Configuring Certificate Authority Related Information - Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference, Release 10.5(x)

For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring Local and Remote Certstore

Configuring Local and Remote Certstore

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiCertstoreLookup": {
          "attributes": {
            "type": "both"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <calookup-items>
        <type>both</type>
      </calookup-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

crypto ca lookup both

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
pkiEp	sys/userext/pkiext
pkiCertstoreLookup	sys/userext/pkiext/calookup

pkiCertstoreLookup Properties

The following table contains information about the pkiCertstoreLookup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
type	pki:CertLookupType (scalar:Enum8)	Certstore Type for Lookup	SELECTION: 2 - remote 3 - local 4 - both DEFAULT: local

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Local Certstore

Configuring Local Certstore

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiCertstoreLookup": {
          "attributes": {
            "type": "local"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <calookup-items>
        <type>local</type>
      </calookup-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

crypto ca lookup local

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiCertstoreLookup	sys/userext/pkiext/calookup

pkiCertstoreLookup Properties

Property Name	Data Type	Description	Values
type	pki:CertLookupType (scalar:Enum8)	Certstore Type for Lookup	SELECTION: 2 - remote 3 - local 4 - both DEFAULT: local

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Remote Certstore

Configuring Remote Certstore

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiCertstoreLookup": {
          "attributes": {
            "type": "remote"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <calookup-items>
        <type>remote</type>
      </calookup-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

crypto ca lookup remote

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiCertstoreLookup	sys/userext/pkiext/calookup

pkiCertstoreLookup Properties

Property Name	Data Type	Description	Values
type	pki:CertLookupType (scalar:Enum8)	Certstore Type for Lookup	SELECTION: 2 - remote 3 - local 4 - both DEFAULT: local

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Remote Certstore

Deleting Remote Certstore

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiCertstoreLookup": {
          "attributes": {
            "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <calookup-items nc:operation="delete">
      </calookup-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

no crypto ca lookup remote

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiCertstoreLookup	sys/userext/pkiext/calookup

pkiCertstoreLookup Properties

Property Name	Data Type	Description	Values
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Refresh-Time to Fetch CRL From Remote Certstore

Configuring Refresh-Time to Fetch CRL From Remote Certstore

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiRemoteCertstore": {
          "attributes": {
            "crlTimer": "1",
            "type": "1"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <remotecert-items>
        <crlTimer>1</crlTimer>
        <type>1</type>
      </remotecert-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

crypto ca remote ldap crl-refresh-time 1

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiRemoteCertstore	sys/userext/pkiext/remotecert

pkiRemoteCertstore Properties

The following table contains information about the pkiRemoteCertstore properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
crlTimer	pki:CrlRefreshTime (scalar:Uint16)	Refresh Time to Fetch Crl from Remote Certstore	RANGE: [0 , 744]
type	scalar:Uint32	The specific type of the object or component.

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Refresh-Time to Fetch CRL From Remote Certstore

Deleting Refresh-Time to Fetch CRL From Remote Certstore

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiRemoteCertstore": {
          "attributes": {
            "crlTimer": "0",
            "type": "1"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <remotecert-items>
        <crlTimer>0</crlTimer>
        <type>1</type>
      </remotecert-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

no crypto ca remote ldap crl-refresh-time 1

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiRemoteCertstore	sys/userext/pkiext/remotecert

pkiRemoteCertstore Properties

Property Name	Data Type	Description	Values
crlTimer	pki:CrlRefreshTime (scalar:Uint16)	Refresh Time to Fetch Crl from Remote Certstore	RANGE: [0 , 744]
type	scalar:Uint32	The specific type of the object or component.

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring LDAP Certstore

Configuring LDAP Certstore

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiRemoteCertstore": {
          "attributes": {
            "ldapGroupName": "SampleString_123",
            "type": "1"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <remotecert-items>
        <ldapGroupName>SampleString_123</ldapGroupName>
        <type>1</type>
      </remotecert-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

crypto ca remote ldap server-group SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiRemoteCertstore	sys/userext/pkiext/remotecert

pkiRemoteCertstore Properties

Property Name	Data Type	Description	Values
ldapGroupName	pki:ProviderGroupName (string:CharBuffer)	Ldap Server Group Containing Remote CA	MAX SIZE: 127
type	scalar:Uint32	The specific type of the object or component.

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting LDAP Certstore

Deleting LDAP Certstore

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiRemoteCertstore": {
          "attributes": {
            "ldapGroupName": "",
            "type": "1"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <remotecert-items>
        <ldapGroupName></ldapGroupName>
        <type>1</type>
      </remotecert-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

no crypto ca remote ldap server-group SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiRemoteCertstore	sys/userext/pkiext/remotecert

pkiRemoteCertstore Properties

Property Name	Data Type	Description	Values
ldapGroupName	pki:ProviderGroupName (string:CharBuffer)	Ldap Server Group Containing Remote CA	MAX SIZE: 127
type	scalar:Uint32	The specific type of the object or component.

