Configuring a Trustpool Policy
For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:
Configuring Cabundle URL
Configuring Cabundle URL
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"sourceUrl": "http://www.cisco.com/"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<sourceUrl>http://www.cisco.com/</sourceUrl>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
cabundle url http://www.cisco.com
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| sourceUrl | string:Basic | Configure Cabundle Source HTTP Url | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Cabundle URL
Deleting Cabundle URL
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"sourceUrl": ""
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<sourceUrl></sourceUrl>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
no cabundle url http://www.cisco.com
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| sourceUrl | string:Basic | Configure Cabundle Source HTTP Url | A sequence of characters |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring an HTTP Proxy Server Port
Configuring an HTTP Proxy Server Port
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext/trustpool.json
{
"pkiTrustPool": {
"children": [
{
"pkiHttpProxy": {
"attributes": {
"name": "HostName",
"port": "1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<proxyserver-items>
<name>HostName</name>
<port>1</port>
</proxyserver-items>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
http proxy server HostName port 1
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiTrustPool | sys/userext/pkiext/trustpool |
| pkiHttpProxy | sys/userext/pkiext/trustpool/proxyserver |
pkiHttpProxy Properties
The following table contains information about the pkiHttpProxy properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName string:Basic | The name of the object. | |
| port | pki:Port (scalar:Uint32) | HTTP Proxy Server Port | RANGE: [0 , 65535] DEFAULT: 8080 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Source Interface to Reach HTTP Server
Configuring Source Interface to Reach HTTP Server
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"srcIf": "eth1/2"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<srcIf>eth1/2</srcIf>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
source-interface ethernet 1/2
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| srcIf | nw:IfId (base:IfIndex) | Source Interface to Reach HTTP Server | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Source Interface to Reach HTTP Server
Deleting Source Interface to Reach HTTP Server
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"srcIf": "unspecified"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<srcIf>unspecified</srcIf>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
no source-interface ethernet 1/2
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| srcIf | nw:IfId (base:IfIndex) | Source Interface to Reach HTTP Server | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the VRF to be Used to Contact HTTP Server
Configuring the VRF to be Used to Contact HTTP Server
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"vrf": "SampleString_123"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<vrf>SampleString_123</vrf>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
vrf SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vrf | l3:VrfName (string:Basic) | Vrf to be Used to Contact HTTP Server | A sequence of characters DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the VRF to be Used to Contact HTTP Server
Deleting the VRF to be Used to Contact HTTP Server
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"vrf": "default"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<vrf>default</vrf>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
no vrf SampleString_123
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vrf | l3:VrfName (string:Basic) | Vrf to be Used to Contact HTTP Server | A sequence of characters DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the VRF to be Used to Contact HTTP Server (Default VRF)
Configuring the VRF to be Used to Contact HTTP Server (Default VRF)
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"vrf": "default"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<vrf>default</vrf>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
vrf default
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vrf | l3:VrfName (string:Basic) | Vrf to be Used to Contact HTTP Server | A sequence of characters DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the VRF to be Used to Contact HTTP Server (Default VRF)
Deleting the VRF to be Used to Contact HTTP Server (Default VRF)
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"vrf": "default"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<vrf>default</vrf>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
no vrf default
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vrf | l3:VrfName (string:Basic) | Vrf to be Used to Contact HTTP Server | A sequence of characters DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Management VRF
Configuring the Management VRF
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"vrf": "management"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<vrf>management</vrf>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
vrf management
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vrf | l3:VrfName (string:Basic) | Vrf to be Used to Contact HTTP Server | A sequence of characters DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Management VRF
Deleting the Management VRF
POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json
{
"pkiEp": {
"children": [
{
"pkiTrustPool": {
"attributes": {
"vrf": "default"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<pkiext-items>
<trustpool-items>
<vrf>default</vrf>
</trustpool-items>
</pkiext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(5).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
crypto ca trustpool policy
no vrf management
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| pkiEp | sys/userext/pkiext |
| pkiTrustPool | sys/userext/pkiext/trustpool |
pkiTrustPool Properties
The following table contains information about the pkiTrustPool properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| vrf | l3:VrfName (string:Basic) | Vrf to be Used to Contact HTTP Server | A sequence of characters DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: