 - both DEFAULT: local |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Remote Certstore
Deleting Remote Certstore
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiCertstoreLookup": {
"attributes": {
"status": "deleted"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<calookup-items nc:operation="delete">
</calookup-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no crypto ca lookup remote
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiCertstoreLookup | sys/userext/pkiext/calookup |
pkiCertstoreLookup Properties
The following table contains information about the pkiCertstoreLookup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Refresh-Time to Fetch CRL From Remote Certstore
Configuring Refresh-Time to Fetch CRL From Remote Certstore
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiRemoteCertstore": {
"attributes": {
"crlTimer": "1",
"type": "1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<remotecert-items>
<crlTimer>1</crlTimer>
<type>1</type>
</remotecert-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca remote ldap crl-refresh-time 1
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiRemoteCertstore | sys/userext/pkiext/remotecert |
pkiRemoteCertstore Properties
The following table contains information about the pkiRemoteCertstore properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| crlTimer | pki:CrlRefreshTime (scalar:Uint16) | Refresh Time to Fetch Crl from Remote Certstore | RANGE: [0 , 744] |
| type | scalar:Uint32 | The specific type of the object or component. |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Refresh-Time to Fetch CRL From Remote Certstore
Deleting Refresh-Time to Fetch CRL From Remote Certstore
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiRemoteCertstore": {
"attributes": {
"crlTimer": "0",
"type": "1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<remotecert-items>
<crlTimer>0</crlTimer>
<type>1</type>
</remotecert-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no crypto ca remote ldap crl-refresh-time 1
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiRemoteCertstore | sys/userext/pkiext/remotecert |
pkiRemoteCertstore Properties
The following table contains information about the pkiRemoteCertstore properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| crlTimer | pki:CrlRefreshTime (scalar:Uint16) | Refresh Time to Fetch Crl from Remote Certstore | RANGE: [0 , 744] |
| type | scalar:Uint32 | The specific type of the object or component. |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring LDAP Certstore
Configuring LDAP Certstore
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiRemoteCertstore": {
"attributes": {
"ldapGroupName": "SampleString_123",
"type": "1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<remotecert-items>
<ldapGroupName>SampleString_123</ldapGroupName>
<type>1</type>
</remotecert-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca remote ldap server-group SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiRemoteCertstore | sys/userext/pkiext/remotecert |
pkiRemoteCertstore Properties
The following table contains information about the pkiRemoteCertstore properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| ldapGroupName | pki:ProviderGroupName (string:CharBuffer) | Ldap Server Group Containing Remote CA | MAX SIZE: 127 |
| type | scalar:Uint32 | The specific type of the object or component. |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting LDAP Certstore
Deleting LDAP Certstore
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiRemoteCertstore": {
"attributes": {
"ldapGroupName": "",
"type": "1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<remotecert-items>
<ldapGroupName></ldapGroupName>
<type>1</type>
</remotecert-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no crypto ca remote ldap server-group SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiRemoteCertstore | sys/userext/pkiext/remotecert |
pkiRemoteCertstore Properties
The following table contains information about the pkiRemoteCertstore properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| ldapGroupName | pki:ProviderGroupName (string:CharBuffer) | Ldap Server Group Containing Remote CA | MAX SIZE: 127 |
| type | scalar:Uint32 | The specific type of the object or component. |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Trustpoint Certificate Authority
Configuring Trustpoint Certificate Authority
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTP": {
"attributes": {
"name": "SampleString_123"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<tp-items>
<TP-list>
<name>SampleString_123</name>
</TP-list>
</tp-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpoint SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTP | sys/userext/pkiext/tp-[SampleString_123] |
pkiTP Properties
The following table contains information about the pkiTP properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName string:Basic | The name of the certificate authority (CA or trustpoint). | RANGE: Min: "1" Max: "64" |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Trustpoint Certificate Authority
Deleting Trustpoint Certificate Authority
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTP": {
"attributes": {
"name": "SampleString_123",
"status": "deleted"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<tp-items>
<TP-list nc:operation="delete">
<name>SampleString_123</name>
</TP-list>
</tp-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no crypto ca trustpoint SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTP | sys/userext/pkiext/tp-[SampleString_123] |
pkiTP Properties
The following table contains information about the pkiTP properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName string:Basic | The name of the certificate authority (CA or trustpoint). | RANGE: Min: "1" Max: "64" |