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Trustpoint Certificate Authority

Configuring Trustpoint Certificate Authority

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiTP": {
          "attributes": {
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <tp-items>
        <TP-list>
          <name>SampleString_123</name>
        </TP-list>
      </tp-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

crypto ca trustpoint SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiTP	sys/userext/pkiext/tp-[SampleString_123]

pkiTP Properties

The following table contains information about the pkiTP properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pol:ObjName string:Basic	The name of the certificate authority (CA or trustpoint).	RANGE: Min: "1" Max: "64"

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Trustpoint Certificate Authority

Deleting Trustpoint Certificate Authority

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiTP": {
          "attributes": {
            "name": "SampleString_123",
            "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <tp-items>
        <TP-list nc:operation="delete">
          <name>SampleString_123</name>
        </TP-list>
      </tp-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

no crypto ca trustpoint SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiTP	sys/userext/pkiext/tp-[SampleString_123]

pkiTP Properties

Property Name	Data Type	Description	Values
name	pol:ObjName string:Basic	The name of the certificate authority (CA or trustpoint).	RANGE: Min: "1" Max: "64"
status	mo:ModificationStatus (scalar:Bitmask32)	Modification status	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Mapping Filter for SSH

Configuring a Mapping Filter for SSH

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiSshAuth": {
          "attributes": {
            "certIssuerName": "SampleString_123",
            "mapFilter1": "SampleString_123",
            "mapFilter2": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <sshauthcert-items>
        <SshAuth-list>
          <certIssuerName>SampleString_123</certIssuerName>
          <mapFilter1>SampleString_123</mapFilter1>
          <mapFilter2>SampleString_123</mapFilter2>
        </SshAuth-list>
      </sshauthcert-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

crypto cert ssh-authorize SampleString_123 map SampleString_123 SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiSshAuth	sys/userext/pkiext/sshauthcert-SampleString_123

pkiSshAuth Properties

The following table contains information about the pkiSshAuth properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
certIssuerName	pki:FilterName (string:CharBuffer)	Issuer Name of the Certificate	MAX SIZE: 64
mapFilter1	pki:FilterName (string:CharBuffer)	Mapping Filter to be Applied	MAX SIZE: 64
mapFilter2	pki:FilterName (string:CharBuffer)	Mapping Filter to be Applied	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Mapping Filter for SSH

Deleting a Mapping Filter for SSH

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiSshAuth": {
          "attributes": {
            "certIssuerName": "SampleString_123",
            "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <sshauthcert-items>
        <SshAuth-list nc:operation="delete">
          <certIssuerName>SampleString_123</certIssuerName>
        </SshAuth-list>
      </sshauthcert-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

no crypto cert ssh-authorize SampleString_123 map SampleString_123 SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiSshAuth	sys/userext/pkiext/sshauthcert-SampleString_123

pkiSshAuth Properties

Property Name	Data Type	Description	Values
certIssuerName	pki:FilterName (string:CharBuffer)	Issuer Name of the Certificate	MAX SIZE: 64
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Mapping Filter for SSH (Default VRF)

Configuring a Mapping Filter for SSH (Default VRF)

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiSshAuth": {
          "attributes": {
            "certIssuerName": "DEFAULT_MAP",
            "mapFilter1": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <sshauthcert-items>
        <SshAuth-list>
          <certIssuerName>DEFAULT_MAP</certIssuerName>
          <mapFilter1>SampleString_123</mapFilter1>
        </SshAuth-list>
      </sshauthcert-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

crypto cert ssh-authorize default map SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiSshAuth	sys/userext/pkiext/sshauthcert-DEFAULT_MAP

pkiSshAuth Properties

Property Name	Data Type	Description	Values
certIssuerName	pki:FilterName (string:CharBuffer)	Issuer Name of the Certificate	MAX SIZE: 64
mapFilter1	pki:FilterName (string:CharBuffer)	Mapping Filter to be Applied	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a Mapping Filter for SSH (Default VRF)

Deleting a Mapping Filter for SSH (Default VRF)

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiSshAuth": {
          "attributes": {
            "certIssuerName": "DEFAULT_MAP",
            "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <sshauthcert-items>
        <SshAuth-list nc:operation="delete">
          <certIssuerName>DEFAULT_MAP</certIssuerName>
        </SshAuth-list>
      </sshauthcert-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

no crypto cert ssh-authorize default map SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiSshAuth	sys/userext/pkiext/sshauthcert-DEFAULT_MAP

pkiSshAuth Properties

Property Name	Data Type	Description	Values
certIssuerName	pki:FilterName (string:CharBuffer)	Issuer Name of the Certificate	MAX SIZE: 64
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Certificate Map Filters

Configuring Certificate Map Filters

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiCertificateMap": {
          "attributes": {
            "name": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <certificatemap-items>
        <CertificateMap-list>
          <name>SampleString_123</name>
        </CertificateMap-list>
      </certificatemap-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

crypto certificatemap mapname SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiCertificateMap	sys/userext/pkiext/certificatemap-SampleString_123

pkiCertificateMap Properties

The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pki:FilterName (string:CharBuffer)	CertificateMap Filter Name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Certificate Map Filters

Deleting Certificate Map Filters

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiCertificateMap": {
          "attributes": {
            "name": "SampleString_123",
            "status": "deleted"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <certificatemap-items>
        <CertificateMap-list nc:operation="delete">
          <name>SampleString_123</name>
        </CertificateMap-list>
      </certificatemap-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).

CLI Commands

no crypto certificatemap mapname SampleString_123

Verifying a DME Configuration

MO	DN
pkiEp	sys/userext/pkiext
pkiCertificateMap	sys/userext/pkiext/certificatemap-SampleString_123

pkiCertificateMap Properties

Property Name	Data Type	Description	Values
name	pki:FilterName (string:CharBuffer)	CertificateMap Filter Name	MAX SIZE: 64
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html