| status | mo:ModificationStatus (scalar:Bitmask32) | Modification status | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a Mapping Filter for SSH
Configuring a Mapping Filter for SSH
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiSshAuth": {
"attributes": {
"certIssuerName": "SampleString_123",
"mapFilter1": "SampleString_123",
"mapFilter2": "SampleString_123"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<sshauthcert-items>
<SshAuth-list>
<certIssuerName>SampleString_123</certIssuerName>
<mapFilter1>SampleString_123</mapFilter1>
<mapFilter2>SampleString_123</mapFilter2>
</SshAuth-list>
</sshauthcert-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto cert ssh-authorize SampleString_123 map SampleString_123 SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiSshAuth | sys/userext/pkiext/sshauthcert-SampleString_123 |
pkiSshAuth Properties
The following table contains information about the pkiSshAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| certIssuerName | pki:FilterName (string:CharBuffer) | Issuer Name of the Certificate | MAX SIZE: 64 |
| mapFilter1 | pki:FilterName (string:CharBuffer) | Mapping Filter to be Applied | MAX SIZE: 64 |
| mapFilter2 | pki:FilterName (string:CharBuffer) | Mapping Filter to be Applied | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a Mapping Filter for SSH
Deleting a Mapping Filter for SSH
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiSshAuth": {
"attributes": {
"certIssuerName": "SampleString_123",
"status": "deleted"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<sshauthcert-items>
<SshAuth-list nc:operation="delete">
<certIssuerName>SampleString_123</certIssuerName>
</SshAuth-list>
</sshauthcert-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no crypto cert ssh-authorize SampleString_123 map SampleString_123 SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiSshAuth | sys/userext/pkiext/sshauthcert-SampleString_123 |
pkiSshAuth Properties
The following table contains information about the pkiSshAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| certIssuerName | pki:FilterName (string:CharBuffer) | Issuer Name of the Certificate | MAX SIZE: 64 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a Mapping Filter for SSH (Default VRF)
Configuring a Mapping Filter for SSH (Default VRF)
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiSshAuth": {
"attributes": {
"certIssuerName": "DEFAULT_MAP",
"mapFilter1": "SampleString_123"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<sshauthcert-items>
<SshAuth-list>
<certIssuerName>DEFAULT_MAP</certIssuerName>
<mapFilter1>SampleString_123</mapFilter1>
</SshAuth-list>
</sshauthcert-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto cert ssh-authorize default map SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiSshAuth | sys/userext/pkiext/sshauthcert-DEFAULT_MAP |
pkiSshAuth Properties
The following table contains information about the pkiSshAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| certIssuerName | pki:FilterName (string:CharBuffer) | Issuer Name of the Certificate | MAX SIZE: 64 |
| mapFilter1 | pki:FilterName (string:CharBuffer) | Mapping Filter to be Applied | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a Mapping Filter for SSH (Default VRF)
Deleting a Mapping Filter for SSH (Default VRF)
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiSshAuth": {
"attributes": {
"certIssuerName": "DEFAULT_MAP",
"status": "deleted"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<sshauthcert-items>
<SshAuth-list nc:operation="delete">
<certIssuerName>DEFAULT_MAP</certIssuerName>
</SshAuth-list>
</sshauthcert-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no crypto cert ssh-authorize default map SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiSshAuth | sys/userext/pkiext/sshauthcert-DEFAULT_MAP |
pkiSshAuth Properties
The following table contains information about the pkiSshAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| certIssuerName | pki:FilterName (string:CharBuffer) | Issuer Name of the Certificate | MAX SIZE: 64 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Certificate Map Filters
Configuring Certificate Map Filters
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiCertificateMap": {
"attributes": {
"name": "SampleString_123"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<certificatemap-items>
<CertificateMap-list>
<name>SampleString_123</name>
</CertificateMap-list>
</certificatemap-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto certificatemap mapname SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiCertificateMap | sys/userext/pkiext/certificatemap-SampleString_123 |
pkiCertificateMap Properties
The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pki:FilterName (string:CharBuffer) | CertificateMap Filter Name | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Certificate Map Filters
Deleting Certificate Map Filters
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiCertificateMap": {
"attributes": {
"name": "SampleString_123",
"status": "deleted"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<certificatemap-items>
<CertificateMap-list nc:operation="delete">
<name>SampleString_123</name>
</CertificateMap-list>
</certificatemap-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no crypto certificatemap mapname SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiCertificateMap | sys/userext/pkiext/certificatemap-SampleString_123 |
pkiCertificateMap Properties
The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pki:FilterName (string:CharBuffer) | CertificateMap Filter Name | MAX SIZE: 64 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: